Vault Secrets Webhook
A Kubernetes mutating webhook that makes direct secret injection into Pods possible.
Documentation
The official documentation for the webhook is available at https://bank-vaults.dev.
Development
For an optimal developer experience, it is recommended to install Nix and direnv.
Alternatively, install Go on your computer then run make deps
to install the rest of the dependencies.
Make sure Docker is installed with Compose and Buildx.
Fetch required tools:
make deps
Run project dependencies:
make up
Run the webhook:
make -j run forward
Run the test suite:
make test
make test-e2e-local
Run linters:
make lint # pass -j option to run them in parallel
Some linter violations can automatically be fixed:
make fmt
Build artifacts locally:
make artifacts
Once you are done, you can tear down project dependencies:
make down
Running e2e tests
The project comes with an e2e test suite that is mostly self-contained,
but at the very least, you need Docker installed.
By default, the suite launches a KinD cluster, deploys all necessary components and runs the test suite.
This is a good option if you want to run the test suite to make sure everything works. This is also how the CI runs the test suite
(with a few minor differences).
You can run the test suite by running the following commands:
make test-e2e-local
Another way to run the test suite is using an existing cluster.
This may be a better option if you want to debug tests or figure out why something isn't working.
Set up a Kubernetes cluster of your liking. For example, launch a KinD cluster:
kind create cluster
Deploy the necessary components (including the webhook itself):
garden deploy
Run the test suite:
make BOOTSTRAP=false test-e2e
License
The project is licensed under the Apache 2.0 License.