What is the best way to work with kubernetes and environment variables in containers?

Question

I am currently looking for a tool that allows me to quickly and easily control the environment variables of my containers in EKS. I find myself exploring some options like AWS Secret Manager and Hashicorp's Vault. What tools would you recommend?

Accepted Answer

This open source [External Secrets operator](https://external-secrets.io/v0.5.7/) can be leveraged to pull secrets from AWS Secrets Manager, AWS Parameter store, Hashicorp Vault and various other cloud secrets providers. This operator also supports EKS Fargate.

With AWS Secrets Manager, you can establish a private connection between your VPC and Secrets Manager by creating an [Interface VPC endpoint](https://docs.aws.amazon.com/secretsmanager/latest/userguide/vpc-endpoint-overview.html) which lets you privately access Secrets Manager APIs without an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. It is more secure as the network traffic between your VPC and Secrets Manager does not leave the AWS network.

Answer

You might want to look into  [AWS Secrets and Configuration Provider (ASCP)](https://docs.aws.amazon.com/systems-manager/latest/userguide/integrating_csi_driver.html). This approach enables secrets from Secrets Manager and parameters from Parameter Store to be mounted as files in Amazon EKS pods. The GitHub project is [here](https://github.com/aws/secrets-store-csi-driver-provider-aws).

What is the best way to work with kubernetes and environment variables in containers?

相關內容