kube-secrets-operator

The Kubernetes Secrets Operator is designed to assist in generating secrets for Kubernetes environments, particularly those driven by GitOps methodologies and seeking reusable Kubernetes resources, like those used with FluxCD.

This tool offers a middle ground for teams that consider an entire Key Management System (KMS) and Secret Management setup to be overly complicated or expensive for the given environment. It acts as an solution between SealedSecrets (manual work required) and cloud-based KMS services (process overhead), such as Vault, making it well-suited for testing purposes, CI/CD operations, and temporary setups.

Alternative Solutions

There are other alternatives available, such as mittwald/kubernetes-secret-generator. While these are viable options, we encountered a specific requirement where Secret values needed to be embedded within a configuration file that also need to be a Secret.

Deployment

---
apiVersion: source.toolkit.fluxcd.io/v1
kind: OCIRepository
metadata:
  name: kube-secrets-operator-crds
  namespace: kube-system
spec:
  interval: 160m
  url: oci://ghcr.io/containerinfra/charts/kube-secrets-operator-crds
  ref:
    semver: ">= 0.0.0"
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: kube-secrets-operator-crds
  namespace: kube-system
spec:
  chartRef:
    kind: OCIRepository
    name: kube-secrets-operator-crds
    namespace: kube-system
  interval: 1h
  values: {}
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: OCIRepository
metadata:
  name: kube-secrets-operator
  namespace: kube-system
spec:
  interval: 160m
  url: oci://ghcr.io/containerinfra/charts/kube-secrets-operator
  ref:
    semver: ">= 0.0.0"
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: kube-secrets-operator
  namespace: kube-system
spec:
  chartRef:
    kind: OCIRepository
    name: kube-secrets-operator
    namespace: kube-system
  interval: 1h
  install:
    crds: Skip
  values:
    enableServiceMonitor: false
    replicaCount: 1
    affinity:
      nodeAffinity:
          # prefer scheduling on control-plane machines
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 1
              preference:
                matchExpressions:
                  - key: node-role.kubernetes.io/control-plane
                    operator: Exists
    nodeSelector:
      kubernetes.io/os: linux
    tolerations:
      - key: node-role.kubernetes.io/control-plane
        effect: NoSchedule

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
.github		.github
api/v1		api/v1
chart		chart
cmd		cmd
config		config
controllers		controllers
hack		hack
pkg		pkg
.dockerignore		.dockerignore
.gitignore		.gitignore
.goreleaser.yml		.goreleaser.yml
.reviewdog.yml		.reviewdog.yml
Dockerfile		Dockerfile
Dockerfile.goreleaser		Dockerfile.goreleaser
Makefile		Makefile
PROJECT		PROJECT
README.md		README.md
cr.yaml		cr.yaml
go.mod		go.mod
go.sum		go.sum
renovate.json		renovate.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

kube-secrets-operator

Alternative Solutions

Deployment

About

Uh oh!

Releases 3

Packages

Uh oh!

Contributors 2

Uh oh!

Languages

containerinfra/kube-secrets-operator

Folders and files

Latest commit

History

Repository files navigation

kube-secrets-operator

Alternative Solutions

Deployment

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases 3

Packages 0

Uh oh!

Contributors 2

Uh oh!

Languages

Packages