external-secrets | External Secrets Operator reads information | AWS library
kandi X-RAY | external-secrets Summary
kandi X-RAY | external-secrets Summary
The External Secrets Operator reads information from a third party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets. Multiple people and organizations are joining efforts to create a single External Secrets solution based on existing projects. If you are curious about the origins of this project, check out this issue and this PR.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of external-secrets
external-secrets Key Features
external-secrets Examples and Code Snippets
Community Discussions
Trending Discussions on external-secrets
QUESTION
ON GCP,I need to use 2 GCP project; One is for web-application, the other is for storing secrets for web-application ( which structure comes from google's repository
As written in README, I'll store secrets using GCP Secret Manager
procedure I'm planningThis project is allocated for GCP Secret Manager for secrets shared by the organization.
- prj-secret : create secrets in secrets-manager
- prj-application : read secret using kubernetes-external-secrets
in prj-application I want to use workload identity , because I don't want to use as serviceaccountkey doc saying
What I didcreate cluser with
-workload-pool=project-id.svc.id.goog
optionhelm install kubernetes-external-secrets
[skip] kubectl create namespace k8s-namespace ( because I install kubernetes-external-secrets on
default
name space)[skip] kubectl create serviceaccount --namespace k8s-namespace ksa-name ( because I use
default
serviceaccount with exist by default when creating GKE)create google-service-account with
module "workload-identity
ANSWER
Answered 2021-Feb-04 at 19:51You have an issue in your role binding I think. When you say this:
kubernetes_serviceaccount called external-secrets-kubernetes-external-secrets was already created when installing kubernetes-external-secrets with helm. and it bind k8s_sa_name &' external-secrets-kubernetes@my-project-id.iam.gserviceaccount.com, which has ["roles/secretmanager.admin","roles/secretmanager.secretAccessor"].
It's unclear.
external-secrets-kubernetes@my-project-id.iam.gserviceaccount.com,
is created on which project? I guess in prj-application, but not clear.
- I take the assumption (with the name and the link with the cluster) that the service account is created in the prj-application. you grant the role
"roles/secretmanager.admin","roles/secretmanager.secretAccessor"
on which resource?
- On the IAM page of the prj-application?
- On the IAM page of the prj-secret?
- On the secretId of the secret in the prj-secret?
If you did the 1st one, it's the wrong binding, the service account can only access to the secret of the prj-application, and not these of prj-secret.
Note, if you only need to access the secret, don't grand the admin role, only the accessor is required.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install external-secrets
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page