Akeyless OpenShift plugin enables containerized applications to leverage static and dynamic secrets sourced from Akeyless Vault. This plugin leverages the OpenShift Mutating Admission Webhook to intercept and augment specifically annotated pod configuration for secrets injection using Init and Sidecar containers.
Applications need only concern themselves with finding a secret at a filesystem path, rather than managing tokens, connecting to an external API, or other mechanisms for direct interaction with secrets management system.
Sidecar container fetches secrets before an application starts, i.e. to be used by a web application that is using dynamic secrets to connect to a database with an expiring lease.
- You would need kubeconfig file in order to run kubectl with this cluster.
- Installing webhook (only once - per Akeyless account. values.yaml has access-id and access-key defined):
#install helm (run from /poc/kubernetes-webhook-akeyless-secrets) helm install --namespace akeyless vault-secrets-webhook helm-chart -f ./helm-chart/values.yaml
helm delete --namespace akeyless vault-secrets-webhook
# create pod with secrets as environment variables oc create -f examples/pod.yaml # create pod with secrets as files oc create -f examples/pod2.yaml
oc delete -f examples/pod.yaml oc delete -f examples/pod2.yaml
For practical use of the Kubernetes plugin follow the
How to: Provision Secret to your K8s guide
Updated 3 months ago