Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
81 lines (59 sloc) 2.23 KB
title description
Quick Start
Quickly get started using Azure Key Vault to Kubernetes

import { ExpansionPanel, ExpansionPanelList, ExpansionPanelListItem } from 'gatsby-theme-apollo-docs';

Installation

See installation.

Ensure Kubernetes can access objects in Azure Key Vault

By default akv2k8s use the AKS cluster credentials to authenticate with Azure Key Vault (if you run outside Azure, see using custom credentials). Run the following command to authorize akv2k8s to access secret-objects in Azure Key Vault.

az keyvault set-policy \
  -n <azure key vault name> \
  --secret-permissions get \
  --spn <service principal id> \ 
  --subscription <azure subscription>

For more details and options, check out authentication and authorization.

Sync Azure Key Vault object to Kubernetes Secret

Create a AzureKeyVaultSecret resource in the namespace you want the Kubernetes Secret to be synced. In this example we are using the namespace akv-test.

# secret-sync.yaml

apiVersion: spv.no/v1alpha1
kind: AzureKeyVaultSecret
metadata:
  name: secret-sync 
  namespace: akv-test
spec:
  vault:
    name: akv2k8s-test # 1. name of key vault
    object:
      name: my-secret # 2. name of the akv object
      type: secret # 3. akv object type
  output: 
    secret: 
      name: my-secret-from-akv # 4. kubernetes secret name
      dataKey: secret-value # 5. key to store object value in kubernetes secret

Apply to Kubernetes:

$ kubectl apply -f secret-sync.yaml
azurekeyvaultsecret.spv.no/secret-sync created

Done

Shortly you should have a Kubernetes Secret resource in the namespace akv-test, containing the value from Azure Key Vault!

To see how to use the Env-Injector to bypass using Kubernetes Secrets entirely and other options, check out the tutorials.

You can’t perform that action at this time.