tanka
kubernetes-external-secrets
Our great sponsors
tanka | kubernetes-external-secrets | |
---|---|---|
25 | 26 | |
2,234 | 2,584 | |
3.2% | - | |
8.4 | 7.7 | |
7 days ago | almost 2 years ago | |
Go | JavaScript | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tanka
-
Why the fuck are we templating YAML? (2019)
I would recommend implementing a similar API to Grafana Tanka: https://tanka.dev
When you "synthesise", the returned value should be an array or an object.
1. If it's an object, check if it has an `apiVersion` and `kind` key. If it does, yield that as a kubernetes object and do not recurse.
-
What Is Wrong with TOML?
Maybe you'd like jsonnet: https://jsonnet.org/
I find it particularly useful for configurations that often have repeated boilerplate, like ansible playbooks or deploying a bunch of "similar-but" services to kubernetes (with https://tanka.dev).
Dhall is also quite interesting, with some tradeoffs: https://dhall-lang.org/
A few years ago I did a small comparison by re-implementing one of my simpler ansible playbooks: https://github.com/retzkek/ansible-dhall-jsonnet
-
Show HN: Keep – GitHub Actions for your monitoring tools
- validation is often impractical (at least identifying exactly where the error is… I’m looking at you Helm!)
Unrelated to OP, but you can leverage Tanka to extend helm charts with functionality not provided by upstream.
https://tanka.dev/
-
Alternatives to Helm?
Although jsonette might be considered more complex Tanka is a great alternative for k8s config management.
- Helm makes it overly complex, or is it just me?
-
The YAML Document from Hell
At Grafana Labs we're using jsonnet at scale, while being a powerful functional language it is also excellent for rendering JSON/YAML config. We have developed Tanka[0] to work with Kubernetes, for other purposes I can recommend this course[1] (authored by me).
[0] https://tanka.dev/
[1] https://jsonnet-libs.github.io/jsonnet-training-course/
-
Should i migrate from Kustomize to Helm?
If you're hitting the limits of Kustomize, maybe look at Tanka as well.
-
Is it possible to wrap Kustomize yaml with jinja2?
Yes, try Tanka.
-
Using Docker – Compose in Development and Production
yes. basically. and this is a path that multiple people are trying to solve. e.g. AWS CDK8s, https://tanka.dev/, etc
Compose would be awesome.
-
Google Kubernetes clusters config checker tool
http://tanka.dev
(Note I work for Grafana Labs who fund Tanka and use it for all production config)
kubernetes-external-secrets
- aws secrets with eks ,Teffarorm & helm
-
Securing Kubernetes Secrets with HashiCorp Vault
$ helm repo add external-secrets https://external-secrets.github.io/kubernetes-external-secrets/ "external-secrets" has been added to your repositories $ helm install k8s-external-secrets external-secrets/kubernetes-external-secrets -f values.yaml NAME: k8s-external-secrets LAST DEPLOYED: Wed Mar 23 22:50:35 2022 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: The kubernetes external secrets has been installed. Check its status by running: $ kubectl --namespace default get pods -l "app.kubernetes.io/name=kubernetes-external-secrets,app.kubernetes.io/instance=k8s-external-secrets" Visit https://github.com/external-secrets/kubernetes-external-secrets for instructions on how to use kubernetes external secrets
-
SimpleSecrets: A self-hosted K8S Secrets Manager Operator
I’m reading above that you weren’t aware of sealed-secrets. So I guess that you are not familiar with ExternalSecrets secrets neither. Very solid project
- Managing json config files for apps deployed to k8s at scale
-
1Password Has Raised $620M
They probably should merge with https://github.com/external-secrets/kubernetes-external-secr...
- Recommended way of securing AWS secret key and id in K8s secrets for pulling images from AWS ECR
-
Do you have a TODO checklist when creating clusters from scratch?
I do not recommend vault if you are not experienced. It is a heavy infra to manage. I suggest looking into https://github.com/external-secrets/kubernetes-external-secrets and selecting the tool offered by your cloud providers.
-
Secrets usage
This is where things like the vault agent sidecar or projects like external secrets come in and allow you to inject / sync your secrets backend and your Kubernetes workloads :)
-
Cloud password managements
Depending on what platform you are on, you could use the AWS SDK or a tool like external-secrets (for Kubernetes).
-
Kuberentes CI/CD
We don't keep anything sensitive inside of Helm charts. We use AWS Secrets Manager and external-secrets
What are some alternatives?
helm-charts - Prometheus community Helm charts
argocd-vault-plugin - An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
kustomize - Customization of kubernetes YAML configurations
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
kapitan - Generic templated configuration management for Kubernetes, Terraform and other things
vault-secrets-operator - Create Kubernetes secrets from Vault for a secure GitOps based workflow.
ytt - YAML templating tool that works on YAML structure instead of text
Bitwarden - The core infrastructure backend (API, database, Docker, etc).
kpt - Automate Kubernetes Configuration Editing
secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
Pulumi - Pulumi - Infrastructure as Code in any programming language. Build infrastructure intuitively on any cloud using familiar languages 🚀
Reloader - A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig – [✩Star] if you're using it!