Post
Getting around to deploying Authentik on my cluster, and I'm a bit surprised by the example values on artifacthub.
Is it common practice in Kubernetes to mount secrets as volumes so you can reference them like that?
https://artifacthub.io/packages/helm/goauthentik/authentik#advanced-values-examples
@thibaultamartin FWIW, I setup Authentik in my homelab recently and I went down the rabbit hole of trying to automate app setup using Authentik blueprints and it was awful. Very poor error reporting and they would frequently not apply, or only partially apply. I ended up switching to opentofu for automating apps based on annotations and it's been flawless.
If you mount the secret in your pod as a volume, then when the secret gets changed, so will the data presented in the volume. With env vars (and config maps), you must restart the pod to pick up the new values.
@thibaultamartin that’s what I was taught for my certification, either that or as environment variables depending on your needs. One common use for mounting as volumes would be to install certificates on the host. I think trust-manager kinda works something like that (though I may be wrong, haven’t used it).
@thibaultamartin
In short, yes. That or env vars.
@timstoop TIL, thanks!
@thibaultamartin
Let me add to that, I think secret management is not a solved issue on Kubernetes, it's either too simple (like the basic built-in Secrets you get out of the box) or way too complex (SOPS or OpenBoa). Choose wisely.
A space for Bonfire maintainers and contributors to communicate
