Sealed secrets allow us to put secrets directly into our github repository and manage deployments with flux.
The kubeseal binary is already installed as part of the bastion cloud-init
file. It looks like the
easiest way to use this is to run sealing steps on the bastion node where kubeseal has access the cluster kube-config.
This installs the cluster side application that unseals secrets.
mkidr aegaeon-cluster/sealed-secrets
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.17.3/controller.yaml
kustomization.yaml
kubectl get po -n kube-system
kubeseal --scope cluster-wide -o yaml < secret.yaml > sealed-secret.yaml
These are the possible scopes:
You can check the SEALED SECRET into the repo directly.