External Secrets Operator Workflow

1. Create Secret in External Service:
   • Store your secret (e.g. API keys, passwords) in a supported external service, such as AWS Systems Manager Parameter Store, ensuring it’s correctly secured with the proper permissions and encryption.
2. Create ExternalSecret Object in Kubernetes:
   • Define an ExternalSecret object in your Kubernetes cluster specifying the details like the name of the external secret, the backend type, and the data keys to retrieve from the external service.
3. External Secrets Operator Generates Kubernetes Secret:
   • The External Secrets Operator will synchronize the ExternalSecret with the external service and automatically create the corresponding Kubernetes Secret in the cluster.
4. Use the Secret in Your Application:
   • Reference the generated Kubernetes Secret in your application’s deployment configurations allowing your application to access the secret values.

When using External Secrets Operator with Kubernetes, you typically do not manually create a Kubernetes Secret. Instead, the External Secrets Operator automatically generates the Kubernetes Secret based on the ExternalSecret object you define in your Kubernetes cluster.

The actual secret value is stored in an external service, like AWS Systems Manager Parameter Store, AWS Secrets Manager, Azure Key Vault, etc. So, before creating an ExternalSecret object in Kubernetes, you need to create and store your secret value in one of these supported external services, like Parameter Store, and properly configure the access permissions.

Use Cases of External Secrets Operator Using AWS and Kubernetes

You do not need to create a secret in Kubernetes before creating an ExternalSecret. The ExternalSecret object will create a Kubernetes Secret object for you.

You do need to create the ParameterStore in AWS before creating the ExternalSecret. The ExternalSecret object will use the ParameterStore to fetch the secret data.

Here is an example of the steps you would follow:

1. Create a ParameterStore in AWS.
2. Create an ExternalSecret object in Kubernetes.
3. Reference the ParameterStore in the ExternalSecret object.
4. ESO will fetch the secret data from the ParameterStore and create a Kubernetes Secret object containing the secret data.

• Author
• Recent Posts

Follow me

Rajesh Kumar

Mentor for DevOps - DevSecOps - SRE - Cloud - Container & Micorservices at Software AG

Join my following certification courses...
- DevOps Certified Professionals (DCP)
- Site Reliability Engineering Certified Professionals (SRECP)
- Master in DevOps Engineering (MDE)
- DevSecOps Certified Professionals (DSOCP)
URL - https://www.devopsschool.com/certification/

My Linkedin - https://www.linkedin.com/in/rajeshkumarin

Follow me

Latest posts by Rajesh Kumar (see all)

• What is Mobile Virtual Network Operator? - April 18, 2024
• What is Solr? - April 17, 2024
• Difference between UBUNTU and UBUNTU PRO - April 17, 2024