Hashicorp Vault. Kubernetes Auth

12/3/2020

Could you please say. I'm add in the volt-agent to the main pod. The secret of the norms is drawn from the volt and added to the pod, along the path /vault/secrets/credentials.txt in the format

last_vault_rotation: 2020-12-02T12:37:20.440116271+06:00
password: <password>
rotation_period: 604800
ttl: 506735
username: <username>

Deploying into kuber using helm. Question: how to make sure that the pod sees the credentials (lying in the pod file system) and pulls them up to connect to the database? I'm added this code to Helm Deployment file

        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/agent-inject-status: "update"
        vault.hashicorp.com/role: "k8s_doc_user-test"
        vault.hashicorp.com/agent-inject-secret-db-creds: "database/static-creds/doc_user-test-rotate"
        vault.hashicorp.com/agent-inject-template-db-creds: |
          {{`{{- with secret "database/static-creds/doc_user-test-rotate" -}}
        postgres://{{ .Data.data.username }}:{{ .Data.data.password }}@<ip-addr>:5432/aux_db?sslmode=disable
        {{- end }}`}}

But not working

-- Yerlan
hashicorp-vault
kubernetes

0 Answers