Minikube¶
A installation guide for Operator Lifecycle Manager, Sealed Secrets Operator (Helm), Sealed Secrets and kubeseal command line interface in Minikube.
Note
You have to be in the cluster-admin ClusterRole to install all prerequisites, the operator and Sealed Secrets.
Prerequisites¶
Operator Lifecycle Manager¶
The Operator Lifecycle Manager (OLM) extends Kubernetes to provide a declarative way to install, manage, and upgrade Kubernetes native applications (Operators) and their dependencies in a cluster, in an effective, automated and scalable way.
kubectl apply -f \
https://github.com/operator-framework/operator-lifecycle-manager/releases/download/0.14.1/crds.yaml
kubectl apply -f \
https://github.com/operator-framework/operator-lifecycle-manager/releases/download/0.14.1/olm.yaml
kubectl rollout status -w deployment/olm-operator -n olm
kubectl rollout status -w deployment/catalog-operator -n olm
kubectl rollout status -w deployment/packageserver -n olm
Operator Installation¶
It’s possible to install the operator using the Operator Lifecycle Manager or manually.
Note
The operator manages a single namespace installation of Sealed Secrets. Therefore you have to install the operator and Sealed Secrets in the same namespace. For simplicity we recommend creating a namespace sealed-secrets.
Operator Lifecycle Manager¶
This installation method installs the operator using an OLM Catalog.
kubectl apply -f guides/k8s/olm/namespace.yaml
kubectl apply -f guides/k8s/olm/catalog-source.yaml
kubectl apply -f guides/k8s/olm/operator-group.yaml
kubectl apply -f guides/k8s/olm/subscription.yaml
kubectl rollout status -w deployment/sealed-secrets-operator-helm -n sealed-secrets
Manual¶
You can install the operator from local sources without having to install an OLM Catalog. This can be helpful if your cluster runs in an isolated environment with no direct internet access.
Note
No channel subscription and automatic operator updates available with this method.
kubectl apply -f guides/k8s/manual/namespace.yaml
kubectl apply -f guides/k8s/manual/service-account.yaml
kubectl apply -f guides/k8s/manual/role.yaml
kubectl apply -f guides/k8s/manual/role-binding.yaml
kubectl apply -f guides/k8s/manual/crd.yaml
kubectl apply -f guides/k8s/manual/deployment.yaml
kubectl rollout status -w deployment/sealed-secrets-operator-helm -n sealed-secrets
Sealed Secrets Installation¶
Install Sealed Secrets server components and kubeseal command line interface.
Sealed Secrets¶
Note
This operator shares all configuration values from the Sealed Secrets Helm Chart.
kubectl apply -f examples/k8s.yaml -n sealed-secrets
kubectl get SealedSecretControllers sealed-secret-controller -n sealed-secrets
kubectl rollout status -w deployment/sealed-secret-controller-sealed-secrets -n sealed-secrets
Cleanup¶
Ants are very clean species too!
Sealed Secrets installation¶
The uninstallation process will remove the Sealed Secrets installation (CR) but NOT the CRD’s. You have to remove them manually:
kubectl delete SealedSecretController sealed-secret-controller -n sealed-secrets
kubectl delete crd sealedsecrets.bitnami.com
Operator Lifecycle Manager installation¶
kubectl delete -f guides/k8s/olm/subscription.yaml
kubectl delete csv sealed-secrets-operator-helm.v0.0.2 -n sealed-secrets
kubectl delete crd sealedsecretcontrollers.bitnami.com
kubectl delete -f guides/k8s/olm/catalog-source.yaml
kubectl delete -f guides/k8s/olm/operator-group.yaml
kubectl delete -f guides/k8s/olm/namespace.yaml
Manual installation¶
kubectl delete -f guides/k8s/manual/deployment.yaml
kubectl delete -f guides/k8s/manual/crd.yaml
kubectl delete -f guides/k8s/manual/role-binding.yaml
kubectl delete -f guides/k8s/manual/role.yaml
kubectl delete -f guides/k8s/manual/service-account.yaml
kubectl delete -f guides/k8s/manual/namespace.yaml