Установка kubeseal
Делаю:
XX.05.2023
https://github.com/bitnami-labs/sealed-secrets/releases
$ cd ~/tmp
$ wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.20.5/kubeseal-0.20.5-linux-amd64.tar.gz
$ tar -xvzf kubeseal-0.20.5-linux-amd64.tar.gz
$ sudo mv kubeseal /usr/local/bin/kubeseal
$ sudo chmod +x /usr/local/bin/kubeseal
kubeseal --version
kubeseal version: 0.20.5
Приблизительно как работать
$ echo api_key_2a6f1d23eabc482f9032165de5a8c7 | base64
$ vi secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: appsecret
type: Opaque
data:
apikey: YXBpX2tleV8yYTZmMWQyM2VhYmM0ODJmOTAzMjE2NWRlNWE4Yzc=
// Get the public key using
$ kubeseal --fetch-cert > publickey.pem
// Encrypt the contents of the secret
$ kubeseal --format=yaml --cert=publickey.pem < secret.yaml > sealedsecret.yaml
$ rm secret.yaml
$ rm publickey.pem
$ kubectl exec -it container-id -- sh
$ echo $APIKEY
api_key_2a6f1d23eabc482f9032165de5a8c7