Demarco Keebler

Demarco Keebler

1625745180

Helm 3 — Secrets management, an alternative approach

There are many ways of managing secrets in Kubernetes, some ways are simpler than others but when researching this topic for my project at work I found that there are drawbacks to many of these approaches. When managing your secrets in any modern software system, one needs to think of a number of important aspects. For my project, these were the most important:

  1. **All secrets must be stored in version control. **This is a vital aspect for any Helm-based deployment, in my opinion, if any of your pipeline steps involve manual intervention, i.e. populating secrets, you effectively diminish the benefits of an automated CD pipeline.
  2. **All packaged Helm charts must be encrypted. **When publishing your charts to a chart museum for your project, it is important that no secrets are stored in the clear. This means that secrets must be encrypted before you package a chart and put it in a chartmuseum. Conversely, secrets should only be decrypted at runtime during the install/upgrade phase.
  3. **One tool to rule them all — Helm! **Another requirement for me, and this is more of a personal one, was to rely only on Helm. In the case of Helm-secrets for example; non-CNCF projects tend to end up on the scrap-heap after some time or go in a different direction. Relying on small fringe tools has come back to bite me when incompatibilities arise when core software is upgraded, leaving you in the lurch.

#helm #kubernetes #helm-chart

What is GEEK

Buddha Community

Helm 3 — Secrets management, an alternative approach
Christa Stehr

Christa Stehr

1602964260

50+ Useful Kubernetes Tools for 2020 - Part 2

Introduction

Last year, we provided a list of Kubernetes tools that proved so popular we have decided to curate another list of some useful additions for working with the platform—among which are many tools that we personally use here at Caylent. Check out the original tools list here in case you missed it.

According to a recent survey done by Stackrox, the dominance Kubernetes enjoys in the market continues to be reinforced, with 86% of respondents using it for container orchestration.

(State of Kubernetes and Container Security, 2020)

And as you can see below, more and more companies are jumping into containerization for their apps. If you’re among them, here are some tools to aid you going forward as Kubernetes continues its rapid growth.

(State of Kubernetes and Container Security, 2020)

#blog #tools #amazon elastic kubernetes service #application security #aws kms #botkube #caylent #cli #container monitoring #container orchestration tools #container security #containers #continuous delivery #continuous deployment #continuous integration #contour #developers #development #developments #draft #eksctl #firewall #gcp #github #harbor #helm #helm charts #helm-2to3 #helm-aws-secret-plugin #helm-docs #helm-operator-get-started #helm-secrets #iam #json #k-rail #k3s #k3sup #k8s #keel.sh #keycloak #kiali #kiam #klum #knative #krew #ksniff #kube #kube-prod-runtime #kube-ps1 #kube-scan #kube-state-metrics #kube2iam #kubeapps #kubebuilder #kubeconfig #kubectl #kubectl-aws-secrets #kubefwd #kubernetes #kubernetes command line tool #kubernetes configuration #kubernetes deployment #kubernetes in development #kubernetes in production #kubernetes ingress #kubernetes interfaces #kubernetes monitoring #kubernetes networking #kubernetes observability #kubernetes plugins #kubernetes secrets #kubernetes security #kubernetes security best practices #kubernetes security vendors #kubernetes service discovery #kubernetic #kubesec #kubeterminal #kubeval #kudo #kuma #microsoft azure key vault #mozilla sops #octant #octarine #open source #palo alto kubernetes security #permission-manager #pgp #rafay #rakess #rancher #rook #secrets operations #serverless function #service mesh #shell-operator #snyk #snyk container #sonobuoy #strongdm #tcpdump #tenkai #testing #tigera #tilt #vert.x #wireshark #yaml

Demarco Keebler

Demarco Keebler

1625745180

Helm 3 — Secrets management, an alternative approach

There are many ways of managing secrets in Kubernetes, some ways are simpler than others but when researching this topic for my project at work I found that there are drawbacks to many of these approaches. When managing your secrets in any modern software system, one needs to think of a number of important aspects. For my project, these were the most important:

