helm-charts
bank-vaults
Our great sponsors
helm-charts | bank-vaults | |
---|---|---|
6 | 10 | |
596 | 0 | |
1.3% | - | |
5.0 | 0.0 | |
14 days ago | 8 months ago | |
Mustache | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
helm-charts
-
Connecting OpenSearch to Keycloak
Before we can authenticate OpenSearch against Keycloak, we'll need to install Keycloak. The following Ansible snippet demonstrates how to deploy Keycloak onto a Kubernetes cluster using the codecentric helm chart.
-
sso at home?
HA Keycloak on top of Kubernetes https://github.com/codecentric/helm-charts/tree/master/charts/keycloak I dropped the chart db in favor of https://github.com/zalando/postgres-operator
-
Keycloak behind nginx ingress in k8s. Wrong redirect.
Yeah this error suggests that the ingress is not correctly configured to forward the given information. Maybe take a look at some keycloak helm chart e.g. https://github.com/codecentric/helm-charts/blob/master/charts/keycloak/templates/ingress.yaml
-
Homelab: Cluster Architecture
Having experienced the issue of identity management in past projects (I've literally published 5 web apps which became some iteration of user-profile applications), I found Keycloak to be of particular use when it comes to managing users and federating accounts. Keycloak is an open-sourced enterprise service which manages identity, authentication, authorization, and account federation which is part of the JBoss project and backed by RedHat. Since I wanted to use the Keycloak helm chart the Keycloak service runs using a Postgres backend.
-
Auth0 Down
Yeah, it's not the easiest thing in the world to get up and running but not quite as hard as it might seem at first look. If you are already using k8s then you can use https://github.com/codecentric/helm-charts/tree/master/chart... to deploy Keycloak fairly easily. If you're not using k8s then it is probably more of an undertaking.
-
Keycloak + Istio Gateway - letting Istio do TLS
https://github.com/codecentric/helm-charts/tree/master/charts/keycloak#running-keycloak-behind-a-reverse-proxy
bank-vaults
-
Self-hosted Secrets Manager (or something alike)
there's https://github.com/banzaicloud/bank-vaults wich is a wrapper for hashivault, so not exactly what you're looking for but worth looking into.
-
Secrets Management on Kubernetes: How do you handle it?
https://github.com/banzaicloud/bank-vaults. Mind you after Cisco bought Banzai work on this project seems to have stopped. It works very well for us though.
-
Secrets Management with Hashicorp Vault - which integration point to use? Sidecar Injector? ESO?
We are using Banzai Bank Vaults Webhook and we’re very happy with it.
-
Project: Running a local cluster with TLS, ArgoCD GitOps, Vault and a PostgreSQL operator
If you ever want to see vault at that kind of level check out bank-vaults. Overkill for many, but it sounds like a decent fit for what you've already got in place and might reduce the boilerplate.
-
Run a pod in a namespace without having access to it's secrets?
Use vault-env (we use https://github.com/banzaicloud/bank-vaults) to inject the secret as an ENV var to the pod at runtime, based on Vault's Kubernetes auth
-
Secrets storage best practices
We use bank vault to inject secrets as environment variables. This does not require changes to the app. A sidecar is automatically added to the pod to retrieve the secrets and inject them in the app runtime. Here’s the link https://github.com/banzaicloud/bank-vaults
- How to manage passwords in Helm
- Homelab: Cluster Architecture
-
Kubernetes authentication from multiple, external clusters
I can follow up with examples if you'd like. You might like BanzaiCloud's Bank Vaults. We personally only use the Configurer component which just provides useful mechanisms to dynamically, or once off, configure Vault via data structures we supplied via ConfigMap.
-
Secrets Managers for Kubernetes (Vault (Hashi), Conjur (CyberArk), Platform Specific, etc)
Encrypted secrets can't be more than a temporary solution. That's why I'm not a fan of SOPS/Sealed Secrets/etc. I think the future for both security and usability is dynamic injection. Vault is the dopeness but I'm not a fan of the upstream Vault Injector -- shared volumes are a step backwards. It's all about the BanzaiCloud Vault Webhook -- secrets **only ever available to the running process**, rotation means: update the value in vault and bounce the pod, done. This is the way.
What are some alternatives?
charts - Bitnami Helm Charts
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes
postgres-operator - Postgres operator creates and manages PostgreSQL clusters running in Kubernetes
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
vault-csi-provider - HashiCorp Vault Provider for Secret Store CSI Driver
keycloak-theme-sample - Sample Keycloak Theme
secrets-store-csi-driver-provider-azure - Azure Key Vault provider for Secret Store CSI driver allows you to get secret contents stored in Azure Key Vault instance and use the Secret Store CSI driver interface to mount them into Kubernetes pods.
helm-nifi - Helm Chart for Apache Nifi
postgres-operator - Production PostgreSQL for Kubernetes, from high availability Postgres clusters to full-scale database-as-a-service.
k3s-home-cluster - Sets up a Kubernetes cluster using Ansible