Inspired by Hashicorp's blog post Injecting Vault Secrets into Kubernetes Pods via a Sidecar
The demo provides a complete example for Agent Sidecar Injector of vault-k8s.
Tools used in this demo
- kubectl (https://kubernetes.io/docs/reference/kubectl)
- helm (https://github.com/helm/helm)
- helm-diff plugin (https://github.com/databus23/helm-diff)
- helmfile (https://github.com/roboll/helmfile)
- kind (https://github.com/kubernetes-sigs/kind)
- vault (https://www.vaultproject.io/)
Helm chart used in this demo
- vault-helm (https://github.com/hashicorp/vault-helm)
Main targets:
setup - Setup vault
deploy - Deploy the example application
demo - Dump the secret injected by vault agent
Cleaning targets:
clean - Remove required tools and the kubeconfig
destroy - Destroy the cluster and clean up
make demo
If all things went well, you would see something like
Secret: ๐
postgres://$RANDOM_USERNAME:$RANDOM_PASSWORD@postgres:5432/appdb?sslmode=disable