Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-10 03:17:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
07483a5ed964b409266dc025e4b55bf2eb0f621c
charts/bitnami/sealed-secrets/templates/NOTES.txt
Juan Ariza Toledano 07483a5ed9 [bitnami/*] docs: update BSI warning on charts' notes (#35340) 
Signed-off-by: juan131 <juan.ariza@broadcom.com>
2025-07-30 13:18:50 +02:00

61 lines
2.7 KiB
Plaintext
Raw Blame History

CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
⚠ WARNING: Since August 28th, 2025, only a limited subset of images/charts are available for free.
Subscribe to Bitnami Secure Images to receive continued support and security updates.
More info at https://bitnami.com and https://github.com/bitnami/containers/issues/83267
{{ if .Values.createController -}}
** Please be patient while the chart is being deployed **
Watch the SealedSecret controller status using the command:
kubectl get deploy -w --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}
Once the controller is up and ready, you should be able to create sealed secrets.
1. Install the client-side tool (kubeseal) as explained in the docs below:
https://github.com/bitnami-labs/sealed-secrets#installation-from-source
2. Create a sealed secret file running the command below:
kubectl create secret generic secret-name --dry-run=client --from-literal=foo=bar -o yaml | \
kubeseal \
--controller-name={{ include "common.names.fullname" . }} \
--controller-namespace={{ include "common.names.namespace" . }} \
--format yaml > mysealedsecret.yaml
The file mysealedsecret.yaml is a commitable file.
If you would rather not need access to the cluster to generate the sealed secret you can run:
kubeseal \
--controller-name={{ include "common.names.fullname" . }} \
--controller-namespace={{ include "common.names.namespace" . }} \
--format yaml > mysealedsecret.yaml
to retrieve the public cert used for encryption and store it locally. You can then run 'kubeseal --cert mycert.pem' instead to use the local cert e.g.
kubectl create secret generic secret-name --dry-run=client --from-literal=foo=bar -o yaml | \
kubeseal \
--controller-name={{ include "common.names.fullname" . }} \
--controller-namespace={{ include "common.names.namespace" . }} \
--format yaml --cert mycert.pem > mysealedsecret.yaml
3. Apply the sealed secret:
kubectl create -f mysealedsecret.yaml
Running 'kubectl get secret secret-name -o yaml' will show the decrypted secret that was generated from the sealed secret.
Both the SealedSecret and generated Secret must have the same name and namespace.
{{- include "common.warnings.rollingTag" .Values.image }}
{{- end }}
{{- include "common.warnings.resources" (dict "sections" (list "") "context" $) }}
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image) "context" $) }}
{{- include "common.errors.insecureImages" (dict "images" (list .Values.image) "context" $) }}
Reference in New Issue View Git Blame Copy Permalink