![(please configure the [header_logo] section in trac.ini)](/chrome/site/your_project_logo.png){kind=logo}
Opened 8 months ago
Last modified 7 months ago
#122 closed enhancement
Setup OpenBao for k8s secrets — at Version 2
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Infrastructure | Keywords: | |
| Cc: | finn@… |
Description (last modified by )
This is a task to setup OpenBao in such a way that it can be easily used to access secrets in k8s. There are a number of outstanding questions to answer before this is applied to the live cluster:
- How do secrets get created?
- Generated random strings
- Human provided strings
- Web UI is supposed to be the answer here, but that doesnt seem to be available in the stock container images
- We can roll our own images for now
- Web UI is supposed to be the answer here, but that doesnt seem to be available in the stock container images
- Integrated external systems
- Keycloak OIDC client secret?
- How do pods read secrets?
- OpenBao Secrets Operator - is this any good?
- sidecar agent - seems resource intensive
- csi provider - seems limited, can't set envrionment variables
- external secrets operator yet another operator :/
Change History (2)
comment:1 by , 8 months ago
| Status: | assigned → accepted |
|---|
comment:2 by , 8 months ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.
