File tree Expand file tree Collapse file tree 1 file changed +48
-0
lines changed Expand file tree Collapse file tree 1 file changed +48
-0
lines changed Original file line number Diff line number Diff line change @@ -126,6 +126,8 @@ Create a `kustomization.yaml` and a yaml containing an nginx deployment as well
126126
127127# ### Secrets using SOPS
128128
129+ Sops is a local tool to manage secrets : https://github.com/getsops/sops
130+
129131Installing sops :
130132
131133https://github.com/getsops/sops/releases
@@ -223,3 +225,49 @@ spec:
223225 secretRef:
224226 name: sops-gpg # Secret name
225227` ` `
228+
229+
230+ # ## Secrets using Sealed Secrets
231+
232+ Sealed secrets is an embedded secret controller for Kubernetes.
233+
234+ Deploy the helm chart :
235+ ` ` ` bash
236+
237+ flux create source helm sealed-secrets \
238+ --interval=1h \
239+ --url=https://bitnami-labs.github.io/sealed-secrets
240+ ` ` `
241+
242+ ` ` ` bash
243+
244+ flux create helmrelease sealed-secrets \
245+ --interval=1h \
246+ --release-name=sealed-secrets-controller \
247+ --target-namespace=flux-system \
248+ --source=HelmRepository/sealed-secrets \
249+ --chart=sealed-secrets \
250+ --chart-version=">=1.15.0-0" \
251+ --crds=CreateReplace
252+ ` ` `
253+
254+ Create a dummy secret :
255+
256+ ` ` ` bash
257+
258+ kubectl -n default create secret generic basic-auth \
259+ --from-literal=user=admin \
260+ --from-literal=password=change-me \
261+ --dry-run=client \
262+ -o yaml > basic-auth.yaml
263+ ` ` `
264+
265+ Seal the secret using the kubeseal tool :
266+
267+ ` ` ` bash
268+
269+ kubeseal --format=yaml --cert=pub-sealed-secrets.pem \
270+ < basic-auth.yaml > basic-auth-sealed.yaml
271+ ` ` `
272+
273+ Upload the resulting sealed file into you repo.
You can’t perform that action at this time.
0 commit comments