diff --git a/containers/kubernetes/api-cli/external-secrets-kubernetes.mdx b/containers/kubernetes/api-cli/external-secrets-kubernetes.mdx
new file mode 100644
index 0000000000..68de0bd1f3
--- /dev/null
+++ b/containers/kubernetes/api-cli/external-secrets-kubernetes.mdx
@@ -0,0 +1,151 @@
+---
+meta:
+ title: Deploying External Secrets on Kubernetes Kapsule
+ description: Learn how to deploy External Secrets on Kubernetes Kapsule, seamlessly integrating with Scaleway Secret Manager for secure secret management.
+content:
+ h1: Deploying External Secrets on Kubernetes Kapsule
+ paragraph: Learn how to deploy External Secrets on Kubernetes Kapsule, seamlessly integrating with Scaleway Secret Manager for secure secret management.
+tags: kapsule-cluster kubernetes external-secrets secret-management
+categories:
+ - containers
+dates:
+ validation: 2024-12-24
+ posted: 2024-12-24
+---
+
+## External Secrets - Overview
+
+[External Secrets](https://external-secrets.io) is a Kubernetes operator that allows you to manage the lifecycle of your secrets from external providers.
+
+In this tutorial you will learn how to deploy External Secrets and its services on [Kubernetes Kapsule](/containers/kubernetes/concepts/#kubernetes-kapsule), the managed Kubernetes service from Scaleway.
+
+
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+- An [SSH key](/identity-and-access-management/organizations-and-projects/how-to/create-ssh-key/)
+- [Created a Kapsule cluster](/containers/kubernetes/how-to/create-cluster/)
+- Configured [kubectl](/containers/kubernetes/how-to/connect-cluster-kubectl/)
+- Installed `helm`, the Kubernetes [package manager](https://helm.sh/), on your local machine (version 3.2 or latest)
+
+## Preparing the Kubernetes Kapsule cluster
+
+1. Make sure you are connected to your cluster and that `kubectl` and `helm` are installed on your local machine.
+2. Add the External Secrets repository to your Helm configuration and update it using the following commands:
+ ```
+ helm repo add external-secrets https://charts.external-secrets.io
+ helm repo update
+ ```
+
+## Deploying External Secrets
+
+Run the command below to deploy the External Secrets application in your cluster and create its associated resources.
+To automatically install and manage the CRDs as part of your Helm release, you must add the `--set installCRDs=true` flag to your Helm installation command.
+Uncomment the `--set installCRDs=true` line in the following command to do so.
+```
+helm upgrade --install external-secrets external-secrets/external-secrets \
+ -n external-secrets \
+ --create-namespace \
+ # --set installCRDs=true
+```
+
+## Create a secret containing your Scaleway API key information
+
+Make sure you replace `ACCESSKEY` and `SECRETKEY` with your own values.
+
+```
+echo -n 'ACCESSKEY' > ./access-key
+echo -n 'SECRETKEY' > ./secret-access-key
+kubectl create secret generic scwsm-secret --from-file=./access-key --from-file=./secret-access-key
+```
+## Create your first SecretStore
+
+Define a `SecretStore` resource in Kubernetes to inform External Secrets where to fetch secrets from.
+Secret Manager is a regionalized product, so you will need to specify the [region](/identity-and-access-management/secret-manager/concepts/#region) in which you want to create your secret.
+
+1. Copy the template below and paste it into a file named `secret-store.yaml`.
+
+ ```
+ ---
+ apiVersion: external-secrets.io/v1beta1
+ kind: SecretStore
+ metadata:
+ name: secret-store
+ namespace: default
+ spec:
+ provider:
+ scaleway:
+ region:
+ projectId:
+ accessKey:
+ secretRef:
+ name: scwsm-secret
+ key: access-key
+ secretKey:
+ secretRef:
+ name: scwsm-secret
+ key: secret-access-key
+ ```
+2. Apply your file to your cluster:
+
+ ```
+ kubectl apply -f secret-store.yaml
+ ```
+
+## Create your first External Secret
+
+Create an `ExternalSecret` resource to specify which secret to fetch from Secret Manager.
+
+1. Copy the following template and paste it into a file named `external-secret.yaml`
+
+ ```
+ ---
+ apiVersion: external-secrets.io/v1beta1
+ kind: ExternalSecret
+ metadata:
+ name: secret
+ namespace: default
+ spec:
+ refreshInterval: 20s
+ secretStoreRef:
+ kind: SecretStore
+ name: secret-store
+ target:
+ name: kubernetes-secret-to-be-created
+ creationPolicy: Owner
+ data:
+ - secretKey: password # key in the kubernetes secret
+ remoteRef:
+ key: id:
+ version: latest_enabled
+ ```
+2. Apply the file to your cluster:
+ ```
+ kubectl apply -f external-secret.yaml
+ ```
+
+A secret with the name `kubernetes-secret-to-be-created` should appear in your namespace. It contains the secret pulled from Secret Manager:
+
+```
+kubectl get secret kubernetes-secret-to-be-created
+NAME TYPE DATA AGE
+kubernetes-secret-to-be-created Opaque 1 9m14s
+```
+
+## Uninstalling
+
+Make sure you have deleted any resources created by External Secrets beforehand. You can check for any existing resources with the following command:
+
+```
+kubectl get SecretStores,ClusterSecretStores,ExternalSecrets,ClusterExternalSecret,PushSecret --all-namespaces
+```
+
+Once all these resources have been deleted you are ready to uninstall External Secrets.
+
+## Uninstalling with Helm
+
+Uninstall the External Secrets deployment using the following command.
+
+```
+helm delete external-secrets --namespace external-secrets
+```
\ No newline at end of file
diff --git a/menu/navigation.json b/menu/navigation.json
index 7c01f0218c..ce882e0fa0 100644
--- a/menu/navigation.json
+++ b/menu/navigation.json
@@ -1865,6 +1865,9 @@
{
"label": "Using the Kapsule autoheal feature",
"slug": "using-kapsule-autoheal-feature"
+ }, {
+ "label": "Deploying External Secrets on Kubernetes Kapsule",
+ "slug": "external-secrets-kubernetes"
},
{
"label": "Wildcard DNS routing",