https://github.com/gobins/vault-controller
K8s controller to manage Hashicorp Vault Configuration
https://github.com/gobins/vault-controller
hashicorp-vault k8s kubernetes kubernetes-controller vault
Last synced: 11 months ago
JSON representation
K8s controller to manage Hashicorp Vault Configuration
- Host: GitHub
- URL: https://github.com/gobins/vault-controller
- Owner: gobins
- Created: 2020-05-29T05:41:32.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2020-06-12T06:09:57.000Z (about 6 years ago)
- Last Synced: 2025-03-29T06:22:35.645Z (about 1 year ago)
- Topics: hashicorp-vault, k8s, kubernetes, kubernetes-controller, vault
- Language: Go
- Size: 73.2 KB
- Stars: 14
- Watchers: 3
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# vault-controller
A K8s controller to manage Hashicorp Vault configuration using CRDs.
## Deploy
```
kubectl apply -f https://raw.githubusercontent.com/gobins/vault-controller/master/config/deploy.yaml
```
### Configuration
To enable the controller to talk to vault API, create a configmap.
```
apiVersion: v1
kind: ConfigMap
metadata:
name: config
namespace: vault-controller-system
data:
address: http://10.244.0.6:8200
token: root
```
### SysAuth
```
apiVersion: vault.gobins.github.io/v1
kind: SysAuth
metadata:
name: sysauth-sample
namespace: vault-controller-system
spec:
path: "testapprole"
description: "testing"
type: "approle"
```
### Policy
```
apiVersion: vault.gobins.github.io/v1
kind: Policy
metadata:
name: policy-sample
namespace: vault-controller-system
spec:
name: testpolicy
rules: |
path "user-kv/data/{{identity.entity.name}}/*" {
capabilities = [ "create", "update", "read", "delete", "list" ]
}
path "user-kv/metadata" {
capabilities = ["list"]
}
```
### Todo
- [ ] Add other authentication for vault client
- [ ] Add webhook for validation
- [ ] Add CRDs for auth methods(Approle, AWS, Tokens, Google Cloud)