DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Last call! Secure your stack and shape the future! Help dev teams across the globe navigate their software supply chain security challenges.

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Releasing software shouldn't be stressful or risky. Learn how to leverage progressive delivery techniques to ensure safer deployments.

Avoid machine learning mistakes and boost model performance! Discover key ML patterns, anti-patterns, data strategies, and more.

Related

  • Top 4 Developer Takeaways From the 2024 Kubernetes Benchmark Report
  • Key Considerations When Implementing Virtual Kubernetes Clusters
  • Visual Network Mapping Your K8s Clusters To Assess Performance
  • Virtual Clusters: The Key to Taming Cloud Costs in the Kubernetes Era

Trending

  • How the Go Runtime Preempts Goroutines for Efficient Concurrency
  • Blue Skies Ahead: An AI Case Study on LLM Use for a Graph Theory Related Application
  • How to Practice TDD With Kotlin
  • Immutable Secrets Management: A Zero-Trust Approach to Sensitive Data in Containers
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. Securely Managing, Distributing, and Scaling Secrets Across Multiple Kubernetes Clusters

Securely Managing, Distributing, and Scaling Secrets Across Multiple Kubernetes Clusters

Fetch secrets from external secret management systems and securely distribute their content to a multitude of Kubernetes clusters.

By 
Gianluca Mardente user avatar
Gianluca Mardente
·
Aug. 16, 23 · Analysis
Likes (1)
Comment
Save
Tweet
Share
4.1K Views

Join the DZone community and get the full member experience.

Join For Free

A secret is any piece of information that you want to keep confidential, such as API keys, passwords, certificates, and SSH keys. Secret Manager systems store your secrets in a secure, encrypted format, and provide you with a simple, secure way to access them.

Here are some of the benefits of using Secret Manager:

  1. Security: Secret Manager uses strong encryption to protect your secrets. Your secrets are never stored in plaintext, and they are only accessible to authorized users.
  2. Convenience: Secret Manager makes it easy to manage your secrets. You can store, access, and rotate your secrets from anywhere.
  3. Auditability: Secret Manager provides detailed audit logs that track who accessed your secrets and when. This helps you to track down security incidents and to comply with security regulations.

External Secrets Operator

External Secrets Operator is an open-source Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM Cloud Secrets Manager, and many more. The goal of the External Secrets Operator is to synchronize secrets from external APIs into Kubernetes. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret. If the secret from the external API changes, the controller will reconcile the state in the cluster and update the secrets accordingly.

External Secrets Operator

External Secrets Operator

Distribute Secrets to a Multitude of Managed Clusters

To manage secrets across multiple Kubernetes clusters, you can deploy External Secret Operator in the management cluster and use Sveltos to distribute the secrets to managed clusters.


The integration of External Secret Operator and Sveltos provides a powerful solution for secret management. External Secret Operator fetches secrets from external APIs and creates Kubernetes secrets, while Sveltos efficiently distributes these fetched secrets to the managed clusters. In case of any changes to the secrets in the external API, External Secret Operator updates the secrets in the management cluster, and Sveltos ensures the reconciliation of state in each managed cluster where the secret was distributed.

This combined approach allows for the seamless handling of secrets in Kubernetes, fetching them securely from external systems, and distributing them effectively across a multitude of clusters, bolstering the overall security and management of the Kubernetes environment.

The combined implementation of External Secrets Operator and Sveltos streamlines secret management in Kubernetes, ensuring secure retrieval from external systems and efficient distribution across multiple clusters. This integration offers the following benefits:

  1. Centralized Management: Secrets are managed and retrieved from external systems within the management cluster, simplifying the process and reducing complexities.
  2. Enhanced Security: Secrets are encrypted and stored securely in external secret management systems, guaranteeing data confidentiality.
  3. Automated Updates: As secrets change in the external secret management systems, the External Secrets Operator automatically updates the corresponding Kubernetes Secrets in the management cluster, ensuring synchronization.
  4. Consistency Across Clusters: Sveltos maintains uniformity by consistently distributing fetched secrets to all managed clusters, creating a unified and secure approach to secret management.
  5. Scalability: The solution is designed for efficient scaling, accommodating numerous Kubernetes clusters while upholding performance and security standards.

Support This Project

If you enjoyed this article, please check out the GitHub repo for the project (linked earlier). You can also star the project if you found it helpful.

The GitHub repo is a great resource for getting started with the project. It contains the code, documentation, and examples. You can also find the latest news and updates on the project on the GitHub repo.

Thank you for reading!

API Kubernetes Open source clusters Operator (extension) security

Published at DZone with permission of Gianluca Mardente. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Top 4 Developer Takeaways From the 2024 Kubernetes Benchmark Report
  • Key Considerations When Implementing Virtual Kubernetes Clusters
  • Visual Network Mapping Your K8s Clusters To Assess Performance
  • Virtual Clusters: The Key to Taming Cloud Costs in the Kubernetes Era

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!