doc: HashiCorp external secret operator #3608
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
July 6, 2023 18:12
|
Kudos, SonarCloud Quality Gate passed!
|
ashokdevtron
previously requested changes
Aug 7, 2023
| @@ -2,7 +2,7 @@ | |||
|
|
|||
| To add secrets from **AWS Secrets Manager**, we need to create a generic Kubernetes secret for AWS authentication. | |||
|
|
|||
| Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use devtron generic chart for this. | |||
| Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use Devtron generic chart for this. | |||
There was a problem hiding this comment.
Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use a Devtron generic chart for it.
There was a problem hiding this comment.
You can use a Devtron generic chart for to achieve it. ?
There was a problem hiding this comment.
@Shubham9t9, I have changed the sentence.
| @@ -2,7 +2,7 @@ | |||
|
|
|||
| To add secrets from **AWS Secrets Manager**, we need to create a generic Kubernetes secret for AWS authentication. | |||
|
|
|||
| Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use devtron generic chart for this. | |||
| Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use Devtron generic chart for this. | |||
|
|
|||
| **Note:** You don't have to create the Kubernetes secret everytime you create External Secret for the respective namespace. | |||
There was a problem hiding this comment.
Note: You don't have to create the Kubernetes secret every time you create an external secret for the respective namespace.
| Once you have created the generic secret, follow these steps in the application's Secrets section: | ||
|
|
||
| **1. Create a new secret.** | ||
|
|
There was a problem hiding this comment.
1. Create a new secret
|
|
||
| **1. Create a new secret.** | ||
|
|
||
| To add a new secret to the application, go to the `App Configuration` section of the application. Then, navigate to the left pane and select the `Secrets` option and click on the `Add Secret` button. |
There was a problem hiding this comment.
To add a new secret to the application, go to the App Configuration section of the application. Then, navigate to the left pane and select the Secrets option and click the Add Secret button.
|
|
||
| **2. Select `HashiCorp Vault` as the External Secret Operator** | ||
|
|
||
| After clicking on the `Add Secret` button, select `HashiCorp Vault` from the dropdown menu for the `Data type` option. Provide a name for the secret you are creating, and then proceed to configure the external secret as described in the next step. |
There was a problem hiding this comment.
After clicking the Add Secret button, select HashiCorp Vault from the dropdown menu for the Data type option. Provide a name for the secret you are creating, and then proceed to configure the external secret as described in the next step.
|
|
||
|  | ||
|
|
||
| **3. Configure secret:** |
There was a problem hiding this comment.
3. Configure the secret
Comment on lines
42
to
48
| | `vault.server` | Server is the connection address for the Vaultserver, e.g: "https://vault.example.com:8200". | | ||
| | `vault.path` | Specify the path where the secret is stored in Vault. | | ||
| | `tokenSecretRef.name` | Enter the name of the secret that will be used for authentication. | | ||
| | `tokenSecretRef.key` | Specify the key name within the secret that contains the token. | | ||
| | `secretKey` | Provide a name for the secret in Kubernetes. | | ||
| | `key` | Enter the name of the secret in Vault. | | ||
| | `property` | Specify the key within the Vault secret. | |
There was a problem hiding this comment.
Remove full-stop after each one-liner description in the table
|
|
||
|  | ||
|
|
||
| **4. Save secret.** |
|
|
||
| **4. Save secret.** | ||
|
|
||
| After configuring the external secret from HashiCorp Vault, proceed to save the secret by clicking on the `Save` button. |
There was a problem hiding this comment.
