Discussion
Loading...

Post

  • About
  • Code of conduct
  • Privacy
  • Users
  • Instances
  • About Bonfire
Thib
@thibaultamartin@mamot.fr  ·  activity timestamp 2 weeks ago

Getting around to deploying Authentik on my cluster, and I'm a bit surprised by the example values on artifacthub.

Is it common practice in Kubernetes to mount secrets as volumes so you can reference them like that?

https://artifacthub.io/packages/helm/goauthentik/authentik#advanced-values-examples

#homelab #kubernetes #authentik

  • Copy link
  • Flag this post
  • Block
Clayton O'Neill
@clayton_oneill@mastodon.cloud replied  ·  activity timestamp last week

@thibaultamartin FWIW, I setup Authentik in my homelab recently and I went down the rabbit hole of trying to automate app setup using Authentik blueprints and it was awful. Very poor error reporting and they would frequently not apply, or only partially apply. I ended up switching to opentofu for automating apps based on annotations and it's been flawless.

  • Copy link
  • Flag this comment
  • Block
Man aging with style
@praxiscode@mastodon.online replied  ·  activity timestamp 2 weeks ago

If you mount the secret in your pod as a volume, then when the secret gets changed, so will the data presented in the volume. With env vars (and config maps), you must restart the pod to pick up the new values.

@thibaultamartin

  • Copy link
  • Flag this comment
  • Block
Alex
@o_O@mastodon.nu replied  ·  activity timestamp 2 weeks ago

@thibaultamartin that’s what I was taught for my certification, either that or as environment variables depending on your needs. One common use for mounting as volumes would be to install certificates on the host. I think trust-manager kinda works something like that (though I may be wrong, haven’t used it).

  • Copy link
  • Flag this comment
  • Block
Thib
@thibaultamartin@mamot.fr replied  ·  activity timestamp 2 weeks ago

@o_O thanks!

  • Copy link
  • Flag this comment
  • Block
Tim Stoop :kubernetes:
@timstoop@fosstodon.org replied  ·  activity timestamp 2 weeks ago

@thibaultamartin
In short, yes. That or env vars.

  • Copy link
  • Flag this comment
  • Block
Thib
@thibaultamartin@mamot.fr replied  ·  activity timestamp 2 weeks ago

@timstoop TIL, thanks!

  • Copy link
  • Flag this comment
  • Block
Tim Stoop :kubernetes:
@timstoop@fosstodon.org replied  ·  activity timestamp 2 weeks ago

@thibaultamartin
Let me add to that, I think secret management is not a solved issue on Kubernetes, it's either too simple (like the basic built-in Secrets you get out of the box) or way too complex (SOPS or OpenBoa). Choose wisely.

  • Copy link
  • Flag this comment
  • Block
Log in

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances
Bonfire social · 1.0.0-rc.3.1 no JS en
Automatic federation enabled
  • Explore
  • About
  • Members
  • Code of Conduct
Home
Login