secrets-manager
kubernetes-replicator
Our great sponsors
secrets-manager | kubernetes-replicator | |
---|---|---|
1 | 3 | |
171 | 803 | |
0.0% | 3.2% | |
0.0 | 6.2 | |
about 1 year ago | 12 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
secrets-manager
-
Get config files inside pods
https://github.com/tuenti/secrets-manager https://www.vaultproject.io/
kubernetes-replicator
-
What if your Pods need to trust self-signed certificates?
I've built a small MutatingAdmissionWebhook controller [0] that handles this, via a pod annotation whose value is a secret with `ca.crt` inside, and it uses the (mostly) de facto standard openssl variables to configure the libraries, so that it works across pretty much everything I've tried it with off the shelf.
I build a bundle (though I may just move to trust-manager [1]) and replicate it into all namespaces with kubernetes-replicator [2], and then I can annotate any pod with
[0] https://github.com/microcumulus/ca-injector
[1] https://github.com/cert-manager/trust-manager
[2] https://github.com/mittwald/kubernetes-replicator
-
To anyone hosting in Kubernetes: Do you put all of your apps in one namespace (e.g., default), or one app per namespace?
Whichever way you go, I’ve successfully used this to replicate secrets: https://github.com/mittwald/kubernetes-replicator
- GitHub - mittwald/kubernetes-replicator: Kubernetes controller for synchronizing secrets & config maps across namespaces
What are some alternatives?
sops - Simple and flexible tool for managing secrets
KubernetesCRDOperator - A sample about Kubernetes controller which can work with CRD to implement Operator pattern.
secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
aws-cloud-map-mcs-controller-for-k8s - K8s controller implementing Multi-Cluster Services API based on AWS Cloud Map.
Sup3rS3cretMes5age - Simple to use, simple to deploy, one time self destruct messaging service, with hashicorp vault as a backend
kubed - 🛡️ Kubernetes Config Syncer (previously kubed) [Moved to: https://github.com/kubeops/config-syncer]
bank-vaults - A Vault swiss-army knife: A CLI tool to init, unseal and configure Vault (auth methods, secret engines).
config-syncer - 🛡️ Kubernetes Config Syncer (previously kubed)
rvault - Small tool to perform some recursive operations on Hashicorp's Vault KV
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
vault-secrets-operator - The Vault Secrets Operator (VSO) allows Pods to consume Vault secrets natively from Kubernetes Secrets.
k8tz - Kubernetes admission controller and a CLI tool to inject timezones into Pods and CronJobs