Skip to content
/ refresh-connection-es-to-vault Public

This project provides a solution to ensure the connection between Hashicorp Vault and External Secrets after the reboot of OpenShift or even instabilities.

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dsferreira54/refresh-connection-es-to-vault

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
templates
templates
 
 
.helmignore
.helmignore
 
 
Chart.yaml
Chart.yaml
 
 
README.md
README.md
 
 
values.yaml
values.yaml
 
 

Repository files navigation

CronJob - Refresh Connection - External Secrets to Hashicorp Vault

This project provides a solution to ensure the connection between Hashicorp Vault and External Secrets after the reboot of OpenShift or even instabilities.

Problem

When OpenShift is restarted, two things happen that can cause connection problems:

  • Hashicorp Vault becomes unavailable and to reactivate it, it is necessary to unseal all pods.
  • External Secrets loses its connection with Vault and to reestablish it, it is necessary to add an annotation to all resources related to External Secrets, as this forces a reload of them.

Solution

The solution to maintain the connection between Hashicorp Vault and External Secrets is a Helm Chart that contains a CronJob that runs every 5 minutes. The CronJob performs two actions:

  1. Unseals the Vault pods if they are unready.
  2. Adds an annotation to all resources related to External Secrets.

About

This project provides a solution to ensure the connection between Hashicorp Vault and External Secrets after the reboot of OpenShift or even instabilities.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published