New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Readme improvements #7
Conversation
…EMP_TOKEN in the Readme document.
…debug output in the Readme document.
As an aside, this repo will likely be deprecated by the work in rancher/rancher#1269 |
Hi Bill :-) This secrets-bridge solution looks like the best approach to bringing together Rancher and Vault in order to inject secrets into Docker containers in a very secure way. There is this POF code that you wrote, so how can secrets-bridge be deprecated already when it's still the best architected solution out there, as far as I can tell, and the only one out there with actual code? I'd say that secrets-bridge can't officially be considered deprecated until there is at least actual code out there for the alternative "Rancher FlexVolume Secrets" solution. Also, I'm not sure I like the "Rancher FlexVolume Secrets" approach any better than secrets-bridge, since I like that secrets-bridge integrates with Vault. I'd like to continue contributing to this project until something else more real comes along. Is that ok? Do the Readme changes look ok? Do some specific commits look better for cherry-picking now than others? Thanks! |
* Make work with TLS production Vault setup (currently only works with a Dev Vault configuration). | ||
* Add support for K8s and Swarm | ||
* Add support for K8s and Swarm. | ||
* Cattle needs signature verification call. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I forgot to remove k8s. It works there now.
These changes look good, if you wouldn't mind removing the k8s from the todos I'll merge. |
@@ -3,29 +3,29 @@ | |||
### Status: Experimental POC (Read: Do NOT use for production) | |||
|
|||
#### To Dos: | |||
* Create catalog entry | |||
* Create catalog entry. | |||
* Make work with TLS production Vault setup (currently only works with a Dev Vault configuration). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This TLS line isn't needed anymore either. It should work with TLS now.
All set :-) |
@gsurbey not sure if you follow along with the dev of this thing, but lots of improvements have gone in on the k8s side. Also improved some logging/agent side code. Interested in feedback. This is still our stop gap solution, but to your point, I don't think anything else is doing this. There is new code, not integrated, where some additional eyes would be helpful. https://github.com/cloudnautique/secrets-api |
No description provided.