Install Kubernetes Operator
The Infisical Operator is a collection of Kubernetes controllers that streamline how secrets are managed between Infisical and your Kubernetes cluster. It provides multiple Custom Resource Definitions (CRDs) which enable you to:
- Sync secrets from Infisical into Kubernetes (
InfisicalSecret). - Push new secrets from Kubernetes to Infisical (
InfisicalPushSecret). - Manage dynamic secrets and automatically create time-bound leases (
InfisicalDynamicSecret).
Install the latest Helm repository
helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/'
helm repo update
helm install --generate-name infisical-helm-charts/secrets-operator
Create self sign cert
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodeskubectl create secret tls custom-ca-certificate --cert=cert.pem --key=key.pem -n default
Applying global configurations
apiVersion: v1
kind: Namespace
metadata:
name: infisical-operator-systemdefault
---
apiVersion: v1
kind: ConfigMap
metadata:
name: infisical-config
namespace: infisical-operator-systemdefault
data:
hostAPI: https:http://example.com/192.168.88.14/api # <-- global hostAPI
tls.caRef.secretName: custom-ca-certificate # <-- global TLS CA secret name
tls.caRef.secretNamespace: default # <-- global TLS CA secret namespace
tls.caRef.key: ca.crt # <-- global TLS CA secret keykubectl apply -f infisical-config.yaml