This Kubernetes Operator creates a ClusterSecretStore for
External Secrets Operator, for all namespaces in every cluster managed by
the Rancher server, including the cluster local itself.
The ClusterSecretStore's are named cluster-{{ clusterName }}-{{ namespace }}.
The prefix cannot be configured currently.
In the values.yaml you need configure the namespaces that should be replicated using regex filters. The first match in cluster will be used to filter the namespaces:
namespaces:
- clusterName: local
namespaces:
- fleet-.*
- clusterName: .*
namespaces:
- defaultManaging secrets with tools like External Secrets Operator always results in a chicken and egg problem. The first secret store that needs to be configured, requires secrets himself to connect.
As I manage all my Kubernetes clusters with Rancher, my solution for this problem is, to provide my Clusters with this initial secrets from the rancher server itself using a PushSecret.
This project solves the problem of allowing managing the required secret stores manually for all the clusters.
This project is meant to be installed into a Rancher cluster, and requires
External Secrets Operator to be installed.
It is build using metacontroller, and need to have
Metacontroller installed as well.
The required dependencies of this project, are not part of the Helm Chart!
Install the helm Chart in this repository to your Rancher cluster. If you are using fleet, you can install the Helm
chart with this fleet.yaml.
defaultNamespace: external-secrets-rso
helm:
chart: git::https://github.com/Deltachaos/external-secrets-rancher-store-operator//helm/external-secrets-rancher-store-operator?ref=main
version: 0.1.0