Managing secrets in a GitOps workflow

Image for post
Image for post
Photo by 30daysreplay Marketingberatung on Unsplash

In this article, we will look into common ways to secure secrets in a Kubernetes application and how to manage them in a GitOps workflow based on ArgoCD with the help of Sops

Handling Secrets in your Kubernetes Application

The problem is the following: your application depends on some secrets that you need to store securely and make available to your running application.

You can address this requirement in two ways:

  1. You put these secrets in remote secret manager, for instance, Vault or AWS Secret Manager and you use the provided API or convenient tools like External Secrets
  2. You keep these secrets as vanilla Kubernetes Secret objects, you commit those in your Git repository with your code but you take care of encrypting them with for example…


Kubernetes

Also called the poor man’s Kubernetes

Image for post
Image for post
Photo by Jeff Sheldon on Unsplash

Motivation

Kubernetes clusters are not exactly cheap, can be complex to set up, and operate properly. For this reason, you may be tempted to reserve “true” online Kubernetes clusters for running your production workloads and have clusters running locally for development purposes.

In this post, we will explore different ways to easily set up a local Kubernetes cluster and the associated trade-offs that accompany them.

Local Kubernetes clusters challengers

Different solutions exist to run a Kubernetes cluster on your laptop. Let’s review a few of these.

Minikube

Minikube is the solution the Kubernetes project documentation advises you to use. It deploys a VM with a single node cluster. You pay the price of virtualization, as seen in the minimum requirements for the host machine (2 CPU, 2 Go RAM, 20 Gb…


KUBERNETES

Step by step creation and configuration of an autoscaling Kubernetes cluster

Image for post
Image for post
Photo by Theme Inn on Unsplash

Options for creating an EKS clusters are many, amongst others:

Of course, these solutions are giving you quite a bare cluster and the challenge is then to add all the tools to be production-ready.

One desirable feature is the ability for the cluster to autoscale depending on the workload. More precisely, when additional load is applied, we are looking to horizontally scale our cluster by increasing the number of nodes.

In this post, we will set up a new cluster from scratch using CDK and take a look at the Cluster Autoscaler component to fulfill this requirement.

About

Emmanuel Sys

Passionate about software and cloud architecture ☁️ I like building apps, deploying them and breaking things 🤗

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store