Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider merging with similar projects #46

Closed
riccardomc opened this issue Oct 22, 2020 · 3 comments
Closed

Consider merging with similar projects #46

riccardomc opened this issue Oct 22, 2020 · 3 comments

Comments

@riccardomc
Copy link

riccardomc commented Oct 22, 2020
edited
Loading

Hello! I am the original maintainer of a very similar project, now maintained by my colleagues. I would like to bring to your attention an attempt to a coordinated effort that aims at bringing together all similar projects:

external-secrets/kubernetes-external-secrets#47

The main idea is to have a common, standardized CRD for secrets in order to make switching from one project to the other easy and eventually converge to a single solution.

I appreciate there is value in having multiple solutions for the same problem, but the community could also benefit from a coordinated effort in this space.

Keep up the good work!
@knelasevero
Copy link

Common CRD being discussed here 😃 :
external-secrets/kubernetes-external-secrets#477

@yanivpaz
Copy link

yanivpaz commented Oct 23, 2020
edited
Loading

Does kubernetes-external-secrets support IRSA ? ( IAM role for service account )

there is also a great solution from Cyberark -
its lately presented by @jodyhuntatx - you can see this here
which leverage init container pattern rather than Operator.

as far as I understand in kubernetes-external-secrets and kube-secret-syncer you :

  1. create the secret directly in aws secret manager
  2. secret will be created automatically by the operator

@yannh
Copy link
Collaborator

yannh commented Oct 28, 2020

Hello there 👋 First - work on kube-secret-syncer started last year, so a few of the solutions present nowadays didn't exist at the time! We were aware though of several existing solutions when we decided to start this one. All tools we looked at would have required considerable changes to implement the features we needed - and because we would not have direct access to the upstream repository, it would have required a lot of good will, time & collaboration from the upstream maintainers, which would have been a risky bet. I appreciate though that the plethora of solutions make it more difficult to pick a good one.

This project does seem interesting: https://github.com/kubernetes-sigs/secrets-store-csi-driver - I would recommend keeping an eye on it.

As with other Kubernetes components (CNIs being a good example) - I would expect a number of solutions to compete until one ends up being better for most use-cases and win the users hearts :)

Thank you for pointing out the other projects! I (personnally) will keep an eye on the common CRD effort, might participate, but I don't believe we have the manpower to contribute much to this at the moment, so I will be closing this ticket. Maybe we'll revisit in the future 👍

@yannh yannh closed this as completed Oct 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@yannh @knelasevero @riccardomc @yanivpaz