The contains details of how to install and uninstall vaultsecrets-operator
vaultsecrets-operator runs on K8S cluster 1.16 and up. To install it you would need:
- Admin access to cluster
kubectl
which is configured to access your cluster and is in your execution path- GNU or *NIX Make which is in your execution path
- Vault role and AWS IAM role which grants access to Vault
The vaultsecrets-operator docker image is located at DockerHub.
To install it to your K8S cluster:
- edit
deploy/operator.yaml
and add your environment variables. - Install using
make
andkubectl
:
cd deploy
make install
Environment variables, which allow to configure operator:
Variable Name | Required | Notes | Example |
---|---|---|---|
VAULT_ADDR | Yes | FQDN with port of your Vault installtion. Operator from K8S must be able to access it. | https://vault.default.svc.cluster.local:8200 |
VAULT_SKIP_VERIFY | No | Operator will allow TLS connections to Vault, protected with self signed certificate | 1 |
VAULT_ROLE_2_ASSUME | Yes | Role to assume on Vault | vault-secret-operator-role |
VAULT_SECRETS_PREFIX | Yes | Path in Vault, where your secrets are kept | secret/k8s |
MAX_CONCURRENT_RECONCILES | Yes | How many reconcile loops run concurrently | 1 |