Our great sponsors
-
Reloader
A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig – [✩Star] if you're using it!
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Thank you for the feedback! I do want to highlight that end-to-end encryption does not necessarily imply encryption at rest. However, i do agree that the article should point out that encryption at rest in K8 is not enabled by default but can be enabled via the EncryptionConfiguration resource. When managed secrets are stored as native Kubernetes secrets, you can still define RBAC on the secret. This means that only the desired user can read the managed secret. I will make sure these pieces get added to the article. In regards to simplicity, I think it's neat that this operator takes care of both fetching and auto-reloading deployments based on secret changes. Often you will need to install something like https://github.com/stakater/Reloader for the reload to work. Lastly, for external secrets, we do have that on the roadmap, it should be coming up soon!
Related posts
- How are people managing env vars for Static Applications?
- Containers are crashing due to memory exhaustion caused by secret rotation every minute.
- True Secrets Auto Rotation with ESO and Vault
- Automating Configuration Updates in Kubernetes with Reloader
- Flux & Helm noob here - How do I pass secret values to Helm charts being handled by Flux?