After configuring the external secret from HashiCorp Vault, proceed to save the secret by clicking the Save button.
|
Kudos, SonarCloud Quality Gate passed!
|
prakarsh-dt
changed the title
prakarsh-dt
approved these changes
Aug 17, 2023
Ash-exp
pushed a commit
that referenced
this pull request
Aug 21, 2023
* doc for hashicorp eso * edited summary.md * Proofread aws-eso.md * Proofread hashicorp-eso.md --------- Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com>
iamayushm
added a commit
that referenced
this pull request
Sep 4, 2023
* fix: updated ValidateRegistryStorageType for OCI registry configs * feat: added pull support for registry * feat: fetch the updated struct for registry * fix: fetch registry list * fix: fetch registry list * updated: migration script * updated: migration comments * added APIs: chart provider list, update enable/disable * feat: chart sync support with oci registry * AppStore repository structure * feat: updated FindWithFilter api for chart store * feat: updated FindChartDetailsById api for chart store * feat: query error on updateFindWithFilterQuery * feat: Service extraction for EA mode * fix: FindWithFilter query * fix: fetching registry OCI config nil * fix: registry validation added * feat: chart sync on registry update and toggle chart repo feature * fix: FindWithFilter query for chart store list * fixed: join query for FindWithFilter * fixed: registry validation * feat: modified helm apps query * feat: helm apps list query * oci chart installation changes and api fixes * fixing sql queries * update code * fixing query * chart group api installation * chart group list api * app group installation detail api * bulk chart group fix * adding app store active flag * feat: registry support for virtual cluster v3 (#3702) * feat: added pull support for registry * feat: fetch the updated struct for registry * fix: fetch registry list * updated: migration script * updated: migration comments * fix: fetching registry OCI config nil * feat: chart provider APIs and registry validation (#3703) * fix: updated ValidateRegistryStorageType for OCI registry configs * feat: added pull support for registry * feat: fetch the updated struct for registry * fix: fetch registry list * fix: fetch registry list * updated: migration script * updated: migration comments * added APIs: chart provider list, update enable/disable * feat: chart sync support with oci registry * AppStore repository structure * feat: updated FindWithFilter api for chart store * feat: updated FindChartDetailsById api for chart store * feat: query error on updateFindWithFilterQuery * feat: Service extraction for EA mode * fix: FindWithFilter query * fix: fetching registry OCI config nil * fix: registry validation added * feat: chart sync on registry update and toggle chart repo feature * fix: FindWithFilter query for chart store list * fixed: join query for FindWithFilter * fixed: registry validation * feat: modified helm apps query * feat: helm apps list query * feat: wire integration, registry delete validation (#3720) * fix: updated ValidateRegistryStorageType for OCI registry configs * feat: added pull support for registry * feat: fetch the updated struct for registry * fix: fetch registry list * fix: fetch registry list * updated: migration script * updated: migration comments * added APIs: chart provider list, update enable/disable * feat: chart sync support with oci registry * AppStore repository structure * feat: updated FindWithFilter api for chart store * feat: updated FindChartDetailsById api for chart store * feat: query error on updateFindWithFilterQuery * feat: Service extraction for EA mode * fix: FindWithFilter query * fix: fetching registry OCI config nil * fix: registry validation added * feat: chart sync on registry update and toggle chart repo feature * fix: FindWithFilter query for chart store list * fixed: join query for FindWithFilter * fixed: registry validation * feat: modified helm apps query * feat: helm apps list query * feat: integrated docker registry to EA mod * feat: delete validation for registry * fix: updated is_pull_active and deleted condition to the query * fix: interface injection for chart providers * updated: app store list issues * fix: chart provider list query fixed * feat: public registry url handling * feat: added validation registry API * feat: added IsOCICompliantChart flag to chart details API * feat: added IsOCICompliantChart flag to chart details API * feat: registry disabled action list added * feat: disabled registry action list added * feat: Refactored docker registry IP config and added integration test cases (#3728) * fix: updated ValidateRegistryStorageType for OCI registry configs * feat: added pull support for registry * feat: fetch the updated struct for registry * fix: fetch registry list * fix: fetch registry list * updated: migration script * updated: migration comments * added APIs: chart provider list, update enable/disable * feat: chart sync support with oci registry * AppStore repository structure * feat: updated FindWithFilter api for chart store * feat: updated FindChartDetailsById api for chart store * feat: query error on updateFindWithFilterQuery * feat: Service extraction for EA mode * fix: FindWithFilter query * fix: fetching registry OCI config nil * fix: registry validation added * feat: chart sync on registry update and toggle chart repo feature * fix: FindWithFilter query for chart store list * fixed: join query for FindWithFilter * fixed: registry validation * feat: modified helm apps query * feat: helm apps list query * feat: integrated docker registry to EA mod * feat: delete validation for registry * fix: updated is_pull_active and deleted condition to the query * fix: interface injection for chart providers * updated: app store list issues * fix: chart provider list query fixed * feat: public registry url handling * feat: added validation registry API * feat: added IsOCICompliantChart flag to chart details API * feat: added IsOCICompliantChart flag to chart details API * feat: registry disabled action list added * feat: disabled registry action list added * feat: registry ip config updated * feat: updated integration test cases * feat: updated registry update test cases * feat: fixed Ip Config Query and integration test cases * feat: fixed IpConfig Join query * feat: added validation and removed app_store.active condition * updated: RegistryBean request obj, FindDeploymentCount query * feat: chart provider service test cases updated * feat: added registry update validation * feat: updated chart sync order * feat: validation api update * migration script fix * updated migration * fixed: ip config update * feat: removed super admin RBAC for chart provider list * feat: removed GCR and GAR validation * fix: FindWithFilter query * fix: FindWithFilter query with delete condition * fix: FindWithFilter query with delete condition * fix: LinkHelmApplicationToChartStore nil pointer handled * fix: ipconfig inject skipped for virtual env * feat: removed validation for other type registry * wip: modifying search api * panic fix: hibernation * updated unlock condition (#3770) * remove use-buildx flag to use k8s buildx driver (#3773) * fix: resource tree panic fix (#3775) * resource tree panic fix * panic fix * chore: Addition of K9s image in cluster terminal (#3779) * k9s image added * k9s image changes --------- Co-authored-by: Kamal Acharya <kamalacharya@Kamals-MacBook-Pro.local> * release: PR for v0.6.20 (#3620) * Updated release-notes files * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated latest image of ci-runner in installer * Updated release notes * Updated release notes * Updated release notes * Updated latest image of ci-runner in installer * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated latest image of ci-runner in installer * Updated latest image of ci-runner in installer * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated latest image of hyperion in installer * Updated latest image of lens in installer * Updated latest image of git-sensor in installer * Updated latest image of devtron in installer * Updated latest image of kubelink in installer * Updated latest image of kubewatch in installer * Updated release notes * Updated release notes * Updated latest image of dashboard in installer * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated pending release-notes * enabled file stats in gitsensor * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated latest image of ci-runner in installer * Updated release notes * Updated release notes * Updated latest image of git-sensor in installer * Updated latest image of kubelink in installer * Updated latest image of dashboard in installer * Updated latest image of kubelink in installer * Updated release notes * Updated latest image of kubelink in installer * Updated latest image of devtron in installer * Updated latest image of dashboard in installer * Updated latest image of dashboard in installer * Updated latest image of dashboard in installer * Update release.txt * Updated release notes * Updated latest image of devtron in installer * Updated latest image of kubewatch in installer * Updated latest image of dashboard in installer * Updated release notes * Updated latest image of devtron in installer * Updated latest image of dashboard in installer * Updated latest image of dashboard in installer * Updated release notes * Updated latest image of devtron in installer * Updated release notes * Updated latest image of devtron in installer * Updated latest image of kubelink in installer * Updated latest image of dashboard in installer * Updated latest image of dashboard in installer * Updated release notes * Updated release notes * Updated