externalsecret-operator
aad-pod-identity
externalsecret-operator | aad-pod-identity | |
---|---|---|
1 | 7 | |
184 | 570 | |
- | - | |
8.2 | 0.0 | |
almost 3 years ago | 7 months ago | |
Go | Go | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
externalsecret-operator
-
Automation assistants: GitOps tools in comparison
If you are using an external KMS in any case, then there are other options, such as the kubernetes-external-secrets operator that was originally started by GoDaddy and the externalsecret-operator from Container Solutions. If you use HashiCorp Vault, you also have the option of using the Vault Secrets operator. This works similarly to the Sealed Secrets Operator, but instead of managing its own key material, it retrieves the secrets from Vault. The CNCF Technology Radar from January 2021 provides an overview of the types of tools that are available for secrets management.
aad-pod-identity
-
Managed Identiy to Connect AKS with Azure SQL
Can someone please help me with a step by step guide to perform this. https://github.com/Azure/aad-pod-identity Blog I am referring: https://trstringer.com/connect-k8s-apps-msi/
-
Anyone in here using AAD Pod Identity?
Link to my direct issue on the GitHub site: https://github.com/Azure/aad-pod-identity/discussions/1320
-
Obtain Azure access token from a local Docker container
Q: So how am I supposed to log in to Azure so that my app can obtain tokens? A: I tell devs: For local development log in to Azure CLI with your normal user account. It has Contributor over your Dev/Test subscription and you can access secrets and configuration from their Dev/Test Key Vaults. For staging and production running in Azure (in our case Docker containers running on AKS) we use User-Assigned Managed Identity and aad-pod-identity project. This managed identity has least-privilege permissions over staging and production environments to do it's job at runtime.
-
Use Azure AD workload identity to securely access Azure services or resource from your Kubernetes cluster
The existing Azure AD Pod Identity project addresses this need. However, the Azure AD workload identity approach is simpler to use and deploy, and overcomes several limitations in Azure AD Pod Identity:
-
Implement Azure AD Workload Identity on AKS with terraform
As described on the documentation, azwi is the suggested approach from now on since Azure AD Pod Identity has been (somehow) deprecated as you can read on the github repo and on the blog post here.
- Required permissions to backup and restore database in K8s cluster to Azure Blob storage
-
Authenticating to SQL Server from a containerized service
Unfortunately, password maintenance and rotation is a chore and has to be done in both places. There are however other things that you might want to try. 1. Kerberos authentication in pure container environments. This is something you can do on any Linux environment that is connected to AD. 2. Use AAD pod identity (https://github.com/Azure/aad-pod-identity) if running from AKS, but it is still in preview.
What are some alternatives?
opencspm - Open Cloud Security Posture Management Engine
Pulumi - Pulumi - Infrastructure as Code in any programming language. Build infrastructure intuitively on any cloud using familiar languages 🚀
helm-secrets - A helm plugin that help manage secrets with Git workflow and store them anywhere
application-gateway-kubernetes-ingress - This is an ingress controller that can be run on Azure Kubernetes Service (AKS) to allow an Azure Application Gateway to act as the ingress for an AKS cluster.
DevSecOps - Ultimate DevSecOps library
aks-engine - AKS Engine: legacy tool for Kubernetes on Azure (see status)
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes
cloudpods - A cloud-native open-source unified multi-cloud and hybrid-cloud platform. 开源、云原生的多云管理及混合云融合平台
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
kots - KOTS provides the framework, tools and integrations that enable the delivery and management of 3rd-party Kubernetes applications, a.k.a. Kubernetes Off-The-Shelf (KOTS) Software.
Flux - Successor: https://github.com/fluxcd/flux2
azure-sdk-for-net - This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.