Categorygithub.com/gobins/vault-controller
modulepackage
0.0.0-20200612060947-5d4945717399
Repository: https://github.com/gobins/vault-controller.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
9
Dependents
0
Files
75 SLOC

# README

vault-controller

A K8s controller to manage Hashicorp Vault configuration using CRDs.

Deploy

kubectl apply -f https://raw.githubusercontent.com/gobins/vault-controller/master/config/deploy.yaml

Configuration

To enable the controller to talk to vault API, create a configmap.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config
  namespace: vault-controller-system
data:
  address: http://10.244.0.6:8200
  token: root

SysAuth

apiVersion: vault.gobins.github.io/v1
kind: SysAuth
metadata:
  name: sysauth-sample
  namespace: vault-controller-system
spec:
  path: "testapprole"
  description: "testing"
  type: "approle"

Policy

apiVersion: vault.gobins.github.io/v1
kind: Policy
metadata:
  name: policy-sample
  namespace: vault-controller-system
spec:
  name: testpolicy
  rules: |
    path "user-kv/data/{{identity.entity.name}}/*" {
        capabilities = [ "create", "update", "read", "delete", "list" ]
    }
    path "user-kv/metadata" {
      capabilities = ["list"]
    }

Todo

  • Add other authentication for vault client
  • Add webhook for validation
  • Add CRDs for auth methods(Approle, AWS, Tokens, Google Cloud)

# Packages

No description provided by the author
No description provided by the author