kubeseal-web

command module

v0.0.0-...-358a829 Latest Latest Go to latest Published: Nov 9, 2023 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mrsaints/kubeseal-web

Links

Open Source Insights

README ¶

kubeseal-web

🔐 Yet another web UI for protecting Kubernetes secrets with Sealed Secrets.

This is still under development. It works, but use at your own risk.

Kubeseal Web UI

Why do I need this?

You want to provide developers with an easy way to seal secrets without installing kubectl and/or having access to the Kubernetes cluster
You do not want developers to be able to unseal / decrypt the sealed secrets (essentially write-only)
You want a simple solution that does not involve a lot of moving parts, and lots of manual set-up

(3), the web UI was built using lightweight libraries (Tailwind CSS, and Alpine.js), and may run as a single binary / deployment.

WARNING: the web UI is NOT protected by any authN out-of-the-box. Though having it publicly accessible does not pose any significant risk, it is highly recommended to limit its access to a trusted network and/or trusted identities to mitigate any potential for abuse (i.e. bring-your-own-auth).

Deployment

The recommended way of installing kubeseal-web in your Kubernetes cluster is through creating your own "kustomization" file which references the Kustomize base manifests:

# kustomization.yml
resources:
  - github.com/MrSaints/kubeseal-web/k8s/kustomize/base?ref=master

Recommendations

You may require the standalone kustomize binary instead of kubectl apply -k / kubectl kustomize as this project utilises some relatively new features.

It is recommended to pin any use of remote resources. See https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md for more information. It is also recommended to check your "kustomization" file into Git.

See k8s/kustomize/example for an example on how you can extend, and customise the Kustomize base manifests (e.g. pinning the Docker image).

Configuration

There are two environment variables which you should set:

KSWEB_SEALED_SECRETS_CONTROLLER_NAMESPACE: Namespace of the sealed secrets controller (e.g. kube-system)
KSWEB_SEALED_SECRETS_CONTROLLER_NAME: Name of sealed secrets controller (e.g. sealed-secrets)

They both correspond to the Sealed Secrets deployment in your Kubernetes cluster. The web app will test for kubeseal access, and it will fail to start if these environment variables are not configured correctly!

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
kubeseal

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL