ot-container-kit / k8s-vault-webhook Goto Github PK

Agent isn't working to fetch the secrets. Have noted it in AWS respectively

Your logo here is for Vue.js, not Vault

https://github.com/OT-CONTAINER-KIT/k8s-vault-webhook/blob/master/static/k8s-vault-webhook-arc.png

https://vuejs.org/

What do you think about the idea to support annotating k8s secrets as well?

So the idea would be to create a secret like this

apiVersion: v1
kind: Secret
metadata:
  name: mysql-secret
      annotations:
      vault.opstree.secret.manager/enabled: "true"
      vault.opstree.secret.manager/path: secret/mysql
      vault.opstree.secret.manager/role: tester
      vault.opstree.secret.manager/service: http://vault.vault:8200
data:
  MYSQL_ROOT_PASSWORD: vault:MYSQL_ROOT_PASSWORD
  MYSQL_USER1_PASSWORD: vault:MYSQL_USER1_PASSWORD

On creation (and updates) of this secrets, the data.* would automatically be/updated set.
This way the secret could be used as any other k8s secret. So if for example a third party helm chart expects a k8s secret being set it would work as well.

Not able to get gcp secert manager with listed annonations, Is there any clear documenations

Like where is service account need to pass where project need to pass,
If we using work load indentity how it works

This issue is causing false negative container image file linting errors, which have since been fixed in v2.9.1 of hadolint. The latest release is currently 2.12.0.

I was glancing over the code, but couldn't find the part when using Hashicorp Vault, where you replace the pod annotations with the actual secrets? Also the example in the docs show the annotations rather than the pass - https://ot-container-kit.github.io/k8s-vault-webhook/guide/hashicorp-vault-example.html