Skip to content
This repository has been archived by the owner on Apr 3, 2024. It is now read-only.

Latest commit

 

History

History
38 lines (28 loc) · 1.37 KB

README.md

File metadata and controls

38 lines (28 loc) · 1.37 KB

Vault Controller

Manage Vault roles and policies easily through a Metacontroller-module. No more manual permission mingle for each cluster resource!

Requirements

  • Kubernetes cluster

  • Metacontroller v4.10+ (tested with given version, older might work as well)

  • Vault running in the cluster (in vault namespace)

  • Kubernetes authentication enabled, with role which enables the following policy:

    path "auth/kubernetes/role/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

path "sys/policies/acl/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

Deplyoment

  1. Have Metacontroller and Vault deployed.
  2. Build the application using provided Dockerfile and push to an image registry.
  3. Fill in image details to vault-controller.yaml.
  4. Deploy the required CRDs with crdv1.yaml.
  5. Deploy the vault-controller.yaml-manifest.

Usage

After the module is deployed and running, it should register all VaultKubernetesRole and VaultPolicy resources deployed into the vault-namespace and create corresponding roles and policies into Vault.

There are examples for each resource-type in the examples/-directory.