I'm looking for the best ways to automate the copying of secrets between different namespaces in Kubernetes. I have a specific secret that needs to be replicated, and while I'm starting to look into the Trust Manager, I'm not sure it's the right fit for me yet. I'm particularly interested in options that would automatically update the copied secrets whenever the original ones change. Any recommendations?
4 Answers
You might want to explore my own solution: the Push to K8s controller. It's primarily designed for syncing Docker Hub secrets and wildcard certs. It gets the job done for transitioning secrets!
If you're using Kyverno already, Reflector can be a good choice as it might save you from adding another tool to your stack for syncing secrets.
Check out External Secrets Operator! I just started using it and I'm really impressed. It works well with common vaults, including HashiCorp Vault and Azure Key Vault. It's addressed a lot of the issues I had with other tools regarding secret management.
That's great to hear! I had issues with updating secrets before, so it sounds like ESO might be a good option.
Have you looked into the secretgen-controller? It's quite simple but powerful. Using SecretExport and SecretImport, you can specify exactly which secrets to copy and where, which makes it efficient for multi-user clusters.
I know the creator of that tool, really smart guy behind it!
I tried Reflector with Kyverno, but had some trouble getting it set up properly. Ended up going with kube reflector instead.