Assess secret storage systems for Lagoon
See original GitHub issueCurrently it’s not possible to store secret environment variables across an entire OpenShift project. Each new environment that is created for a new PR or branch needs to have ENV vars set manually in the deployment. Could we move to Vault to manage this instead of env?
Based on some investigations in our project, the following steps outline what may be needed to achieve a production level integration of Vault.
Install Consul.
** https://github.com/kubernetes/charts/tree/master/stable/consul
Install Vault.
** https://github.com/kubernetes/charts/tree/master/incubator/vault
Install the Goldfish Vault Web UI.
** https://github.com/kubernetes/charts/tree/master/incubator/goldfish
** https://github.com/Caiyeon/goldfish
Configure the Vault Kubernetes Auth Backend.
** https://www.vaultproject.io/docs/auth/kubernetes.html
** This will allow Kubernetes service accounts to authenticate to Vault.
For each application that is to use Vault stored secrets.
** Create a `ConfigMap` with a file defining the secrets to be consumed.
** Change the Dockerfile ENTRYPOINT for the workload so that `vaultenv` is used to fetch the secrets from Vault and store them in environment variables.
** https://github.com/channable/vaultenv
** The section “Exposing Secrets to Applications” from this article goes into more detail about using `vaultenv` - https://www.elastic.co/blog/kubernetes-vault-integration-devops-team
Issue Analytics
- State:
- Created 5 years ago
- Reactions:1
- Comments:10 (8 by maintainers)
Top Results From Across the Web
Lagoon Roadmap (Indicative) - GitHub
Lagoon, the developer-focused application delivery platform - Lagoon Roadmap ... Assess secret storage systems for Lagoon #469 opened by kurtfoster
Read more >Tank Systems, Storage Lagoon Covers and Liners
Tank Systems, Storage Lagoon Covers and Liners ... which come in a variety of sizes and construction materials, typically measure 100mm in diameter, ......
Read more >Assessing the human footprint on the sea-floor of ... - Nature
Here, we present a quantitative assessment of the effects of human actions on the floor of the tidal channels from the Venice Lagoon...
Read more >WRFN New Lagoon and Septic Bed Assessment ...
Home page for the impact assessment of the project - WRFN New Lagoon and Septic Bed Assessment/Replacement Program.
Read more >Assessing the human footprint on the sea-floor of coastal ...
PDF | Coastal systems are among the most studied, most vulnerable ... the sea-floor of coastal systems: the case of the Venice Lagoon,...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Thanks for this @kurtfoster There is also #65 which covers another idea of this.
Will definitely look into Vault and check how we can use that in a PaaS enviornment where multiple clients need access to the Vault but should not have access to each others Secrets
we talked about this again during lagoon tech sync: