search

colinwilson / comments

0 stars 0 forks source link

Secrets Management with External Secrets, Argo CD and GitOps | Colin Wilson #14

Open utterances-bot opened 1 year ago

utterances-bot commented 1 year ago

Secrets Management with External Secrets, Argo CD and GitOps | Colin Wilson

How to manage Kubernetes secrets using External Secrets and Argo CD with GitOps

https://colinwilson.uk/2022/08/22/secrets-management-with-external-secrets-argo-cd-and-gitops/

cjroebuck commented 1 year ago

Hi Colin, nice write-up.. i'm just wondering, doesn't seem like there is a way to bootstrap this declaratively as we can't store the vault-token or equivalent safely in the git repo, so we always have to have this immediate kubectl create secret... step in order to bring up every new cluster.

colinwilson commented 1 year ago

Thanks. 👍

Yep. This is an issue. I plan to cover how to solve this in a follow up post, along with alternative authentication methods... soon-ish.

mattbator commented 1 year ago

In researching different methods for securely pumping Secrets into Argo deployments this is easily among the best explained examples I've seen - kudos!

Similar to @cjroebuck, also interested to get your thoughts on fully automated deployment of a fresh cluster given the need to authenticate to your external secret store. I know ESO supports several auth methods for Vault, but it seems the only method that wouldn't require passing in some kind of token value would be with IRSA. That's a great option for those on EKS - but curious if you've come up with a more general purpose solution. Cheers!

mlopez-eb commented 11 months ago

Hi @colinwilson. Thank you for this awesome explanation of ESO. Was wondering if there was any update with that comment from @cjroebuck.

Your example really helped with my setup for EKS, but was wondering if you could do any example like this one with EKS

sachajw commented 7 months ago

HI Collin, this is genius! Thank you for taking the time to write this up. :-)

anyelmartich commented 4 months ago

Hello,

Any idea what this error means when creating the ClusterSecretStore.

error: resource mapping not found for name: "vault-backend" namespace: "argocd" from "cluster-secret-store.yaml": no matches for kind "ClusterSecretStore" in version "external-secrets.io/v1beta1" ensure CRDs are installed first

Thanks,