Установка kubeseal

$ echo LATEST_VERSION=$(curl --silent "https://api.github.com/repos/bitnami-labs/sealed-secrets/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')

$ cd ~/tmp
$ wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.26.2/kubeseal-0.26.2-linux-amd64.tar.gz
$ tar -xvzf kubeseal-0.26.2-linux-amd64.tar.gz
$ sudo mv kubeseal /usr/local/bin/kubeseal
$ sudo chmod +x /usr/local/bin/kubeseal

$ kubeseal --version
kubeseal version: 0.26.2

// Установка контроллера
$ kubectl create \
-f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.26.2/controller.yaml

$ echo api_key_2a6f1d23eabc482f9032165de5a8c7 | base64

$ vi secret.yaml

// Get the public key using
$ kubeseal --fetch-cert > publickey.pem

// Encrypt the contents of the secret
$ kubeseal --format=yaml --cert=publickey.pem < secret.yaml > sealedsecret.yaml

$ rm secret.yaml
$ rm publickey.pem

$ kubectl exec -it container-id -- sh
$ echo $APIKEY
api_key_2a6f1d23eabc482f9032165de5a8c7