Lab 11, task 2

kolayne-IU-assignments · Apr 12, 2024 · c9c92c1 · c9c92c1
1 parent 1daceeb
commit c9c92c1
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 2 deletions.
diff --git a/k8s/11.md b/k8s/11.md
@@ -34,3 +34,32 @@ $ kubectl exec app-py-797f75bf4f-cb7vz -- printenv | grep -i secret
 SecretEntry=sensitive
 $ 
 ```
+
+## Vault-managed secrets
+
+```
+$ kubectl exec -it app-py-5db7d795db-qg5xn -- cat /vault/secrets/another_secret.txt
+Defaulted container "app-py" out of: app-py, vault-agent, vault-agent-init (init)
+data: map[value:sensitive2!]
+metadata: map[created_time:2024-04-12T13:15:12.335484444Z custom_metadata:<nil> deletion_time: destroyed:false version:1]
+$ kubectl exec -it app-py-5db7d795db-qg5xn -- df
+Defaulted container "app-py" out of: app-py, vault-agent, vault-agent-init (init)
+Filesystem           1K-blocks      Used Available Use% Mounted on
+overlay              171367696 130850160  31739760  80% /
+tmpfs                    65536         0     65536   0% /dev
+/dev/nvme0n1p5       171367696 130850160  31739760  80% /dev/termination-log
+tmpfs                 16211940         4  16211936   0% /vault/secrets
+/dev/nvme0n1p5       171367696 130850160  31739760  80% /etc/resolv.conf
+/dev/nvme0n1p5       171367696 130850160  31739760  80% /etc/hostname
+/dev/nvme0n1p5       171367696 130850160  31739760  80% /etc/hosts
+shm                      65536         0     65536   0% /dev/shm
+tmpfs                 16211940        12  16211928   0% /run/secrets/kubernetes.io/serviceaccount
+tmpfs                  8105968         0   8105968   0% /proc/asound
+tmpfs                  8105968         0   8105968   0% /proc/acpi
+tmpfs                    65536         0     65536   0% /proc/kcore
+tmpfs                    65536         0     65536   0% /proc/keys
+tmpfs                    65536         0     65536   0% /proc/timer_list
+tmpfs                  8105968         0   8105968   0% /proc/scsi
+tmpfs                  8105968         0   8105968   0% /sys/firmware
+$
+```
diff --git a/k8s/app-py/values.yaml b/k8s/app-py/values.yaml
@@ -15,9 +15,13 @@ serviceAccount:
   annotations: {}
   # The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
-  name: ""
+  name: "web-app"
 
-podAnnotations: {}
+podAnnotations:
+  git: keep
+  vault.hashicorp.com/agent-inject: 'true'
+  vault.hashicorp.com/role: 'web-app'
+  vault.hashicorp.com/agent-inject-secret-another_secret.txt: 'internal/data/another_secret'
 podLabels: {}
 
 podSecurityContext: {}