Reputation: 7320
Best practice for shared K8s Secrets in Helm 3?
I have a couple Charts which all need access to the same Kubernetes Secret. My initial plan was to create a Chart just for those Secrets but it seems Helm doesn't like that. I am thinking this must be a common problem and am wondering what folks generally do to solve this problem?
Thanks!
Upvotes: 1
Views: 1718
Answers (2)
Reputation: 45343
Best practice is, don't save any sensitive secrets in kubernetes clusters. kubernetes secret is encode, not encrypt.
You can reference the secret via aws ssm/secrets manager, hashicorp Vault or other similars.
Upvotes: 1
Reputation: 7745
Most charts that follow the common chart development practices allow you to use an existing secret instead of creating one for you. This way, you can create your common secrets normally (without helm), and refer to them from the charts that need them, via a reference like existingSecret config key.
Take minio helm chart for example: it accepts an existingSecret key as an alternative to passing an accessKey and a secretKey.
As you can see in the main charts repo, this is a pretty common practice.
Upvotes: 1
Related Questions
- How to secure kubernetes secrets?
- K8s, Helm Secrets and Volumes
- Combining multiple k8s secrets into an env variable
- Create multiple k8s secrets ad hoc
- How to merge a K8s Configmap to a Secret (or two secrets together)
- k8s management/handling of secrets inside container
- Use a secret to store sensitive data in helm kubernetes
- Using kubernetes secrets in a configmap
- Storing configuration and secrets
- Kubernetes multiple secrets