shell-operator
Shell-operator is a tool for running event-driven scripts in a Kubernetes cluster (by flant)
bank-vaults
A Vault swiss-army knife: A CLI tool to init, unseal and configure Vault (auth methods, secret engines). (by banzaicloud)
| shell-operator | bank-vaults | |
|---|---|---|
| 10 | 10 | |
| 2,481 | 0 | |
| 0.5% | - | |
| 8.6 | 0.0 | |
| 6 days ago | over 1 year ago | |
| Go | Go | |
| Apache License 2.0 | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
shell-operator
Posts with mentions or reviews of shell-operator.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-08-31.
-
How to create a watch over namespaces?
Maybe, the Shell operator is a good tool for that?
-
Is there a way to execute script after a crash?
Shell-operator to parse logs and make action after the pod crash.
-
Cert Manager - Get it to do something on renewal, such as call webhook or fire up a container
Argo workflow can trigger from k8s objects but may be a bit more than you need, shell-operator may be good enough https://github.com/flant/shell-operator for a quick win
-
Automatically create subdomains for services similar to Vercel Preview
I used https://github.com/flant/shell-operator to write a simple Kubernetes operator that automatically creates subdomains for your services by patching an existing ingress.
- Run a pod in a namespace without having access to it's secrets?
-
Best option to write a CRD today?
If you are more into lightweight and common use cases, look at metacontroller or the shell-operator.
-
How long does it take to learn go and program a K8s operator?
Believe it or not, you can write a Kubernetes operator using simple shell scripts: https://github.com/flant/shell-operator
-
LoadBalancer type service on bare-metal
You could use something like shell operator, metacontroller, or operator-sdk to run a command against your load balancer's API whenever a LoadBalancer service is created.
-
looking for a Kubernetes controller watching logs and run commands / restarting pods
https://github.com/flant/shell-operator should get you quite far but this sounds like the process should just shut itself down when that case is hit...
-
shell-operator reaches its v1.0.0 release: hooks without kubectl
shell-operator is already used in KubeSphere's ks-installer, Confluent's Kafka DevOps solution, Deckhouse Kubernetes platform, and more. All documentation is available in the project's GitHub repo — if you feel it might be interesting for your needs, give it a try! Any feedback is warmly welcome.
bank-vaults
Posts with mentions or reviews of bank-vaults.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-04-26.
-
Self-hosted Secrets Manager (or something alike)
there's https://github.com/banzaicloud/bank-vaults wich is a wrapper for hashivault, so not exactly what you're looking for but worth looking into.
-
Secrets Management on Kubernetes: How do you handle it?
https://github.com/banzaicloud/bank-vaults. Mind you after Cisco bought Banzai work on this project seems to have stopped. It works very well for us though.
-
Secrets Management with Hashicorp Vault - which integration point to use? Sidecar Injector? ESO?
We are using Banzai Bank Vaults Webhook and we’re very happy with it.
-
Project: Running a local cluster with TLS, ArgoCD GitOps, Vault and a PostgreSQL operator
If you ever want to see vault at that kind of level check out bank-vaults. Overkill for many, but it sounds like a decent fit for what you've already got in place and might reduce the boilerplate.
-
Run a pod in a namespace without having access to it's secrets?
Use vault-env (we use https://github.com/banzaicloud/bank-vaults) to inject the secret as an ENV var to the pod at runtime, based on Vault's Kubernetes auth
-
Secrets storage best practices
We use bank vault to inject secrets as environment variables. This does not require changes to the app. A sidecar is automatically added to the pod to retrieve the secrets and inject them in the app runtime. Here’s the link https://github.com/banzaicloud/bank-vaults
- How to manage passwords in Helm
- Homelab: Cluster Architecture
-
Kubernetes authentication from multiple, external clusters
I can follow up with examples if you'd like. You might like BanzaiCloud's Bank Vaults. We personally only use the Configurer component which just provides useful mechanisms to dynamically, or once off, configure Vault via data structures we supplied via ConfigMap.
-
Secrets Managers for Kubernetes (Vault (Hashi), Conjur (CyberArk), Platform Specific, etc)
Encrypted secrets can't be more than a temporary solution. That's why I'm not a fan of SOPS/Sealed Secrets/etc. I think the future for both security and usability is dynamic injection. Vault is the dopeness but I'm not a fan of the upstream Vault Injector -- shared volumes are a step backwards. It's all about the BanzaiCloud Vault Webhook -- secrets **only ever available to the running process**, rotation means: update the value in vault and bounce the pod, done. This is the way.
What are some alternatives?
When comparing shell-operator and bank-vaults you can also consider the following projects:
mysql-operator - Asynchronous MySQL Replication on Kubernetes using Percona Server and Openark's Orchestrator.
postgres-operator - Postgres operator creates and manages PostgreSQL clusters running in Kubernetes
github-actions-runner-operator - K8S operator for scheduling github actions runner pods
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes
percona-xtradb-cluster-operator - Percona Operator for MySQL based on Percona XtraDB Cluster
vault-csi-provider - HashiCorp Vault Provider for Secret Store CSI Driver