RaymondThis guide to help people who are new to Vault create a Kubernetes Secret through Vault
There are two ways to use Vault Secret:
- Adding the annotations
- Use External Secret Operator
Source: external-secrets.io
I used the second step in this article because I used ArgoCD before and wanted to visualize all the resources I created.
Walkthrough
Create a Secret for the Vault token
kubectl create secret generic vault-token --from-literal=token=<token>
or
echo -n "token" | base64
apiVersion: v1
data:
token: <Encoded Vault Token>
kind: Secret
metadata:
name: vault-token
type: Opaque
Install External Secrets using Helm
helm repo add external-secrets <https://charts.external-secrets.io>
helm install external-secrets external-secrets/external-secrets
SecretStore
Create secret-store.yaml file
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: secret-store
spec:
provider:
vault:
server: http://<serverAddresss>:<port>
path: <path> ----- see the picture above
version: "<version>" ---- See the version near the path above
auth:
tokenSecretRef:
name: vault-token
key: token
ExternalService
Create external-secret.yaml file
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: external-secret
spec:
refreshInterval: 5m ------ Time for fetching new values
secretStoreRef:
name: secret-store ------- Secret Store Name
kind: SecretStore
target:
name: secret-to-be-created --------- Secret Name
creationPolicy: Owner
dataFrom:
- extract:
key: "<key>" ------- See the picture above
It will automatically get all values from Vault Secret and create a new secret if it does not exist.
Preferences
English is not my first language, and I am not good at it, but I want to improve and enhance my English every day. Writing a blog is the best way I have chosen. Please let me know if there is anything confusing because of my English.
