-
Notifications
You must be signed in to change notification settings - Fork 404
Maintenance of Kubernetes External Secrets #423
Comments
This is something I wrote a while back but didn't get to post before. There's been some suggestions to build community which might help regarding maintenance like trying to start a slack community (#388) or so. |
@Flydiverny there are a few of us who would love to rewrite this in golang so that all 3 points of the triangle use the same language. |
@dirtycajunrice A Go rewrite could definitely be interesting, and probably valuable to get more contributions from kubernetes community in general. I did a test converting it to typescript (in a fork flydiverny-stuff#1) to allow for some better code standard. (minimal effort conversion from js). Personally I'm a Go newbie so not sure how much help I could be in that work 😄 But I'm up for learning |
@Flydiverny My coworker has solo started on it out of interest of a few things and it is living here https://github.com/itscontained/secret-manager |
@dirtycajunrice we're trying to standardize the CRD spec in #47 (comment) - please take a look if you have time, maybe you have some input on it. |
@moolen Replied there :) |
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days. |
This issue was closed because it has been stalled for 30 days with no activity. |
There's now a slack #external-secrets in the kubernetes slack workspace!
KES usage is slowly growing larger and large and with the growing list of contributed backends the list of challenges also increase. With more and more backends which require more and more various services for validation and testing which we currently don't have at our disposal.
I'd say we are also currently somewhat lacking on the maintainer side. I for one don't have that much time to put in, but try to pitch in some time every now and then. Maintainers from godaddy seems to go up and down, while not that much lately.
We discussed a little if there are better ways to maintain the project, for example can we refactor the architecture to allow backends to be provided in a more plug- and play fashion by the consumer?
One example of this would be running the KES operator with just the core mechanics (ie reading ExternalSecrets and calling the right backend) and having backend implementations provided by other containers, perhaps run as sidecars providing an API to fetch secret data for a given key or separate deployments. This way backends could be maintained or provided by other people than the KES core.
Challenges:
I'd like to hear if there's any smart suggestions out there 🙃
The text was updated successfully, but these errors were encountered: