flux2-multi-tenancy
kubernetes-external-secrets
flux2-multi-tenancy | kubernetes-external-secrets | |
---|---|---|
4 | 26 | |
500 | 2,584 | |
0.8% | - | |
4.7 | 7.7 | |
11 days ago | over 2 years ago | |
Shell | JavaScript | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
flux2-multi-tenancy
-
How does GitOps (ArgoCD, Flux) deal with cloud resources?
You may look at multi tenant deployment of fluxcd at https://github.com/fluxcd/flux2-multi-tenancy where you can have shared infrastructure repo to bootstrap flux with terraform (if you wish) and then a repo per team to manage k8s resources.
-
Kuberentes CI/CD
Bootstrap Flux v2 to the cluster via Gitlab CI then deploy everything else using their multi tenant approach - https://github.com/fluxcd/flux2-multi-tenancy
-
Flux vs ArgoCD
We are exploring this GitOps trend at Playtomic. We have two k8s clusters running using Flux and ArgoCD. We have a multi-tenancy setup, that is, one repo for the cluster itself, one repo for every application we deploy in the cluster. Flux and ArgoCD image updaters are in place.
-
How do you manage multiple environments with GitOps?
Maybe this is helpful https://github.com/fluxcd/flux2-multi-tenancy
kubernetes-external-secrets
- aws secrets with eks ,Teffarorm & helm
-
Securing Kubernetes Secrets with HashiCorp Vault
$ helm repo add external-secrets https://external-secrets.github.io/kubernetes-external-secrets/ "external-secrets" has been added to your repositories $ helm install k8s-external-secrets external-secrets/kubernetes-external-secrets -f values.yaml NAME: k8s-external-secrets LAST DEPLOYED: Wed Mar 23 22:50:35 2022 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: The kubernetes external secrets has been installed. Check its status by running: $ kubectl --namespace default get pods -l "app.kubernetes.io/name=kubernetes-external-secrets,app.kubernetes.io/instance=k8s-external-secrets" Visit https://github.com/external-secrets/kubernetes-external-secrets for instructions on how to use kubernetes external secrets
-
SimpleSecrets: A self-hosted K8S Secrets Manager Operator
I’m reading above that you weren’t aware of sealed-secrets. So I guess that you are not familiar with ExternalSecrets secrets neither. Very solid project
- Managing json config files for apps deployed to k8s at scale
-
1Password Has Raised $620M
They probably should merge with https://github.com/external-secrets/kubernetes-external-secr...
- Recommended way of securing AWS secret key and id in K8s secrets for pulling images from AWS ECR
-
Do you have a TODO checklist when creating clusters from scratch?
I do not recommend vault if you are not experienced. It is a heavy infra to manage. I suggest looking into https://github.com/external-secrets/kubernetes-external-secrets and selecting the tool offered by your cloud providers.
-
Secrets usage
This is where things like the vault agent sidecar or projects like external secrets come in and allow you to inject / sync your secrets backend and your Kubernetes workloads :)
-
Cloud password managements
Depending on what platform you are on, you could use the AWS SDK or a tool like external-secrets (for Kubernetes).
-
Kuberentes CI/CD
We don't keep anything sensitive inside of Helm charts. We use AWS Secrets Manager and external-secrets
What are some alternatives?
flux2-kustomize-helm-example - A GitOps workflow example for multi-env deployments with Flux, Kustomize and Helm.
argocd-vault-plugin - An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
argocd-image-updater - Automatic container image update for Argo CD
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
crossplane - The Cloud Native Control Plane
vault-secrets-operator - Create Kubernetes secrets from Vault for a secure GitOps based workflow.
reliza-cli - CLI to interact with Reliza Hub
Bitwarden - Bitwarden infrastructure/backend (API, database, Docker, etc).
ko - Build and deploy Go applications
secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
gitops-catalog - Tools and technologies that are hosted on an OpenShift cluster
Reloader - A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig – [✩Star] if you're using it!