I want to create two Anthos cluster's in GCP one is GKE and second is EKS (AWS Kubernetes) and I want to store secret in GCP secrete manager, use those secrets in both GKE and EKS, What is good and secured way to do it ?
How can I use GCP secret manager in Anthos cluster
232 Views Asked by Aadesh kale At
1
There are 1 best solutions below
Related Questions in KUBERNETES
- How to know a Pod's own IP address from inside a container in the Pod?
- Who will decide the "specified number of pods" for replication controller in kubernetes?
- Access other containers of a pod in Kubernetes
- Kubernetes cluster using Vagrant not working after restart
- kubectl not installed with gcloud SDK
- How do I access the Kubernetes api from within a pod container?
- Exposing several services with Vagrant and Kubernetes on my own server
- Does Kubernetes provision new VMs for pods on my cloud platform?
- Any suggestion for running Aerospike on Kubernetes on CoreOS on GCE?
- Kubernetes - kubectl exec bash - session drop and line width
- Google Container Engine (GKE): "Hello Wordpress" tutorial not working (ERR_CONNECTION_REFUSED)
- Kubernetes Pod Creation Speed
- How can i set max count of pods for replication-controller per node?
- Is there a way to tell kubernetes to update your containers?
- Postgres with Kubernetes and persistentDisk
Related Questions in GOOGLE-CLOUD-PLATFORM
- Google Logging API - What service name to use when writing entries from non-Google application?
- Custom exception message from google endpoints exception
- Unable to connect database of lamp instance from servlet running on tomcat instance of google cloud
- How to launch a Jar file using Spark on hadoop
- Google Cloud Bigtable Durability/Availability Guarantees
- How do I add a startup script to an existing VM from the developer console?
- What is the difference between an Instance and an Instance group
- How do i change files using ftp in google cloud?
- How to update all machines in an instance group on Google Cloud Platform?
- Setting up freeswitch server on Google cloud compute
- Google Cloud Endpoints: verifyToken: Signature length not correct
- Google Cloud BigTable connection setup time
- How GCE HTTP Cross-Region Load Balancing implemented
- Google Cloud Bigtable compression
- Google cloud SDK code to execute via cron
Related Questions in GOOGLE-KUBERNETES-ENGINE
- Cannot access google cloud SQL from google container engine
- Cluster communication and firewalls in Google Container Engine
- Google Container Engine (GKE): "Hello Wordpress" tutorial not working (ERR_CONNECTION_REFUSED)
- Setting up continuous deployment to Google Compute Engine running Kubernetes
- Does Google Container Registry undergo issues?
- How to mount volume for docker container via yaml manifest?
- LogSeverity on aggregated logs in Google Container Engine
- How do I permanently edit cluster/saltbase/pillar/privilege.sls to allow_privledged with Google Container Engine?
- Static outgoing IP in Kubernetes
- Docker container curl to web
- enable stackdriver monitoring agent google container engine clusters on gci image
- Networking between flex environment app engine and cluster engine?
- Set vm.max_map_count on cluster nodes
- How to reduce nodes(vm) running in a Kubernetes cluster of GKE gracefully?
- Google Container Engine StatefulSets in kubernetes 1.5.1 don't seem to work
Related Questions in GOOGLE-ANTHOS
- GCP Cloud Run for Anthos - no healthy upstream
- how to enable Anthos Service Mesh to a GKE cluster via terraform
- parsing api version: yaml: line 11: did not find expected key
- How to update the hostname of the master node in an Anthos on VMWare Admin Cluster?
- Anthos Service Mesh/Istio CORS not enabled
- Anthos "Unreachable Agent - please check if GKE Connect Agent is deployed correctly."
- How do I install Anthos on an Autopilot cluster without getting autogke-csr-limitation error?
- Why am I getting gcloud.container.cluster.clusterSecondaryRange in body must be of type string: "null"
- Why am I getting "Failed to get account name from gcloud. Please authorize and re-try installation." with asmcli with service account?
- Can I use `envoyExtAuthzHttp` with Anthos for OIDC?
- gcloud - BrokerCell cloud-run-events/default is not ready
- Cloud Run on GKE Anthos - Hello world not working
- GCP Anthos (GKE) adding support for secure websockets wss://
- GCP Connecting to SQL for a Cloud Run Anthos nodejs service
- Private PaaS v/s Public PaaS v/s Self-managed Private PaaS
Related Questions in GOOGLE-ANTHOS-SERVICE-MESH
- an error occurred forwarding 3000 -> 443: error forwarding port 443 to pod
- Is it possible for GFE to use a managed certs to establish TLS with mesh ingress on GKE?
- How do I install Anthos on an Autopilot cluster without getting autogke-csr-limitation error?
- Why am I getting "Failed to get account name from gcloud. Please authorize and re-try installation." with asmcli with service account?
- Can I use `envoyExtAuthzHttp` with Anthos for OIDC?
- Is 'No Workload identity for a node level' or 'failure to load CA secret' stopping service mesh from working?
- Internal error occurred: failed calling webhook "validation.istio.io"
- Unable to call knative GCP Cloud Run service from another Kubernetes service running in the same cluster
- Host name resolution for backend service on Anthos Service Mesh with Istio ingress-gateway
- Seldon-core deployment in GKE private cluster with Anthos Service Mesh
- Services Inside GKE Cluster not Visible in Anthos Service Mesh Dashboard
- How to Enable MTLS with MultiCluster Service on GKE
- How to reduce istio-proxy's disk resource request on GKE + ASM?
- Error while registering to fleet and installing Anthos Service Mesh (Error: local-exec provisioner error)
- How can I use GCP secret manager in Anthos cluster
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
You can use Secret Store CSI Driver for this purpose, it will allow you to access the secrets stored in the Secret Manager as files mounted on the kubernetes pods.
For this first you need to have an Anthos cluster configured with workload-identity, this blog written by Harsh Manvar gives a detailed explanation on how to create an Anthos cluster with both GKE and EKS using workload-identity(OIDC). If you already have an existing cluster, follow this document for enabling workload-identity on existing cluster.
Once these prerequisites are fulfilled you need to follow these simple steps for using GCP secret manager:
Follow this documentation for more details on installation and configuration steps.