  1. **All secrets must be stored in version control. **This is a vital aspect for any Helm-based deployment, in my opinion, if any of your pipeline steps involve manual intervention, i.e. populating secrets, you effectively diminish the benefits of an automated CD pipeline.
  2. **All packaged Helm charts must be encrypted. **When publishing your charts to a chart museum for your project, it is important that no secrets are stored in the clear. This means that secrets must be encrypted before you package a chart and put it in a chartmuseum. Conversely, secrets should only be decrypted at runtime during the install/upgrade phase.
  3. **One tool to rule them all — Helm! **Another requirement for me, and this is more of a personal one, was to rely only on Helm. In the case of Helm-secrets for example; non-CNCF projects tend to end up on the scrap-heap after some time or go in a different direction. Relying on small fringe tools has come back to bite me when incompatibilities arise when core software is upgraded, leaving you in the lurch.

#helm #kubernetes #helm-chart

Darlene Romaguera

Darlene Romaguera

1595824440

Introduction to Helm - Package Manager for Kubernetes

**Introduction to Kubernetes and Helm **

Kubernetes is one of the best platforms to deploy and manage containerized applications. But deploying such containerized applications to Kubernetes can be challenging. You have to write a detailed YAML file to deploy resources like pods, deployments, and services on Kubernetes that’s where Helm comes into the play. Helm is a package manager for Kubernetes; it’s the yum and apt of Kubernetes. It allows us to deploy resources to Kubernetes quickly. It deploys charts which are the packages of application. Helm is also an official Kubernetes project in the Cloud Native Computing Foundation (CNCF) under the category of incubating projects.

Why we need Helm?

Helm makes deployments so easy in Kubernetes, all you need to add helm charts on your Kubernetes cluster. All the Helm charts are stored in Helm repository; you can search the required application chart on Helm registry and add them to your Kubernetes cluster with ease. For example, if you want to deploy a WordPress app on your Kubernetes, you have to create Yaml manifest files for deployment and service for both app and database, which can be quite complicated. Still, by using Helm you can deploy WordPress in a few minutes on your Kube cluster. Also if you want to deploy 50 microservices on Kubernetes using manifest files it consumes a whole lot of time and also there is an exorbitant probability of errors. Still, in case of Helm, you have to remember the name of required charts, and you can deploy these as quick as Flash.

How to install Helm?

The process of installing Helm is effortless, you can install it using the binaries, or you can use package managers.

From homebrew on macOS:

brew install Helm

From Chocolatey on windows:

choco install Kubernetes-helm

From installer script:

Helm now comes with an installer script, you can fetch this script to your system, and it automatically installs the latest version of Helm in your system.

$ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3

$ chmod 700 get_helm.sh

$ ./get_helm.sh

#kubernetes #helm #helm charts #helm installation #helm overview #helm repository

Arno Bradtke

Arno Bradtke

1598032800

Helm 3 Umbrella Charts & Standalone Chart Image Tags — An Alternative Approach

Helm umbrella charts, for those who aren’t familiar, describe and encapsulate a deployable collection of loosely couple Kubernetes components as a higher-order Helm chart. In other words, a collection of software elements that each have their own individual charts but, for whatever reason (e.g. design choices, ease of deployability, versioning complexities), must be installed or upgraded as a since atomic unit.

A simple use case for an Umbrella chart could be that of a web application with a separate web-scraper component that populates a database. In this trivial example, the web application and scraper would each be described in their own Helm charts which can be individually deployed. For the purposes of the example, let’s assume that the one application would not start up without the other, and due to some legacy reason, the two cannot be released separately. This is a good use case for an umbrella chart as the umbrella chart would encapsulate both applications into a single deployable unit. Together with Helm command-line flags such as atomic, Helm will ensure that the failure of one component to install or upgrade rolls both back to their previous state.

#helm #k8s #helm-3 #kubernetes

Origin Scale

Origin Scale

1616572311

Originscale Order Management System

Originscale order management software helps to manage all your orders across channels in a single place. Originscale collects orders across multiple channels in real-time - online, offline, D2C, B2B, and more. View all your orders in one single window and process them with a simple click.

#order management system #ordering management system #order management software #free order management software #purchase order management software #best order management software