vault-controller

A K8s controller to manage Hashicorp Vault configuration using CRDs.

Deploy

kubectl apply -f https://raw.githubusercontent.com/gobins/vault-controller/master/config/deploy.yaml

Configuration

To enable the controller to talk to vault API, create a configmap.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config
  namespace: vault-controller-system
data:
  address: http://10.244.0.6:8200
  token: root

SysAuth

apiVersion: vault.gobins.github.io/v1
kind: SysAuth
metadata:
  name: sysauth-sample
  namespace: vault-controller-system
spec:
  path: "testapprole"
  description: "testing"
  type: "approle"

Policy

apiVersion: vault.gobins.github.io/v1
kind: Policy
metadata:
  name: policy-sample
  namespace: vault-controller-system
spec:
  name: testpolicy
  rules: |
    path "user-kv/data/{{identity.entity.name}}/*" {
        capabilities = [ "create", "update", "read", "delete", "list" ]
    }
    path "user-kv/metadata" {
      capabilities = ["list"]
    }

Todo

Add other authentication for vault client
Add webhook for validation
Add CRDs for auth methods(Approle, AWS, Tokens, Google Cloud)

Name		Name	Last commit message	Last commit date
Latest commit History 19 Commits
api/v1		api/v1
config		config
controllers		controllers
hack		hack
.gitignore		.gitignore
Dockerfile		Dockerfile
Makefile		Makefile
PROJECT		PROJECT
README.md		README.md
go.mod		go.mod
go.sum		go.sum
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

vault-controller

Deploy

Configuration

SysAuth

Policy

Todo

About

Releases

Packages

Languages

gobins/vault-controller

Folders and files

Latest commit

History

Repository files navigation

vault-controller

Deploy

Configuration

SysAuth

Policy

Todo

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages