The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.

Documentation

OpenShift Plugin

Introduction

Akeyless OpenShift plugin enables containerized applications to leverage static and dynamic secrets sourced from Akeyless Vault. This plugin leverages the OpenShift Mutating Admission Webhook to intercept and augment specifically annotated pod configuration for secrets injection using Init and Sidecar containers.

Applications need only concern themselves with finding a secret at a filesystem path, rather than managing tokens, connecting to an external API, or other mechanisms for direct interaction with secrets management system.

Sidecar container fetches secrets before an application starts, i.e. to be used by a web application that is using dynamic secrets to connect to a database with an expiring lease.

Prerequisites

  1. You would need kubeconfig file in order to run kubectl with this cluster.
  2. Installing webhook (only once - per Akeyless account. values.yaml has access-id and access-key defined):
#install helm (run from /poc/kubernetes-webhook-akeyless-secrets)
helm install --namespace akeyless vault-secrets-webhook helm-chart -f ./helm-chart/values.yaml

Removing webhook

helm delete --namespace akeyless vault-secrets-webhook

Create pod with secrets

# create pod with secrets as environment variables
oc create -f examples/pod.yaml
# create pod with secrets as files
oc create -f examples/pod2.yaml

Removing pods

oc delete -f examples/pod.yaml
oc delete -f examples/pod2.yaml

For practical use of the Kubernetes plugin follow the
How to: Provision Secret to your K8s guide

Updated 3 months ago

OpenShift Plugin


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.