This is a python based webapp for using Bitnami-Sealed-Secrets in a web-gui.
This app uses the kubeseal binary of the original project: https://github.com/bitnami-labs/sealed-secrets
Currently using version 0.27.2
of the kubeseal-binary.
The docker images can be found here:
- https://hub.docker.com/repository/docker/kubesealwebgui/ui
- https://hub.docker.com/repository/docker/kubesealwebgui/api
To use this Web-Gui you have to install Bitnami-Sealed-Secrets in your cluster first!
You can use the helm chart which is included inside this repository to install kubseal-webgui.
helm repo add kubesealwebgui https://jaydee94.github.io/kubeseal-webgui/
helm repo update
# Make sure to configure all required values (with helm's --set argument) documented in our helm Chart before installing.
helm install kubesealwebgui/kubeseal-webgui --set example_required_value="foobar"
Mount the public certificate of your sealed secrets controller to /kubeseal-webgui/cert/kubeseal-cert.pem
in the container.
Please use the helm chart which is included in this repository.
When upgrading to 2.1.0
make sure that you also update the helm chart for installing kubeseal-webgui.
The application reads namespaces from current kubernetes cluster and needs to have access to list them.
If your default serviceaccount has this RBAC rule already you could disable serviceaccount.create
in the values.yaml
of the helm chart.
When upgrading to 3.0.X
you dont need to deploy a ingress route to the api. The nginx serving the ui will proxy the requests to the api.
You can use the new helm chart located inside the chart
folder to deploy the new kubseal-webgui version.
When upgrading from 4.0.X
to 4.1.X
you need to use the provided helm chart in version >=5.0.0
if you use the autofetch certificate feature.
This is because the autofetch certificate functionality is no longer executed as an initContainer.
The api container will fetch the certificate from the sealed-secrets controller on application startup.
(Login to your kubernetes cluster first)
kubeseal --fetch-cert --controller-name <your-sealed-secrets-controller> --controller-namespace <your-sealed-secrets-controller-namespace> > kubeseal-cert.pem
- Make sure you have Python 3.12 installed.
- Clone this repository and run
cd api
. python3 -m venv venv
(to create a virtual environment calledvenv
that doesn't interfere with other projects)source venv/bin/activate
(to activate the virtual environment)python -m pip install .
(to install all required packages for this project)pytest
(should run all tests successfully)
-
Running uvicorn server
MOCK_ENABLED=true poetry run uvicorn kubeseal_webgui_api.app:app --port 5000 --log-config config/logging_config.yaml
or use a container and set the environment variables there
docker build -t api -f Dockerfile.api . docker run --rm -t \ -p 5000:5000 \ -e MOCK_ENABLED=TRUE \ -e KUBESEAL_CERT=/tmp/cert.pem \ api
- Clone this repository and run
cd ui
. - You can either use
yarn
ornpm
for the following commands. yarn install
to install all dependenciesnpm install
to install all dependencies
yarn dev
to compile and start HTTP server onport 8080
with hot-reloads for developmentnpm run dev
to compile and start HTTP server onport 8080
with hot-reloads for development