vault-secrets-operator
awesome-gitops
Our great sponsors
vault-secrets-operator | awesome-gitops | |
---|---|---|
5 | 4 | |
604 | 1,384 | |
- | 3.3% | |
7.9 | 2.7 | |
15 days ago | 5 months ago | |
Go | ||
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vault-secrets-operator
- Toyota Accidently Exposed A Secret Key Publicly On GitHub For Five Years
-
Learning with K3s at home. Is it "better" to store secrets encrypted in the git repo (e.g., sealed-secrets) or in a separately managed secret database (e.g., vault)?
For home use, I wouldn't bother with Vault unless that's really what you want to learn. Then it's worth looking into setting something up where you could use vault secrets, using one of the available options (I haven't seen the vault-secrets-operator being mentioned).
-
Hashicorp Vault integration with Secret objects
It is but it affects vault-secrets-operator too, see https://github.com/ricoberger/vault-secrets-operator/issues/104 (and no, I’ve only use vault-secrets-operator)
What you’re looking for is https://github.com/ricoberger/vault-secrets-operator
-
Automation assistants: GitOps tools in comparison
If you are using an external KMS in any case, then there are other options, such as the kubernetes-external-secrets operator that was originally started by GoDaddy and the externalsecret-operator from Container Solutions. If you use HashiCorp Vault, you also have the option of using the Vault Secrets operator. This works similarly to the Sealed Secrets Operator, but instead of managing its own key material, it retrieves the secrets from Vault. The CNCF Technology Radar from January 2021 provides an overview of the types of tools that are available for secrets management.
awesome-gitops
-
Creators of Argo CD Release New OSS Project Kargo for Next Gen Gitops
https://github.com/weaveworks/awesome-gitops but also, like, a shell script?
-
How to apply security at the source using GitOps
There are books (The Path to GitOps, GitOps and Kubernetes or GitOps Cloud-native Continuous Deployment), whitepapers, and more blog posts than we can manage to count but let us elaborate on the GitOps purpose by taking a quick look on how things evolved in the last few years.
-
Automation assistants: GitOps tools in comparison
Websites such as awesome-gitops, which was launched by Weaveworks, or gitops.tech, which was put together by INNOQ employees, provide an introductory overview of the available tools. When you take a closer look, you will see that the listed tools can be used to perform a wide variety of tasks related to implementing GitOps, and of course they also differ from one another in terms of their adoption, maturity, and how actively they are maintained. This article identifies three categories from the various use cases: Tools for Kubernetes, supplementary tools, and tools close to infrastructure. In addition, we compiled a table that summarizes the tools and their properties. The tables also contain various Git and GitHub-based metrics (current as of February 2021) that allow you to better assess their adoption, maturity, and how actively they are maintained.
-
The Decline of Heroku
huge fan of k8s. drop what you're doing & use a cross-system object-storage/"apiserver" & control-loops to automate everything; embrace desired state management & thank me latter. but, Heroku &al have a lot of value left.
there's just not that many folk trying to tame deploys on k8s via gitops. flux2 is the rage, it's all over the alpha geek's efforts[1], but it's usually used by someone carefully authoring a fairly complex Helm file, then building out a significant Flux2 HelmRelease object (ex: [2]).
there's a bunch of other tools[3], & i'm frankly not familiar enough. but this idea of having a bunch of source that can deploy itself, simply, is still extremely rare even among the alpha-geek #gitops types. i'm sure some of these tools better match the simplicity of the Heroku model, corresponding branches to environments, which makes so so much sense, but so far i feel like such attempts are still basically unknown.
heroku's really simmered it down to something that made extremely natural sense. huge props to that. too too much of this effort had to go into creating buildpacks & supporting language environments very very carefully very actively, that ability to stealth-containerize an app & not even notice is so much of the special sauce that makes this a hard, hard & eternal problem (because langauges/envs keep changing). there's still a lot of ease of use to Heroku that's potentially will be underrated and/or lost by the oncoming generations. i have high respect for how operateable Heroku is.
[1] https://github.com/k8s-at-home/awesome-home-kubernetes
[2] https://github.com/onedr0p/home-cluster/blob/main/cluster/ap...
What are some alternatives?
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes
sops - Simple and flexible tool for managing secrets
argocd-vault-plugin - An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
Flux - Successor: https://github.com/fluxcd/flux2
helm-secrets - A helm plugin that help manage secrets with Git workflow and store them anywhere
atlantis - Terraform Pull Request Automation
awesome-home-kubernetes - ⚠️ Deprecated: Awesome projects involving running Kubernetes at home
argocd-vault-replacer - An Argo CD plugin to replace placeholders in Kubernetes manifests with secrets stored in Hashicorp Vault.
spiffe-vault - Integrates Spiffe and Vault to have secretless authentication
awx - AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.