1. Answers
  2. Configuring Kubernetes bitnami.com SealedSecret

How do I configure a Kubernetes bitnami.com SealedSecret?

This guide demonstrates how to configure a Kubernetes SealedSecret from bitnami.com using Pulumi. SealedSecrets allow you to safely encrypt your secrets and store them in your version control system. We will create a SealedSecret resource in a Kubernetes cluster.

Steps:

  1. Import necessary Pulumi and Kubernetes packages: We need Pulumi and Kubernetes packages to interact with the Kubernetes cluster.
  2. Create a Kubernetes Secret: This is the secret that we want to encrypt.
  3. Create a SealedSecret: This will encrypt the Kubernetes Secret and ensure it is safely stored.

Below is the Pulumi program written in TypeScript to achieve this:

import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Create a Kubernetes Secret
const secret = new k8s.core.v1.Secret("my-secret", {
    metadata: {
        name: "my-secret",
        namespace: "default",
    },
    stringData: {
        "username": "admin",
        "password": "secret",
    },
});

// Create a SealedSecret using the bitnami sealed-secrets controller
const sealedSecret = new k8s.apiextensions.CustomResource("my-sealed-secret", {
    apiVersion: "bitnami.com/v1alpha1",
    kind: "SealedSecret",
    metadata: {
        name: "my-sealed-secret",
        namespace: "default",
    },
    spec: {
        encryptedData: {
            "username": "AgA...encrypted_data...",
            "password": "AgB...encrypted_data...",
        },
        template: {
            metadata: {
                name: "my-secret",
                namespace: "default",
            },
        },
    },
});

Key Points:

  • Kubernetes Secret: A standard Kubernetes Secret is created first.
  • SealedSecret: The SealedSecret resource encrypts the Kubernetes Secret using the SealedSecrets controller from bitnami.com.

Summary:

In this guide, we configured a Kubernetes SealedSecret using Pulumi. We created a Kubernetes Secret and encrypted it using the SealedSecret resource. This ensures that sensitive data is stored securely in your version control system.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up