popeye VS external-secrets

We also leverage tools like Kubent, popeye, kdave, and Pluto to help us manage API deprecations (when Kubernetes deprecates features in updates) and ensure the overall health of our infrastructure.

Just came across this, sounds nice: https://popeyecli.io/

The repository for the tool can be found here.

Use tool like Kube-hunter, Popeye and Kubescape for security weaknesses and misconfigurations in kubernetes clusters and visibility of security issues.

"Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations."

A similar tool is Popeye. It works on any cluster, not just clusters hosted on GKE.

https://github.com/derailed/popeye

Something I personally like about EKS is the Amazon Controllers for Kubernetes nowadays they would more preoperly be called 'operators' like the (non AWS and non AWS specific) External Secrets Operator. Essentially you delegate your cluster to create external resources elsewhere on your behalf based on annotations in your deployment.

Vault is extremely complex and heavy for my tastes, and Bitwarden Secrets Manager implementation AFAIU is not open source and not suitable for self-hosting. I like that both can be easily integrated with External Secrets for kubernetes secrets management.

Store the Secrets in a vault like Hashicorp Vault, AWS Secrets Manager, GCP Secret Manager, etc., and then use an operator like External Secrets Operator to add them to your K8s cluster.

External Secrets is an operator that integrates external KMS such as Hashicorp Vault or those of the major cloud providers. It reads secrets from the external APIs and injects them into Kubernetes secrets. The operator is a new implementation after the merge of similar projects from GoDaddy and ContainerSolutions.

I use Kubernetes-External-Secrets https://github.com/external-secrets/external-secrets with aws parameter store