latest image of devtron in installer * Updated latest image of devtron in installer * Updated latest image of ci-runner in installer * Updated latest image of kubewatch in installer * Updated release notes * Updated latest image of devtron in installer * Updated latest image of dashboard in installer * Updated latest image of dashboard in installer * Updated release notes * Updated latest image of ci-runner in installer * Update Chart.yaml * Update values.yaml * Updated latest image of devtron in installer * Updated release notes * Updated latest image of hyperion in installer * Updated latest image of devtron in installer * Updated latest image of hyperion in installer * Updated latest image of ci-runner in installer * Updated release notes * Updated latest image of hyperion in installer * Updated latest image of devtron in installer * Updated latest image of dashboard in installer * Updated release notes * Updated latest image of hyperion in installer * Updated latest image of devtron in installer * Updated latest image of devtron in installer * Updated latest image of hyperion in installer * Updated latest image of devtron in installer * Updated latest image of devtron in installer * Updated latest image of hyperion in installer * Updated latest image of hyperion in installer * Updated latest image of devtron in installer * Updated latest image of dashboard in installer * Updated release notes * Updated latest image of hyperion in installer * Updated latest image of devtron in installer * Enabled file include exclude feature * Enabled file include exclude feature in devtron-bom * Updated release-notes files --------- Co-authored-by: ReleaseBot <systems@devtron.ai> Co-authored-by: Pawan Mehta <117346502+pawan-mehta-dt@users.noreply.github.com> * delete all pre-post cd at one time (#3786) * perf: hibernate check optimisation (#3788) * check for kind * hibernation replica parallelism * clean dead code * refactoring --------- Co-authored-by: Ashish-devtron <ashish.kumar@devtron.ai> * doc: HashiCorp external secret operator (#3608) * doc for hashicorp eso * edited summary.md * Proofread aws-eso.md * Proofread hashicorp-eso.md --------- Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com> * doc: security feature doc (#3622) * security feature doc rewrite * Proofread security-features.md --------- Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com> * docs: container lifecycle (#3623) * container lifecycle doc * minor corrections * Proofread deployment.md --------- Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com> * doc: ci-trigger documentation update (#3629) * updated ci-trigger documentation * Proofread triggering-ci.md --------- Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com> * doc: mandatory tags feature (#3630) * added doc for mandatory tags feature * changed title from mandatory tags to tags policy * minor correction * Proofread SUMMARY.md Replaced mandatory-tags.md with tags-policy.md * Proofread tags-policy.md --------- Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com> * doc: manual image approval (#3649) * image manual approval doc * Proofread cd-pipeline.md * Proofread triggering-cd.md * Proofread user-access.md * doc-images moved to s3 + fixes --------- Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com> * Added purpose of admin login (#3790) * chore: Config approval scripts and refactoring (#3762) * config approval scripts * approver role resource added * migration version updated * overriden flag introduced * down script commited * cm fetch for edit * app level fetch instead of env level * cm bean refactoring * clean dead code * env props bean refactoring * refactoring * script version updated * config approval down sql * table deletion order fix * script number update * chore: updated migration number * migration script updated --------- Co-authored-by: ayushmaheshwari <ayush@devtron.ai> Co-authored-by: kartik-579 <84493919+kartik-579@users.noreply.github.com> Co-authored-by: Gireesh Naidu <111440205+gireesh-devtron@users.noreply.github.com> Co-authored-by: iamayushm <32041961+iamayushm@users.noreply.github.com> Co-authored-by: kamal-devtron <128121299+kamal-devtron@users.noreply.github.com> Co-authored-by: Kamal Acharya <kamalacharya@Kamals-MacBook-Pro.local> Co-authored-by: Prakarsh <71125043+prakarsh-dt@users.noreply.github.com> Co-authored-by: ReleaseBot <systems@devtron.ai> Co-authored-by: Pawan Mehta <117346502+pawan-mehta-dt@users.noreply.github.com> Co-authored-by: Prakash <prakash.kumar@devtron.ai> Co-authored-by: kripanshdevtron <107392309+kripanshdevtron@users.noreply.github.com> Co-authored-by: Ashish-devtron <ashish.kumar@devtron.ai> Co-authored-by: Shubham Kumar <87755583+Shubham9t9@users.noreply.github.com> Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com> Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description