kubernetes-external-secrets | Integrate external secret management systems with Kubernetes | Identity Management library

 by   external-secrets JavaScript Version: 8.5.5 License: MIT

kandi X-RAY | kubernetes-external-secrets Summary

kandi X-RAY | kubernetes-external-secrets Summary

kubernetes-external-secrets is a JavaScript library typically used in Security, Identity Management applications. kubernetes-external-secrets has no bugs, it has no vulnerabilities, it has a Permissive License and it has medium support. You can download it from GitHub.

Kubernetes External Secrets allows you to use external secret management systems, like AWS Secrets Manager or HashiCorp Vault, to securely add secrets in Kubernetes. Read more about the design and motivation for Kubernetes External Secrets on the GoDaddy Engineering Blog. The community and maintainers of this project and related Kubernetes secret management projects use the #external-secrets channel on the Kubernetes slack for discussion and brainstorming.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              kubernetes-external-secrets has a medium active ecosystem.
              It has 2589 star(s) with 408 fork(s). There are 45 watchers for this library.
              OutlinedDot
              It had no major release in the last 12 months.
              There are 1 open issues and 400 have been closed. On average issues are closed in 236 days. There are no pull requests.
              It has a neutral sentiment in the developer community.
              The latest version of kubernetes-external-secrets is 8.5.5

            kandi-Quality Quality

              kubernetes-external-secrets has 0 bugs and 0 code smells.

            kandi-Security Security

              kubernetes-external-secrets has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              kubernetes-external-secrets code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              kubernetes-external-secrets is licensed under the MIT License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              kubernetes-external-secrets releases are available to install and integrate.
              Installation instructions, examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi has reviewed kubernetes-external-secrets and discovered the below as its top functions. This is intended to give you an instant insight into kubernetes-external-secrets implemented functionality, and help decide if they suit your requirements.
            • creates an array of pending pending events queue
            Get all kandi verified functions for this library.

            kubernetes-external-secrets Key Features

            No Key Features are available at this moment for kubernetes-external-secrets.

            kubernetes-external-secrets Examples and Code Snippets

            No Code Snippets are available at this moment for kubernetes-external-secrets.

            Community Discussions

            Trending Discussions on kubernetes-external-secrets

            QUESTION

            workload identity can work 2 different GCP project?
            Asked 2021-Feb-05 at 03:42

            ON GCP,I need to use 2 GCP project; One is for web-application, the other is for storing secrets for web-application ( which structure comes from google's repository

            As written in README, I'll store secrets using GCP Secret Manager

            This project is allocated for GCP Secret Manager for secrets shared by the organization.

            procedure I'm planning
            1. prj-secret : create secrets in secrets-manager
            2. prj-application : read secret using kubernetes-external-secrets

            in prj-application I want to use workload identity , because I don't want to use as serviceaccountkey doc saying

            What I did
            1. create cluser with -workload-pool=project-id.svc.id.goog option

            2. helm install kubernetes-external-secrets

            3. [skip] kubectl create namespace k8s-namespace ( because I install kubernetes-external-secrets on default name space)

            4. [skip] kubectl create serviceaccount --namespace k8s-namespace ksa-name ( because I use default serviceaccount with exist by default when creating GKE)

            5. create google-service-account with module "workload-identity

            ...

            ANSWER

            Answered 2021-Feb-04 at 19:51

            You have an issue in your role binding I think. When you say this:

            kubernetes_serviceaccount called external-secrets-kubernetes-external-secrets was already created when installing kubernetes-external-secrets with helm. and it bind k8s_sa_name &' external-secrets-kubernetes@my-project-id.iam.gserviceaccount.com, which has ["roles/secretmanager.admin","roles/secretmanager.secretAccessor"].

            It's unclear.

            1. external-secrets-kubernetes@my-project-id.iam.gserviceaccount.com, is created on which project? I guess in prj-application, but not clear.
            1. I take the assumption (with the name and the link with the cluster) that the service account is created in the prj-application. you grant the role "roles/secretmanager.admin","roles/secretmanager.secretAccessor" on which resource?
            • On the IAM page of the prj-application?
            • On the IAM page of the prj-secret?
            • On the secretId of the secret in the prj-secret?

            If you did the 1st one, it's the wrong binding, the service account can only access to the secret of the prj-application, and not these of prj-secret.

            Note, if you only need to access the secret, don't grand the admin role, only the accessor is required.

            Source https://stackoverflow.com/questions/66045160

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install kubernetes-external-secrets

            The official helm chart can be used to create the kubernetes-external-secrets resources and Deployment on a Kubernetes cluster using the Helm package manager. For more details about configuration see the helm chart docs.
            If you don't want to install helm on your cluster and just want to use kubectl to install kubernetes-external-secrets, you could get the helm client cli first and then use the following sample command to generate kubernetes manifests:. The generated kubernetes manifests will be in ./output_dir and can be applied to deploy kubernetes-external-secrets to the cluster.

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/external-secrets/kubernetes-external-secrets.git

          • CLI

            gh repo clone external-secrets/kubernetes-external-secrets

          • sshUrl

            git@github.com:external-secrets/kubernetes-external-secrets.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular Identity Management Libraries

            vault

            by hashicorp

            k9s

            by derailed

            keepassxc

            by keepassxreboot

            keycloak

            by keycloak

            uuid

            by uuidjs

            Try Top Libraries by external-secrets

            external-secrets

            by external-secretsGo

            kes-to-eso

            by external-secretsGo

            vmes

            by external-secretsGo