WeSearch

External Secrets Operator

·3 min read · 0 reactions · 0 comments · 15 views
#kubernetes#secrets#cloud
TL;DR · WeSearch summary

The External Secrets Operator enhances Kubernetes by allowing it to manage secrets from external APIs. It utilizes Custom Resources to define secret locations and synchronization methods. The operator ensures that any changes in external secrets are reflected in the Kubernetes cluster automatically.

Key facts
Original article
External-secrets
Read full at External-secrets →
Opening excerpt (first ~120 words) tap to expand

API Overview Architecture The External Secrets Operator extends Kubernetes with Custom Resources, which define where secrets live and how to synchronize them. The controller fetches secrets from an external API and creates Kubernetes secrets. If the secret from the external API changes, the controller will reconcile the state in the cluster and update the secrets accordingly. Resource model To understand the mechanics of the operator let's start with the data model. The SecretStore references a bucket of key/value pairs. But because every external API is slightly different this bucket may be e.g. an instance of an Azure KeyVault or a AWS Secrets Manager in a certain AWS Account and region. Please take a look at the provider documentation to see what the Bucket actually maps to.

Excerpt limited to ~120 words for fair-use compliance. The full article is at External-secrets.

Anonymous · no account needed
Share 𝕏 Facebook Reddit LinkedIn Threads WhatsApp Bluesky Mastodon Email

Discussion

0 comments

More from External-secrets