Twitter | Search | |
Steve Wade
Independent Kubernetes Consultant & Trainer, currently Platform Lead @ 🏦
9,736
Tweets
1,469
Following
907
Followers
Tweets
Steve Wade 2h
certmanager
Reply Retweet Like
Steve Wade 3h
Really enjoying working with thanks for the recommendation πŸ™
Reply Retweet Like
Steve Wade 13h
That makes sense and also a nice pattern actually. Thanks for the idea also you going to be at KubeCon we should do beers/whiskey πŸ₯ƒ
Reply Retweet Like
Steve Wade 13h
The issue is that you can store the secrets anywhere until you've signed them with the SS master key. So it's a chicken and egg.
Reply Retweet Like
Steve Wade Mar 20
this is a goldmine!
Reply Retweet Like
Steve Wade Mar 20
This is dope!!
Reply Retweet Like
Steve Wade Mar 19
Replying to @alexbrand
Knowledge bomb right here!
Reply Retweet Like
Steve Wade Mar 19
Replying to @mt165 @sublimino and 3 others
My point is these are potentially long lived (image pull secrets) but putting them in S3 means no versioning/history.
Reply Retweet Like
Steve Wade Mar 19
Replying to @mt165 @sublimino and 3 others
The S3 puller is working well but kind of feels clunky
Reply Retweet Like
Steve Wade Mar 19
From my understanding you can't create sealed secrets until the operator is up and running, correct? Therefore it's a two step process
Reply Retweet Like
Steve Wade Mar 19
It's certainly an interesting one but it means we lose the one command cluster stand up
Reply Retweet Like
Steve Wade Mar 19
But sealed secrets requires the operator to already be there (which we'd deploy via flux)
Reply Retweet Like
Steve Wade Mar 19
So an example is a secret for let's encrypt (containing the private key) as well as image pull secrets amongst others.
Reply Retweet Like
Steve Wade Mar 19
I'm just wondering more if the approach is valid. Pull from S3 and throw at the API server
Reply Retweet Like
Steve Wade Mar 19
This requires the operator to already be there to seal the secrets, we would also be deploying said operator using flux, but we specifically need secrets before flux starts.
Reply Retweet Like
Steve Wade Mar 19
I've used Wizzy in the past but I'm using git-sync for our monitoring stack (syncing alerts from git) so wondering if the same pattern would work for not.
Reply Retweet Like
Steve Wade Mar 19
Replying to @grafana
do you have a story/process for this?
Reply Retweet Like
Steve Wade Mar 19
I'll be drenched in whiskeys πŸ₯ƒ
Reply Retweet Like
Steve Wade Mar 18
Replying to @mindful_monk @grafana
I think we are going to try Wizzy we have it uploading to git, just need to setup staging to pull the other way
Reply Retweet Like
Steve Wade Mar 18
Replying to @mindful_monk @grafana
You can make the dashboard in Dev and then have something push to git and then sync to other environments
Reply Retweet Like