LocalStack¶
AWS services emulation for local development.
Overview¶
| Property | Value |
|---|---|
| Namespace | localstack |
| Type | HelmRelease |
| Layer | Foundation (Layer 0) |
| Dependencies | None |
| Access | http://localstack.local |
Purpose¶
LocalStack provides AWS-compatible services locally, eliminating the need for real AWS resources during development.
Emulated Services¶
Secrets Manager¶
Stores credentials for:
- Redis - Authentication password
- pgAdmin4 - Admin email and password
- Grafana - Admin credentials
- Traefik - Dashboard auth (username, password, htpasswd)
S3¶
- PostgreSQL backup storage
- Object storage for applications
Auto-Initialization¶
Secrets are automatically created via LocalStack startup hooks:
- LocalStack starts with
enableStartupScripts: true - Init scripts in ConfigMap run on startup
- Secrets are created if they don't exist (idempotent)
- Data persists across pod restarts
No Manual Setup Required
Unlike previous versions, secrets are now fully automated. No need to run initialization scripts manually.
Access¶
Verifying Secrets¶
# Port forward to LocalStack
kubectl port-forward -n localstack svc/localstack 4566:4566
# List all secrets
aws --endpoint-url=http://localhost:4566 secretsmanager list-secrets \
--region us-east-1
# Get a specific secret
aws --endpoint-url=http://localhost:4566 secretsmanager get-secret-value \
--secret-id redis/credentials/password --region us-east-1
Health Check¶
Troubleshooting¶
Secrets not syncing to Kubernetes¶
- Check External Secrets Operator is running
- Verify ClusterSecretStore is configured
- Check ExternalSecret status:
LocalStack not starting¶
# Check pod status
kubectl get pods -n localstack
# View logs
kubectl logs -n localstack deploy/localstack
Related¶
- External Secrets - Syncs LocalStack secrets to Kubernetes
- Runbooks - Secret operations