For Linux x86_64 systems, the client-tool may be installed into /usr/local/bin with the following command:
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.10.0/kubeseal-linux-amd64 -O kubeseal sudo install -m 755 kubeseal /usr/local/bin/kubeseal
For MacOS systems, the client-tool is installed as follows:
brew install kubeseal
Install the SealedSecret CRD, controller and RBAC artifacts on your EKS cluster as follows:
cd ~/environment/secrets wget https://eksworkshop.com/beginner/200_secrets/secrets.files/controller.yaml kubectl apply -f controller.yaml
Check the status of the controller pod.
kubectl get pods -n kube-system | grep sealed-secrets-controller
The logs printed by the controller reveal the name of the Secret that it created in its namespace, kube-system, and which contais the private key pair used by the controller for unsealing SealedSecrets deployed to the cluster. Note that the name of the controller pod will be different in your cluster.
kubectl logs sealed-secrets-controller-84fcdcd5fd-9qb5j -n kube-system
As seen from the logs of the controller, it searches for a Secret with the label sealedsecrets.bitnami.com/sealed-secrets-key in its namespace. If it does not find one, it creates a new one in its namespace and prints the public key portion of the key pair to its output logs. View the contents of the Secret which contais the public/private key pair in YAML format as follows:
kubectl get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml