2 min read | by Jordi Prats
The Kubernetes External Secrets have evolved into an Operator: External Secrets Operator What does it bring to the table?
The goal of KES and the External Secrets Operator is to synchronize secrets from external APIs into Kubernetes, like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, ...
With the introduction of External Secrets Operator it gets much easier to configure where to get secrets for, and since the configuration can become namespaces Kubernetes Objects you no longer need to rely on a global configuration for the cluster
The key objects that we can use are:
And the global equivalents (not namespaced):
For the not namespaced objects you can use the namespaceSelector to select namespaces: any matching namespaces will have it applied.
To install ESO we can use it's helm chart, unlike with KES, since all the config can be pushed as Kubernetes Objects there is not much to configure.
We can add the following source:
helm repo add external-secrets https://charts.external-secrets.io
And then install External Secrets Operator as follows:
helm install external-secrets \ external-secrets/external-secrets \ -n external-secrets \ --create-namespace \ --set installCRDs=true
Posted on 05/09/2022