Skip to content

Zondax/vault-k8s-canister

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github/workflows
.github/workflows
 
 
canister
canister
 
 
docs
docs
 
 
operator
operator
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

Vault K8S Canister

License GithubActions

zondax_light zondax_dark

Please visit our website at zondax.ch

This repository is a Proof of Concept of a decentralized secret management solution that leverages Internet Computer (IC) technology to compete with existing applications such as 1Password, Doppler or Hashicorp Vault. Our project aims to provide means for services to share secrets in a flexible, transparent and secure way. It simplifies the flow of secret management between consumers in the cluster as well as rotate secrets based on config for added security.

In the future we want to keep building on top of what we have now by adding support for various secret types, adding more specialized sidecars as well as improve the distribution methods.

About the project 📖📖

Please visit the folder docs or the documentation site for more information!

How to try by yourself ⚙️

Pre-requisites

  1. Docker
  2. Local k8 cluster using any of the following tools:
  3. cloudflared for port forwarding
  4. kubectl to manage the local cluster.
  5. Make the build automation tool - most likely you will already have it but just in case.
  6. Golang
  7. Earthly

Steps

  1. Local cluster: minikube/k3d/kind
    • If required to start a new cluster using config, you can do it using the k8s/mock2/clusterWithWebhookRegistration/kinDCluster.yaml
  2. Build the postgres sidecar image by running make build-sidecars

Running local

  1. Store the cluster config at ~/.kube/config
  2. Start cloudflared tunnel make tunnel-adm-controller and get the tunnel url from output file
  3. Update the URL in k8s/mock2/mutating-webhook.yaml
  4. Apply k8s/mock2/mutating-webhook.yaml using kubectl on your local cluster
  5. Start the operators and adm_controller through make run
  6. At this point, you should be able to see these components created on the cluster (you can use lens for that)
  7. Try experimenting and user flows by applying manifests in k8s/mock2 to see things in action :)

Running as chart

  1. Start cloudflared tunnel make tunnel-icp and get the tunnel url:
  2. Update the URL in tororu-operator helm chart values, under config.icpNodeUrl
  3. Update the canister id in tororu-operator helm chart values, under config.canisterId
  4. Start the operators and adm_controller through make install-chart
  5. Try experimenting and user flows by applying manifests in k8s/mock2 to see things in action :)

Demo

To run a complete demo, please follow these steps after you finish the previous setup.

Option A: Using manifests

  • Create a tororu resource:
    1. Run kubectl apply -f k8s/mock2/tororu-api/tororu-crd.yaml
    2. Check the result under Custom Resources on lens
  • Create two new CRDs:
    1. Prateek's secret: kubectl apply -f k8s/mock2/postgres-crd-1.yaml
    2. Juan's secret: kubectl apply -f k8s/mock2/postgres-crd-2.yaml

Option B: Using helm charts

  • Create a tororu resource, deploying two new CRDs:
    1. Run make install-crds
    2. Check the result under Custom Resources on lens

Creating RW and RO consumers

  • Create a pvc kubectl apply -f k8s/mock2/persistantVolume.yaml
  • Deploy the postgres server kubectl apply -f k8s/mock2/postgres-server.yaml
  • Deploy the postgres client kubectl apply -f k8s/mock2/postgres-client.yaml

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

4 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages