Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/stuttgart-things/vault-base-setup
terraform module for base-setup configuration of hashicorp vault.
https://github.com/stuttgart-things/vault-base-setup
csi-secrets-store k8s-auth terraform vault vso
Last synced: 2 days ago
JSON representation
terraform module for base-setup configuration of hashicorp vault.
- Host: GitHub
- URL: https://github.com/stuttgart-things/vault-base-setup
- Owner: stuttgart-things
- License: apache-2.0
- Created: 2023-11-29T14:43:11.000Z (11 months ago)
- Default Branch: main
- Last Pushed: 2024-07-23T13:51:54.000Z (4 months ago)
- Last Synced: 2024-07-23T16:04:46.915Z (4 months ago)
- Topics: csi-secrets-store, k8s-auth, terraform, vault, vso
- Language: HCL
- Homepage:
- Size: 59.6 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# stuttgart-things/vault-base-setup
terraform module for base-setup configuration of hashicorp vault.
## EXAMPLE USAGE
SECRETS + K8S AUTH + VSO
```hcl
module "vault-secrets-setup" {
source = "../../vault-base-setup/"
kubeconfig_path = "/home/sthings/.kube/demo"
vault_addr = "https://vault.demo.sthings-vsphere.labul.sva.de"
createDefaultAdminPolicy = true
csi_enabled = false
vso_enabled = true
cluster_name = "demo"
enableApproleAuth = false
secret_engines = [
{
path = "apps"
name = "demo"
description = "minio app secrets"
data_json = <
terraform init --upgrade
terraform apply
```
```yaml
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: vault-static-apps1
namespace: default
spec:
vaultAuthRef: dev
mount: apps
type: kv-v2
path: demo
refreshAfter: 10s
destination:
create: true
name: vso-app
```
DEPLOY K8S AUTH ON CLUSTER
```hcl
module "vault-base-setup" {
source = "github.com/stuttgart-things/vault-base-setup"
vault_addr = "https://vault.dev11.4sthings.tiab.ssc.sva.de"
cluster_name = "labul-app1"
kubeconfig_path = "/home/sthings/.kube/labul-app1"
csi_enabled = true
namespace_csi = "vault"
vso_enabled = true
namespace_vso = "vault"
k8s_auths = [
{
name = "dev"
namespace = "default"
token_policies = ["read-all-s3-kvv2", "read-write-all-s3-kvv2"]
token_ttl = 3600
},
]
}
```
```bash
# ONLY APPLY IF VSO IS ENABLED
kubectl apply -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/main/chart/crds/secrets.hashicorp.com_vaultconnections.yaml
kubectl apply -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/main/chart/crds/secrets.hashicorp.com_vaultauths.yaml
export VAULT_TOKEN=
terraform init --upgrade
terraform apply
```
CALL MODULE W/ VALUES
```hcl
module "vault-base-setup" {
source = "github.com/stuttgart-things/vault-base-setup"
createDefaultAdminPolicy = true
secret_engines = [
{
path = "cloud"
name = "vsphere"
description = "vsphere secrets",
data_json = <
EXECUTE TERRAFORM
```bash
export VAULT_ADDR=${VAULT_ADDR}
export VAULT_TOKEN=${VAULT_TOKEN}
terraform init
terraform validate
terraform plan
terraform apply
```
## Author Information
```bash
Xiaomin Lai, stuttgart-things 10/2023
Patrick Hermann, stuttgart-things 12/2023
```
## License
Licensed under the Apache License, Version 2.0 (the "License").
You may obtain a copy of the License at [apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0).
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an _"AS IS"_ basis, without WARRANTIES or conditions of any kind, either express or implied.
See the License for the specific language governing permissions and limitations under the License.