scaleway · nerda-codes · Dec 30, 2024 · Dec 24, 2024 · Dec 24, 2024 · Dec 30, 2024
@@ -0,0 +1,150 @@
+---
+meta:
+  title: Deploying External Secrets on Kubernetes Kapsule
+  description: Learn how to deploy External Secrets on Kubernetes Kapsule, seamlessly integrating with Scaleway Secret Manager for secure secret management.
+content:
+  h1: Deploying External Secrets on Kubernetes Kapsule
+  paragraph: Learn how to deploy External Secrets on Kubernetes Kapsule, seamlessly integrating with Scaleway Secret Manager for secure secret management.
+tags: kapsule-cluster kubernetes external-secrets secret-management
+categories:
+  - containers
+dates:
+  validation: 2024-12-24
+  posted: 2024-12-24
+---
+
+## External Secrets - Overview
+
+[External Secrets](https://external-secrets.io) is a Kubernetes operator that allows you to manage the lifecycle of your secrets from external providers.
+
+In this tutorial you will learn how to deploy External Secrets and its services on [Kubernetes Kapsule](/containers/kubernetes/concepts/#kubernetes-kapsule), the managed Kubernetes service from Scaleway.
+
+<Macro id="requirements" />
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+- An [SSH key](/identity-and-access-management/organizations-and-projects/how-to/create-ssh-key/)
+- [Created a Kapsule cluster](/containers/kubernetes/how-to/create-cluster/)
+- Configured [kubectl](/containers/kubernetes/how-to/connect-cluster-kubectl/)
+- Installed `helm`, the Kubernetes [package manager](https://helm.sh/), on your local machine (version 3.2 or latest)
+
+## Preparing the Kubernetes Kapsule cluster
+
+1. Make sure you are connected to your cluster and that `kubectl` and `helm` are installed on your local machine.
+2. Add the External Secrets repository to your Helm configuration and update it using the following commands:
+    ```
+    helm repo add external-secrets https://charts.external-secrets.io
+    helm repo update
+    ```
+
+## Deploying External Secrets
+
+Run the command below to deploy the External Secrets application in your cluster and create its associated resources.
+To automatically install and manage the CRDs as part of your Helm release, you must add the `--set installCRDs=true` flag to your Helm installation command.
+Uncomment the `--set installCRDs=true` line in the following command to do so.
+```
+helm upgrade --install external-secrets  external-secrets/external-secrets \
+    -n external-secrets \
+    --create-namespace \
+    # --set installCRDs=true
+```
+
+## Create a secret containing your Scaleway API key information
+
+Make sure you replace `ACCESSKEY` and `SECRETKEY` with your own values.
+
+```
+echo -n 'ACCESSKEY' > ./access-key
+echo -n 'SECRETKEY' > ./secret-access-key
+kubectl create secret generic scwsm-secret --from-file=./access-key --from-file=./secret-access-key
+```
+## Create your first SecretStore
+
+Define a `SecretStore` resource in Kubernetes to inform External Secrets where to fetch secrets from.
+Secret Manager is a regionalized product so you will need to specify the [region](/identity-and-access-management/secret-manager/concepts/#region) to create your secret in.
+
+1. Copy the template below and paste it in a file named `secret-store.yaml`.
+
+    ```
+    ---
+    apiVersion: external-secrets.io/v1beta1
+    kind: SecretStore
+    metadata:
+      name: secret-store
+      namespace: default
+    spec:
+      provider:
+        scaleway:
+          region: <REGION>
+          projectId: <SCALEWAY_PROJECT_ID>
+          accessKey:
+            secretRef:
+              name: scwsm-secret
+              key: access-key
+          secretKey:
+            secretRef:
+              name: scwsm-secret
+              key: secret-access-key
+    ```
+2. Apply your file to your cluster:
+
+    ```
+    kubectl apply -f secret-store.yaml
+    ```
+
+## Create your first External Secret
+
+Create an `ExternalSecret` resource to specify which secret to fetch from Secret Manager.
+1. Copy the following template and paste it in a file named `external-secret.yaml`
+
+    ```
+    ---
+    apiVersion: external-secrets.io/v1beta1
+    kind: ExternalSecret
+    metadata:
+        name: secret
+        namespace: default
+    spec:
+        refreshInterval: 20s
+        secretStoreRef:
+            kind: SecretStore
+            name: secret-store
+        target:
+            name: kubernetes-secret-to-be-created
+            creationPolicy: Owner
+        data:
+          - secretKey: password  # key in the kubernetes secret
+            remoteRef:
+              key: id:<SECRET_ID in the secret store>
+              version: latest_enabled
+    ```
+2. Apply the file to your cluster:
+    ```
+    kubectl apply -f external-secret.yaml
+    ```
+
+A secret with the name `kubernetes-secret-to-be-created` should appear in your namespace. It contains the secret pulled from Secret Manager:
+
+```
+kubectl get secret kubernetes-secret-to-be-created
+NAME                              TYPE     DATA   AGE
+kubernetes-secret-to-be-created   Opaque   1      9m14s
+```
+
+## Uninstalling
+
+Make sure you have deleted any resources created by External Secrets beforehand. You can check for any existing resources with the following command:
+
+```
+kubectl get SecretStores,ClusterSecretStores,ExternalSecrets,ClusterExternalSecret,PushSecret --all-namespaces
+```
+
+Once all these resources have been deleted you are ready to uninstall External Secrets.
+
+## Uninstalling with Helm
+
+Uninstall the External Secrets deployment using the following command.
+
+```
+helm delete external-secrets --namespace external-secrets
+```
diff --git a/menu/navigation.json b/menu/navigation.json
@@ -1865,6 +1865,9 @@
                   {
                     "label": "Using the Kapsule autoheal feature",
                     "slug": "using-kapsule-autoheal-feature"
+                  },                  {
+                    "label": "Deploying External Secrets on Kubernetes Kapsule",
+                    "slug": "external-secrets-kubernetes"
                   },
                   {
                     "label": "Wildcard DNS routing",