Kubernetes

Go to GitHub

DSV has two Kubernetes plugins to retrieve secrets.

• Kubernetes sidecar

  The Kubernetes sidecar uses a sidecar for each pod in a cluster, and they all communicate with a single broker pod running in the cluster that caches secrets. Refer to Kubernetes Architecture.

• Kubernetes webhook

  This plugin uses mutating webhooks, and injects the secrets into the cluster’s secret data store (etcd) so they can be used globally.

Selecting a Kubernetes plugin

The mutating webhook is the most supported option. It is the most flexible for a large deployment.

If you are already using etcd for secrets, the webhook can be incorporated easily. If however you'd like more granular access, the sidecar keeps secrets inside each pod.