Vault Config Operator 0.8.24 provided by Red Hat Community of Practice
This operator helps set up Vault Configurations. The main intent is to do so much that subsequently, pods can consume the secrets made available. There are two main principles through all of the capabilities of this operator:
- High-fidelity API. The CRD exposed by this operator reflects field by field the Vault APIs. This is because we don't want to make any assumptions about the kinds of configuration workflow that the user will set up. That being said the Vault API is very extensive and we are starting with enough API coverage to support, we think, some simple and very common configuration workflows.
- Attention to security. After all we are integrating with a security tool. To prevent credential leaks we give no permissions to the operator itself against Vault. All APIs exposed by this operator contain enough information to authenticate to Vault using a local service account (local to the namespace where the API exists). In other words, for a namespace user to be able to successfully configure Vault, a service account in that namespace must have been previously given the needed Vault permissions.
Currently, this operator supports the following CRDs:
- Policy Configures Vault Policies
- KubernetesAuthEngineRole Configures a Vault Kubernetes Authentication Role
- SecretEngineMount Configures a Mount point for a SecretEngine
- DatabaseSecretEngineConfig Configures a Database Secret Engine Connection
- DatabaseSecretEngineRole Configures a Database Secret Engine Role
- RandomSecret Creates a random secret in a vault kv Secret Engine with one password field generated using a PasswordPolicyvault-config-operator
Latest version
0.8.24
Capability level
- Basic Install
- Seamless Upgrades
- Full Lifecycle
- Deep Insights
- Auto-Pilot
Source
Community
Provider
Red Hat Community of Practice
Infrastructure features
Disconnected
Repository
https://github.com/redhat-cop/vault-config-operator
Container image
quay.io/redhat-cop/vault-config-operator@sha256:7ee740bdf3e692451d62b01669acd860b85139e52867ce4ef0593d1f5c578228
Support
Best Effort
Provided APIs for Vault Config Operator are:
- Auth Engine Mount - AuthEngineMount is the Schema for the
authenginemounts
API - Database Secret Engine Config - DatabaseSecretEngineConfig is the Schema for the
databasesecretengineconfigs
API - Database Secret Engine Role - DatabaseSecretEngineRole is the Schema for the
databasesecretengineroles
API - Database Secret Engine Static Role - DatabaseSecretEngineStaticRole is the Schema for the
databasesecretenginestaticroles
API - Git Hub Secret Engine Config - GitHubSecretEngineConfig is the Schema for the
githubsecretengineconfigs
API - Git Hub Secret Engine Role - GitHubSecretEngineRole is the Schema for the
githubsecretengineroles
API - Group Alias - GroupAlias is the Schema for the
groupalias
API - Group - Group is the Schema for the
groups
API - JWTOIDCAuth Engine Config - JWTOIDCAuthEngineConfig is the Schema for the
jwtoidcauthengineconfigs
API - JWTOIDCAuth Engine Role - JWTOIDCAuthEngineRole is the Schema for the
jwtoidcauthengineroles
API - Kubernetes Auth Engine Config - KubernetesAuthEngineConfig is the Schema for the
kubernetesauthengineconfigs
API - Kubernetes Auth Engine Role - KubernetesAuthEngineRole can be used to define a KubernetesAuthEngineRole for the
kube-auth
authentication method - Kubernetes Secret Engine Config - KubernetesSecretEngineConfig is the Schema for the
kubernetessecretengineconfigs
API - Kubernetes Secret Engine Role - KubernetesSecretEngineRole is the Schema for the
kubernetessecretengineroles
API - LDAPAuth Engine Config - LDAPAuthEngineConfig is the Schema for the
ldapauthengineconfigs
API - LDAPAuth Engine Group - LDAPAuthEngineGroup is the Schema for the
ldapauthenginegroups
API - Password Policy - PasswordPolicy is the Schema for the
passowordpolicies
API - PKISecret Engine Config - PKISecretEngineConfig is the Schema for the
pkisecretengineconfigs
API - PKISecret Engine Role - PKISecretEngineRole is the Schema for the
pkisecretengineroles
API - Policy - Policy is the Schema for the
policies
API - Quay Secret Engine Config - QuaySecretEngineConfig is the Schema for the
quaysecretengineconfigs
API - Quay Secret Engine Role - QuaySecretEngineRole is the Schema for the
quaysecretengineroles
API - Quay Secret Engine Static Role - QuaySecretEngineStaticRole is the Schema for the
quaysecretenginestaticroles
API - Rabbit MQSecret Engine Config - RabbitMQSecretEngineConfig is the Schema for the
rabbitmqsecretengineconfigs
API - Rabbit MQSecret Engine Role - RabbitMQSecretEngineRole is the Schema for the
rabbitmqsecretengineroles
API - Random Secret - RandomSecret is the Schema for the
randomsecrets
API - Secret Engine Mount - SecretEngineMount is the Schema for the
secretenginemounts
API - Vault Secret - VaultSecret is the Schema for the
vaultsecrets
API
Ref: https://developer.hashicorp.com/vault/docs/platform/k8s/vso
Top comments (0)