-
Notifications
You must be signed in to change notification settings - Fork 458
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: HashiCorp external secret operator #3608
Conversation
Kudos, SonarCloud Quality Gate passed! |
@@ -2,7 +2,7 @@ | |||
|
|||
To add secrets from **AWS Secrets Manager**, we need to create a generic Kubernetes secret for AWS authentication. | |||
|
|||
Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use devtron generic chart for this. | |||
Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use Devtron generic chart for this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use a Devtron generic chart for it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use a Devtron generic chart for to achieve it. ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Shubham9t9, I have changed the sentence.
@@ -2,7 +2,7 @@ | |||
|
|||
To add secrets from **AWS Secrets Manager**, we need to create a generic Kubernetes secret for AWS authentication. | |||
|
|||
Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use devtron generic chart for this. | |||
Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use Devtron generic chart for this. | |||
|
|||
**Note:** You don't have to create the Kubernetes secret everytime you create External Secret for the respective namespace. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note: You don't have to create the Kubernetes secret every time you create an external secret for the respective namespace.
Once you have created the generic secret, follow these steps in the application's Secrets section: | ||
|
||
**1. Create a new secret.** | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1. Create a new secret
|
||
**1. Create a new secret.** | ||
|
||
To add a new secret to the application, go to the `App Configuration` section of the application. Then, navigate to the left pane and select the `Secrets` option and click on the `Add Secret` button. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To add a new secret to the application, go to the App Configuration
section of the application. Then, navigate to the left pane and select the Secrets
option and click the Add Secret button.
|
||
**2. Select `HashiCorp Vault` as the External Secret Operator** | ||
|
||
After clicking on the `Add Secret` button, select `HashiCorp Vault` from the dropdown menu for the `Data type` option. Provide a name for the secret you are creating, and then proceed to configure the external secret as described in the next step. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After clicking the Add Secret button, select HashiCorp Vault
from the dropdown menu for the Data type
option. Provide a name for the secret you are creating, and then proceed to configure the external secret as described in the next step.
|
||
![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/hc-secret-type.jpg) | ||
|
||
**3. Configure secret:** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
3. Configure the secret
| `vault.server` | Server is the connection address for the Vaultserver, e.g: "https://vault.example.com:8200". | | ||
| `vault.path` | Specify the path where the secret is stored in Vault. | | ||
| `tokenSecretRef.name` | Enter the name of the secret that will be used for authentication. | | ||
| `tokenSecretRef.key` | Specify the key name within the secret that contains the token. | | ||
| `secretKey` | Provide a name for the secret in Kubernetes. | | ||
| `key` | Enter the name of the secret in Vault. | | ||
| `property` | Specify the key within the Vault secret. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove full-stop after each one-liner description in the table
|
||
![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/hc-eso.jpg) | ||
|
||
**4. Save secret.** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
4. Save the secret
|
||
**4. Save secret.** | ||
|
||
After configuring the external secret from HashiCorp Vault, proceed to save the secret by clicking on the `Save` button. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After configuring the external secret from HashiCorp Vault, proceed to save the secret by clicking the Save button.
Kudos, SonarCloud Quality Gate passed! |
* doc for hashicorp eso * edited summary.md * Proofread aws-eso.md * Proofread hashicorp-eso.md --------- Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com>
* fix: updated ValidateRegistryStorageType for OCI registry configs * feat: added pull support for registry * feat: fetch the updated struct for registry * fix: fetch registry list * fix: fetch registry list * updated: migration script * updated: migration comments * added APIs: chart provider list, update enable/disable * feat: chart sync support with oci registry * AppStore repository structure * feat: updated FindWithFilter api for chart store * feat: updated FindChartDetailsById api for chart store * feat: query error on updateFindWithFilterQuery * feat: Service extraction for EA mode * fix: FindWithFilter query * fix: fetching registry OCI config nil * fix: registry validation added * feat: chart sync on registry update and toggle chart repo feature * fix: FindWithFilter query for chart store list * fixed: join query for FindWithFilter * fixed: registry validation * feat: modified helm apps query * feat: helm apps list query * oci chart installation changes and api fixes * fixing sql queries * update code * fixing query * chart group api installation * chart group list api * app group installation detail api * bulk chart group fix * adding app store active flag * feat: registry support for virtual cluster v3 (#3702) * feat: added pull support for registry * feat: fetch the updated struct for registry * fix: fetch registry list * updated: migration script * updated: migration comments * fix: fetching registry OCI config nil * feat: chart provider APIs and registry validation (#3703) * fix: updated ValidateRegistryStorageType for OCI registry configs * feat: added pull support for registry * feat: fetch the updated struct for registry * fix: fetch registry list * fix: fetch registry list * updated: migration script * updated: migration comments * added APIs: chart provider list, update enable/disable * feat: chart sync support with oci registry * AppStore repository structure * feat: updated FindWithFilter api for chart store * feat: updated FindChartDetailsById api for chart store * feat: query error on updateFindWithFilterQuery * feat: Service extraction for EA mode * fix: FindWithFilter query * fix: fetching registry OCI config nil * fix: registry validation added * feat: chart sync on registry update and toggle chart repo feature * fix: FindWithFilter query for chart store list * fixed: join query for FindWithFilter * fixed: registry validation * feat: modified helm apps query * feat: helm apps list query * feat: wire integration, registry delete validation (#3720) * fix: updated ValidateRegistryStorageType for OCI registry configs * feat: added pull support for registry * feat: fetch the updated struct for registry * fix: fetch registry list * fix: fetch registry list * updated: migration script * updated: migration comments * added APIs: chart provider list, update enable/disable * feat: chart sync support with oci registry * AppStore repository structure * feat: updated FindWithFilter api for chart store * feat: updated FindChartDetailsById api for chart store * feat: query error on updateFindWithFilterQuery * feat: Service extraction for EA mode * fix: FindWithFilter query * fix: fetching registry OCI config nil * fix: registry validation added * feat: chart sync on registry update and toggle chart repo feature * fix: FindWithFilter query for chart store list * fixed: join query for FindWithFilter * fixed: registry validation * feat: modified helm apps query * feat: helm apps list query * feat: integrated docker registry to EA mod * feat: delete validation for registry * fix: updated is_pull_active and deleted condition to the query * fix: interface injection for chart providers * updated: app store list issues * fix: chart provider list query fixed * feat: public registry url handling * feat: added validation registry API * feat: added IsOCICompliantChart flag to chart details API * feat: added IsOCICompliantChart flag to chart details API * feat: registry disabled action list added * feat: disabled registry action list added * feat: Refactored docker registry IP config and added integration test cases (#3728) * fix: updated ValidateRegistryStorageType for OCI registry configs * feat: added pull support for registry * feat: fetch the updated struct for registry * fix: fetch registry list * fix: fetch registry list * updated: migration script * updated: migration comments * added APIs: chart provider list, update enable/disable * feat: chart sync support with oci registry * AppStore repository structure * feat: updated FindWithFilter api for chart store * feat: updated FindChartDetailsById api for chart store * feat: query error on updateFindWithFilterQuery * feat: Service extraction for EA mode * fix: FindWithFilter query * fix: fetching registry OCI config nil * fix: registry validation added * feat: chart sync on registry update and toggle chart repo feature * fix: FindWithFilter query for chart store list * fixed: join query for FindWithFilter * fixed: registry validation * feat: modified helm apps query * feat: helm apps list query * feat: integrated docker registry to EA mod * feat: delete validation for registry * fix: updated is_pull_active and deleted condition to the query * fix: interface injection for chart providers * updated: app store list issues * fix: chart provider list query fixed * feat: public registry url handling * feat: added validation registry API * feat: added IsOCICompliantChart flag to chart details API * feat: added IsOCICompliantChart flag to chart details API * feat: registry disabled action list added * feat: disabled registry action list added * feat: registry ip config updated * feat: updated integration test cases * feat: updated registry update test cases * feat: fixed Ip Config Query and integration test cases * feat: fixed IpConfig Join query * feat: added validation and removed app_store.active condition * updated: RegistryBean request obj, FindDeploymentCount query * feat: chart provider service test cases updated * feat: added registry update validation * feat: updated chart sync order * feat: validation api update * migration script fix * updated migration * fixed: ip config update * feat: removed super admin RBAC for chart provider list * feat: removed GCR and GAR validation * fix: FindWithFilter query * fix: FindWithFilter query with delete condition * fix: FindWithFilter query with delete condition * fix: LinkHelmApplicationToChartStore nil pointer handled * fix: ipconfig inject skipped for virtual env * feat: removed validation for other type registry * wip: modifying search api * panic fix: hibernation * updated unlock condition (#3770) * remove use-buildx flag to use k8s buildx driver (#3773) * fix: resource tree panic fix (#3775) * resource tree panic fix * panic fix * chore: Addition of K9s image in cluster terminal (#3779) * k9s image added * k9s image changes --------- Co-authored-by: Kamal Acharya <kamalacharya@Kamals-MacBook-Pro.local> * release: PR for v0.6.20 (#3620) * Updated release-notes files * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated latest image of ci-runner in installer * Updated release notes * Updated release notes * Updated release notes * Updated latest image of ci-runner in installer * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated latest image of ci-runner in installer * Updated latest image of ci-runner in installer * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated latest image of hyperion in installer * Updated latest image of lens in installer * Updated latest image of git-sensor in installer * Updated latest image of devtron in installer * Updated latest image of kubelink in installer * Updated latest image of kubewatch in installer * Updated release notes * Updated release notes * Updated latest image of dashboard in installer * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated pending release-notes * enabled file stats in