[EKS] [request]: Requesting managed addon for External Secrets Operator

[cparik]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request
What do you want us to build?
EKS Add-on for External Secrets Operator

Which service(s) is this request for?
This could be Fargate, EKS

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
What outcome are you trying to achieve, ultimately, and why is it hard/impossible to do right now? What is the impact of not having this problem solved? The more details you can provide, the better we'll be able to understand and solve the problem.
EKS customers would benefit a lot if the External Secrets Operator could be packaged as an Add-on in EKS.
This will benefit customer by making deployment and management of the operator easy.

Are you currently working around this issue?
How are you currently solving this problem?
Manually deployment and management of the operator.

Additional context
Anything else we should know?

Attachments
If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)

[joebowbeer]

ESO is esp. useful until Secrets Store CSI Driver is enhanced:

aws/secrets-store-csi-driver-provider-aws#46 (comment)
kubernetes-sigs/secrets-store-csi-driver#529 (comment)

[colinbjohnson]

Just for a bit of clarity / measurement in terms of which mechanisms are most popular for mounting secrets:

• the secrets-store-csi-driver has 255 forks and 1.1k stars and the secrets-store-csi-driver-provider-aws repository has 101 forks and 372 stars

  • the contribution AWS Secrets Store CSI Driver for AWS stats show six contributors in 2023 of which two were from AWS and one of whom left (in other words - the project only has commits from 1x person within AWS)

• the external-secrets operator has 576 forks and 3.1k stars

  • the contribution stats show 34 contributors during 2023 - while this is not an exact comparison (it's a multi-platform project compared to just the AWS only secrets store driver) the external-secrets project has clear support

It's my feeling (not that anyone asked) that folks prefer (or at least choose to engage with) the External Secrets operator with more frequency that the secrets-store-csi-driver.

[joebowbeer]

@colinbjohnson I think the comparison is not a direct one. Secrets Store CSI Driver shines at not creating Kubernetes secrets in your cluster (having secrets in your cluster is a good thing not to be doing), while ESO shines at creating Kubernetes secrets.

ESO also currently provides better support for AWS SSM Parameter Store than does the AWS Implementation of Secret Store CSI Driver, so even those who might want to avoid Kubernetes secrets may turn to ESO because of its better support for AWS services.