Vault Csi Provider
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Consul | 26,535 | 1,022 | 1,872 | a day ago | 782 | September 20, 2022 | 1,250 | mpl-2.0 | Go | |
| Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure. | ||||||||||
| Homelab | 6,913 | 10 days ago | 21 | gpl-3.0 | Go | |||||
| Modern self-hosting framework, fully automated from empty disk to operating services with a single command. | ||||||||||
| Kubernetes External Secrets | 2,588 | a year ago | 10 | mit | JavaScript | |||||
| Integrate external secret management systems with Kubernetes | ||||||||||
| Bank Vaults | 1,862 | 16 | a day ago | 71 | April 05, 2022 | 225 | apache-2.0 | Go | ||
| A Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods. | ||||||||||
| Helm Secrets | 974 | 19 days ago | 1 | apache-2.0 | Shell | |||||
| A helm plugin that help manage secrets with Git workflow and store them anywhere | ||||||||||
| Kubernetes Vault | 966 | 2 years ago | 1 | July 03, 2021 | apache-2.0 | Go | ||||
| Use Vault to store secrets for Kubernetes! | ||||||||||
| Vault Helm | 920 | 4 days ago | 170 | mpl-2.0 | Shell | |||||
| Helm chart to install Vault and other associated components. | ||||||||||
| Kubefirst | 816 | 2 days ago | 68 | mit | Go | |||||
| The Kubefirst Open Source Platform | ||||||||||
| Vault Operator | 733 | 3 years ago | 60 | apache-2.0 | Go | |||||
| Run and manage Vault on Kubernetes simply and securely | ||||||||||
| Vault K8s | 701 | 1 | 12 days ago | 45 | May 25, 2022 | 99 | mpl-2.0 | Go | ||
| First-class support for Vault and Kubernetes. | ||||||||||
HashiCorp Vault Provider for Secrets Store CSI Driver
HashiCorp Vault provider for the Secrets Store CSI driver allows you to get secrets stored in Vault and use the Secrets Store CSI driver interface to mount them into Kubernetes pods.
Installation
Prerequisites
- Supported Kubernetes version, see the documentation (runs on Linux nodes only)
- Secrets store CSI driver installed
Using helm
The recommended installation method is via helm 3:
helm repo add hashicorp https://helm.releases.hashicorp.com
# Just installs Vault CSI provider. Adjust `server.enabled` and `injector.enabled`
# if you also want helm to install Vault and the Vault Agent injector.
helm install vault hashicorp/vault \
--set "server.enabled=false" \
--set "injector.enabled=false" \
--set "csi.enabled=true"
Using yaml
You can also install using the deployment config in the deployment folder:
kubectl apply -f deployment/vault-csi-provider.yaml
Usage
See the learn tutorial and documentation pages for full details of deploying, configuring and using Vault CSI provider. The integration tests in test/bats/provider.bats also provide a good set of fully worked and tested examples to build on.
Troubleshooting
To troubleshoot issues with Vault CSI provider, look at logs from the Vault CSI provider pod running on the same node as your application pod:
kubectl get pods -o wide
# find the Vault CSI provider pod running on the same node as your application pod
kubectl logs vault-csi-provider-7x44t
Pass -debug=true to the provider to get more detailed logs. When installing
via helm, you can use --set "csi.debug=true".
Developing
The Makefile has targets to automate building and testing:
make build test
The project also uses some linting and formatting tools. To install the tools:
make bootstrap
You can then run the additional checks:
make fmt lint mod
To run a full set of integration tests on a local kind cluster, ensure you have the following additional dependencies installed:
You can then run:
make setup-kind e2e-image e2e-setup e2e-test
Finally tidy up the resources created in the kind cluster with:
make e2e-teardown