I'm doing an internship in Cloud/DevOps, and I'm having a bit of trouble testing Vault! I'm supposed to learn how to use it, and my idea was to create a secret, to store it in Vault, and then create a YAML that will pull the secret and use it. here's what I did :
1/ I created a secret using Vault : $ vault kv put secret/my-app my-username="username" my-password="password"
2/ I created a policy (read policy)
3/ I created a Kubernetes role (that I linked to the policy)
4/ I created a YAML file :
apiVersion: apps/v1
kind: Deployment
metadata:
name: test1
spec:
replicas: 1
selector:
matchLabels:
app: test1
template:
metadata:
labels:
app: test1
spec:
containers:
- name: test1
image: nginx:latest
env:
- name: MY_USERNAME
valueFrom:
secretKeyRef:
name: my-app
key: my-username
- name: MY_PASSWORD
valueFrom:
secretKeyRef:
name: my-app
key: my-password
Here are the problems I'm having :
When I launch the command : kubectl apply -f deploymentv1.yaml and then execute kubectl get pods, the pod that I created has the status : CreateContainerConfigError
Am I on the wrong path? Is it the correct way to do so to pull the infos from the Vault ?
I'm not getting the concept of policy/role. If it works fine like that, why should I add them, and how should I add them?
Thanks a lot in advance.
If you have any tutorials about this exact idea, I would also love to read them! Thanks a lot !