gitsensor * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated latest image of ci-runner in installer * Updated release notes * Updated release notes * Updated latest image of git-sensor in installer * Updated latest image of kubelink in installer * Updated latest image of dashboard in installer * Updated latest image of kubelink in installer * Updated release notes * Updated latest image of kubelink in installer * Updated latest image of devtron in installer * Updated latest image of dashboard in installer * Updated latest image of dashboard in installer * Updated latest image of dashboard in installer * Update release.txt * Updated release notes * Updated latest image of devtron in installer * Updated latest image of kubewatch in installer * Updated latest image of dashboard in installer * Updated release notes * Updated latest image of devtron in installer * Updated latest image of dashboard in installer * Updated latest image of dashboard in installer * Updated release notes * Updated latest image of devtron in installer * Updated release notes * Updated latest image of devtron in installer * Updated latest image of kubelink in installer * Updated latest image of dashboard in installer * Updated latest image of dashboard in installer * Updated release notes * Updated release notes * Updated latest image of devtron in installer * Updated latest image of devtron in installer * Updated latest image of ci-runner in installer * Updated latest image of kubewatch in installer * Updated release notes * Updated latest image of devtron in installer * Updated latest image of dashboard in installer * Updated latest image of dashboard in installer * Updated release notes * Updated latest image of ci-runner in installer * Update Chart.yaml * Update values.yaml * Updated latest image of devtron in installer * Updated release notes * Updated latest image of hyperion in installer * Updated latest image of devtron in installer * Updated latest image of hyperion in installer * Updated latest image of ci-runner in installer * Updated release notes * Updated latest image of hyperion in installer * Updated latest image of devtron in installer * Updated latest image of dashboard in installer * Updated release notes * Updated latest image of hyperion in installer * Updated latest image of devtron in installer * Updated latest image of devtron in installer * Updated latest image of hyperion in installer * Updated latest image of devtron in installer * Updated latest image of devtron in installer * Updated latest image of hyperion in installer * Updated latest image of hyperion in installer * Updated latest image of devtron in installer * Updated latest image of dashboard in installer * Updated release notes * Updated latest image of hyperion in installer * Updated latest image of devtron in installer * Enabled file include exclude feature * Enabled file include exclude feature in devtron-bom * Updated release-notes files --------- Co-authored-by: ReleaseBot <systems@devtron.ai> Co-authored-by: Pawan Mehta <117346502+pawan-mehta-dt@users.noreply.github.com> * delete all pre-post cd at one time (#3786) * perf: hibernate check optimisation (#3788) * check for kind * hibernation replica parallelism * clean dead code * refactoring --------- Co-authored-by: Ashish-devtron <ashish.kumar@devtron.ai> * doc: HashiCorp external secret operator (#3608) * doc for hashicorp eso * edited summary.md * Proofread aws-eso.md * Proofread hashicorp-eso.md --------- Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com> * doc: security feature doc (#3622) * security feature doc rewrite * Proofread security-features.md --------- Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com> * docs: container lifecycle (#3623) * container lifecycle doc * minor corrections * Proofread deployment.md --------- Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com> * doc: ci-trigger documentation update (#3629) * updated ci-trigger documentation * Proofread triggering-ci.md --------- Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com> * doc: mandatory tags feature (#3630) * added doc for mandatory tags feature * changed title from mandatory tags to tags policy * minor correction * Proofread SUMMARY.md Replaced mandatory-tags.md with tags-policy.md * Proofread tags-policy.md --------- Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com> * doc: manual image approval (#3649) * image manual approval doc * Proofread cd-pipeline.md * Proofread triggering-cd.md * Proofread user-access.md * doc-images moved to s3 + fixes --------- Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com> * Added purpose of admin login (#3790) * chore: Config approval scripts and refactoring (#3762) * config approval scripts * approver role resource added * migration version updated * overriden flag introduced * down script commited * cm fetch for edit * app level fetch instead of env level * cm bean refactoring * clean dead code * env props bean refactoring * refactoring * script version updated * config approval down sql * table deletion order fix * script number update * chore: updated migration number * migration script updated --------- Co-authored-by: ayushmaheshwari <ayush@devtron.ai> Co-authored-by: kartik-579 <84493919+kartik-579@users.noreply.github.com> Co-authored-by: Gireesh Naidu <111440205+gireesh-devtron@users.noreply.github.com> Co-authored-by: iamayushm <32041961+iamayushm@users.noreply.github.com> Co-authored-by: kamal-devtron <128121299+kamal-devtron@users.noreply.github.com> Co-authored-by: Kamal Acharya <kamalacharya@Kamals-MacBook-Pro.local> Co-authored-by: Prakarsh <71125043+prakarsh-dt@users.noreply.github.com> Co-authored-by: ReleaseBot <systems@devtron.ai> Co-authored-by: Pawan Mehta <117346502+pawan-mehta-dt@users.noreply.github.com> Co-authored-by: Prakash <prakash.kumar@devtron.ai> Co-authored-by: kripanshdevtron <107392309+kripanshdevtron@users.noreply.github.com> Co-authored-by: Ashish-devtron <ashish.kumar@devtron.ai> Co-authored-by: Shubham Kumar <87755583+Shubham9t9@users.noreply.github.com> Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com>
Description