Code Monkey home page Code Monkey logo

vault-k8s-helper's People

Contributors

camaeel avatar dependabot[bot] avatar ranggasama avatar renovate[bot] avatar

Stargazers

avatar

Watchers

avatar

Forkers

ranggasama

vault-k8s-helper's Issues

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

dockerfile
Dockerfile
  • golang 1.19-alpine
github-actions
.github/workflows/chart.yaml
  • actions/checkout v4
  • helm/chart-releaser-action v1.6.0
.github/workflows/docker-cron.yaml
  • actions/checkout v4
  • docker/setup-buildx-action v3
  • docker/metadata-action v5
  • docker/build-push-action v5
  • github/codeql-action v3
.github/workflows/docker-pr.yaml
  • actions/checkout v4
  • docker/setup-buildx-action v3
  • docker/metadata-action v5
  • docker/build-push-action v5
.github/workflows/docker.yaml
  • actions/checkout v4
  • sigstore/cosign-installer v3
  • docker/setup-qemu-action v3
  • docker/setup-buildx-action v3
  • docker/login-action v3
  • docker/metadata-action v5
  • docker/build-push-action v5
  • github/codeql-action v3
gomod
go.mod
  • go 1.19
  • github.com/hashicorp/vault/api v1.9.2
  • github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826@c48cc78d4826
  • github.com/sirupsen/logrus v1.9.3
  • golang.org/x/exp v0.0.0-20230725093048-515e97ebf090@515e97ebf090
  • k8s.io/api v0.27.4
  • k8s.io/apimachinery v0.27.4
  • k8s.io/client-go v0.27.4
helm-values
charts/vault-autounseal/values.yaml
charts/vault-cert-creator/values.yaml
  • Check this box to trigger a request for Renovate to run again on this repository

reload secret with ca.crt

This "operator" should automatically reload secret with ca.crt so if it gets regenerated then the operator has a valid one.

Add feature to patch statefulsets pods

This utility could detect if a pod should be replaced (maybe kubernetes exposes this information somehow), and then automatically replace them, starting with non-leader pods. This could at least watch for changes in images to make the patching automated.

Invalid type for deployment args (got "map", expected "string")

Hi, already try the new version. and found this error

$ helm upgrade vault-autounseal vault-k8s-helper/vault-autounseal \
  --install --create-namespace \
  --set=settings.unlock-shares=5 \
  --set=settings.unlock-threshold=3 \
  --set=settings.ca-cert=/tmp/ca-chain/ca-chain.pem \
  -n vault-autounseal --version 1.0.4 --dry-run -o yaml
Error: UPGRADE FAILED: error validating "": error validating data: [ValidationError(Deployment.spec.template.spec.containers[0].args[0]): invalid type for io.k8s.api.core.v1.Container.args: got "map", expected "string", ValidationError(Deployment.spec.template.spec.containers[0].args[1]): invalid type for io.k8s.api.core.v1.Container.args: got "map", expected "string", ValidationError(Deployment.spec.template.spec.containers[0].args[2]): invalid type for io.k8s.api.core.v1.Container.args: got "map", expected "string"]

Fix that in my PR and alse adding capabilities to mounting volumes. In my case for mounting secret containing my self-signed CA, so that can communicate with vault securely. This can be done by using parameter -ca-cert in ./vault-autounseal parameter.

./vault-autounseal --help
Usage of ./vault-autounseal:
  -ca-cert string
    	CA certificate for validating connections to vault (default "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt")
  -kubeconfig string
    	Overwrite kubeconfig path
  -namespace string
    	Namespace used for storing unseal keys and root token (default "vault-autounseal")
  -service-domain string
    	DNS Name for accessing vault. In HA mode should be set to vault headles service providing all pod endpoints. (default "vault-internal.vault.svc.cluster.local")
  -service-port int
    	Vaul service port (default 8200)
  -service-scheme string
    	Vaul service scheme. Valid values: http, https (default "https")
  -unlock-shares int
    	Number of unlock shares (default 3)
  -unlock-threshold int
    	Number of unlock shares threshold (default 3)
  -vault-internal-service-name string
    	Name of vault's internal service name (default "vault-internal")
  -vault-namespace string
    	namespace where vault is installed (default "vault")
  -vault-pod-name-prefix string
    	Prefix for vault StatefulSet's pods (default "vault")
  -vault-root-token-secret string
    	Vault root token secret name (default "vault-autounseal-root-token")
  -vault-unlock-keys-secret string
    	Vault unlock keys secret name (default "vault-autounseal-unlock-keys")

feature: rewrite with informer

This utility could benefit from using informer to update state of k8s objects (pods + statefulset) and act when their state (pod not ready usually).

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.