k8s-jwt-to-vault-token

command module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 6, 2020 License: Apache-2.0 Imports: 5 Imported by: 0

README

CircleCI

k8s-jwt-to-vault-token

Docker image which uses service account JWT to request vault token and save into secret.

Usage

k8s-jwt-to-vault-token is used as init container for pods which require vault access.

      initContainers:
      - args:
        - --vault-address=<vault-address>
        - --vault-role=<vault-consumer>
        - --vault-token-secret-name=<vault-consumer>-vault-token
        - --vault-token-secret-namespace=giantswarm
        image: quay.io/giantswarm/k8s-jwt-to-vault-token:0.1.0
        imagePullPolicy: Always
        name: ensure-vault-token
...
      containers:
      - image: <vault-consumer>
        env:
        - name: VAULT_TOKEN
          valueFrom:
            secretKeyRef:
              key: token
              name: <vault-consumer>-vault-token

How it works?

  1. Read Kubernetes service account JWT.
  2. Log in vault with JWT and get vault token in response.
  3. Write vault token into Kubernetes secret.
  4. Consume vault token in main container.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
internal
env
label
pkg
project

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.