link icon replaced
This commit is contained in:
govardhan
@ -1,11 +1,11 @@
|
||||
Sealed Secrets on CloudFerro Cloud Kubernetes[](#sealed-secrets-on-brand-name-kubernetes "Permalink to this headline")
|
||||
Sealed Secrets on CloudFerro Cloud Kubernetes[🔗](#sealed-secrets-on-brand-name-kubernetes "Permalink to this headline")
|
||||
=======================================================================================================================
|
||||
|
||||
Sealed Secrets improve security of our Kubernetes deployments by enabling encrypted Kubernetes secrets. This allows to store such secrets in source control and follow GitOps practices of storing all configuration in code.
|
||||
|
||||
In this article we will install tools to work with Sealed Secrets and demonstrate using Sealed Secrets on CloudFerro Cloud cloud.
|
||||
|
||||
What We Are Going To Cover[](#what-we-are-going-to-cover "Permalink to this headline")
|
||||
What We Are Going To Cover[🔗](#what-we-are-going-to-cover "Permalink to this headline")
|
||||
---------------------------------------------------------------------------------------
|
||||
|
||||
> * Install the Sealed Secrets controller
|
||||
@ -14,7 +14,7 @@ What We Are Going To Cover[](#what-we-are-going-to-cover "Permalink to this h
|
||||
> * Unseal the secret
|
||||
> * Verify
|
||||
|
||||
Prerequisites[](#prerequisites "Permalink to this headline")
|
||||
Prerequisites[🔗](#prerequisites "Permalink to this headline")
|
||||
-------------------------------------------------------------
|
||||
|
||||
No. 1 **Account**
|
||||
@ -39,7 +39,7 @@ No. 4 **Access to cluster with kubectl**
|
||||
|
||||
[How To Access Kubernetes Cluster Post Deployment Using Kubectl On CloudFerro Cloud OpenStack Magnum](How-To-Access-Kubernetes-Cluster-Post-Deployment-Using-Kubectl-On-CloudFerro-Cloud-OpenStack-Magnum.html.md)
|
||||
|
||||
Step 1 Install the Sealed Secrets controller[](#step-1-install-the-sealed-secrets-controller "Permalink to this headline")
|
||||
Step 1 Install the Sealed Secrets controller[🔗](#step-1-install-the-sealed-secrets-controller "Permalink to this headline")
|
||||
---------------------------------------------------------------------------------------------------------------------------
|
||||
|
||||
In order to use Sealed Secrets we will first install the Sealed Secrets controller to our Kubernetes cluster. We can use Helm for this purpose and the first step is to download the Helm repository. To add the repo locally use the following command:
|
||||
@ -61,7 +61,7 @@ The chart downloads several resources to our cluster. The key ones are:
|
||||
> * **SealedSecret Custom Resource Definition (CRD)** - defines the template for sealed secrets that will be created on the cluster
|
||||
> * The **SealedSecrets controller pod** running in the kube-system namespace.
|
||||
|
||||
Step 2 Install the kubeseal command line utility[](#step-2-install-the-kubeseal-command-line-utility "Permalink to this headline")
|
||||
Step 2 Install the kubeseal command line utility[🔗](#step-2-install-the-kubeseal-command-line-utility "Permalink to this headline")
|
||||
-----------------------------------------------------------------------------------------------------------------------------------
|
||||
|
||||
Kubeseal CLI tool is used for encrypting secrets using the public certificate of the controller. To proceed, install **kubeseal** with the following set of commands:
|
||||
@ -85,7 +85,7 @@ which will return result similar to the following:
|
||||
|
||||
|
||||
|
||||
Step 3 Create a sealed secret[](#step-3-create-a-sealed-secret "Permalink to this headline")
|
||||
Step 3 Create a sealed secret[🔗](#step-3-create-a-sealed-secret "Permalink to this headline")
|
||||
---------------------------------------------------------------------------------------------
|
||||
|
||||
We can use Sealed Secrets to encrypt the secrets, which can be decrypted only by the controller running on the cluster.
|
||||
@ -104,7 +104,7 @@ kubectl create secret generic mysecret \
|
||||
|
||||
When we view the file we can see the contents are encrypted and safe to store in source control.
|
||||
|
||||
Step 4 Unseal the secret[](#step-4-unseal-the-secret "Permalink to this headline")
|
||||
Step 4 Unseal the secret[🔗](#step-4-unseal-the-secret "Permalink to this headline")
|
||||
-----------------------------------------------------------------------------------
|
||||
|
||||
To unseal the secret and make it available and usable in the cluster, we perform the following command:
|
||||
@ -128,7 +128,7 @@ The results can also be seen on the below screen:
|
||||
|
||||
|
||||
|
||||
Step 5 Verify[](#step-5-verify "Permalink to this headline")
|
||||
Step 5 Verify[🔗](#step-5-verify "Permalink to this headline")
|
||||
-------------------------------------------------------------
|
||||
|
||||
The generated secret can be used as a regular Kubernetes secret. To test, create a file **test-pod.yaml** with the following contents:
|
||||
@ -171,7 +171,7 @@ The command prompt will change to **#**, meaning the command you enter is execut
|
||||
|
||||
|
||||
|
||||
What To Do Next[](#what-to-do-next "Permalink to this headline")
|
||||
What To Do Next[🔗](#what-to-do-next "Permalink to this headline")
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Sealed Secrets present a viable alternative to secret management using additional tools such as HashiCorp-Vault. For additional information, see [Installing HashiCorp Vault on CloudFerro Cloud Magnum](Installing-HashiCorp-Vault-on-CloudFerro-Cloud-Magnum.html.md).
|
||||
Reference in New Issue
Block a user