external-secrets VS kops

Something I personally like about EKS is the Amazon Controllers for Kubernetes nowadays they would more preoperly be called 'operators' like the (non AWS and non AWS specific) External Secrets Operator. Essentially you delegate your cluster to create external resources elsewhere on your behalf based on annotations in your deployment.

Vault is extremely complex and heavy for my tastes, and Bitwarden Secrets Manager implementation AFAIU is not open source and not suitable for self-hosting. I like that both can be easily integrated with External Secrets for kubernetes secrets management.

Store the Secrets in a vault like Hashicorp Vault, AWS Secrets Manager, GCP Secret Manager, etc., and then use an operator like External Secrets Operator to add them to your K8s cluster.

External Secrets is an operator that integrates external KMS such as Hashicorp Vault or those of the major cloud providers. It reads secrets from the external APIs and injects them into Kubernetes secrets. The operator is a new implementation after the merge of similar projects from GoDaddy and ContainerSolutions.

I use Kubernetes-External-Secrets https://github.com/external-secrets/external-secrets with aws parameter store

The general problem of patching resource definitions that are not fully under your control has also been recognized for some time. This is true of default resources created and updated by cluster maintenance tools (e.g. kOps), or by public helm charts that you use to install common services and operators (e.g. nginx-ingress, cert-manager, and so on). High quality charts will allow you to override the configuration of important components such as service account references, but some simpler charts offer much less configuration.

The kops documentation is not very clear about this.

Very fast progress and great article with lots of useful information. I found myself nodding a lot having recently seen GitLab Dedicated https://docs.gitlab.com/ee/subscriptions/gitlab_dedicated/ being developed that had my similar challenges. I wonder what other people think of Kops https://kops.sigs.k8s.io/

note: I work with kube on a daily basis. All current clusters under my care use a managed backplane service though there are a number of small (3+ years-old) clusters that I still keep an eye on that were initialized using kops.

kOps with your own instances.

Companies run their own clusters (sometimes for cost reasons), using tools like kops, and kubeadm to set up their own clusters.

curl -Lo kops https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64 chmod +x kops sudo mv kops /usr/local/bin/

Kops is a cluster setup and management command line tool that deploys a Kubernetes cluster to AWS. It provides configuration abstractions such as manifest YAML files that facilitate node and components configuration. And like Ansible, it will provide dry-run capabilities and ensures idempotency of changing the nodes.