Episode 113 : Kubernetes Secrets Take 3

Week in Review

k8s 1.18.1 is out
- Here are all the blog entries you should check out for 1.18 features:
WG Resource Management has met it's goals and is closing down.
It's not too late to be involved in 1.19! Check out the shadow application form if you're interested, deadline is 4/14!
k8s Office Hours are April 15th, this next Wednesday: EU Session and West Coast US session

Migrating zookeeper into Kubernetes HN comments
Intro to Service Mesh Interface via the CNCF
The Docker-compose specification has been published
Kubevious - another k8s visualization tool
ArgoCD has been accepted to the CNCF, here's a blog on setting up multicluster gitops
Sidekick - "By attaching a tiny load balancer as a sidecar to each of the client application processes, you can eliminate the centralized loadbalancer bottleneck and DNS failover management."
Only mildly k8s related but friend of the show and k8s maintainer Ben Elder has an article on making your own open source virtual background
Article by Steve Wade on how Mettle uses gitops!

Old episodes:
- tgik.io/065
- tgik.io/066
Secret Review
- Default
- Encryption at Rest
- KMS (Envelope Encryption)
- External Provider
Today's Options
- Vault Injection
- Sealed Secrets (kind of different concern)
- csi-secret-driver

CSI Secret Driver: https://github.com/kubernetes-sigs/secrets-store-csi-driver
Go-Daddy External Secrets: Kubernetes External Secrets
Kubevault (by appscode): https://kubevault.com
Vault injector how-to: https://learn.hashicorp.com/vault/getting-started-k8s/sidecar
Hashicorp announcing the vault helm chart
Hashicorp secrets store csi driver provider vault