Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Readme improvements #7

Merged
merged 6 commits into from Sep 7, 2016
Merged

Readme improvements #7

merged 6 commits into from Sep 7, 2016

Conversation

gsurbey
Copy link
Contributor

@gsurbey gsurbey commented Aug 16, 2016

No description provided.

@cloudnautique
Copy link
Contributor

As an aside, this repo will likely be deprecated by the work in rancher/rancher#1269

@gsurbey
Copy link
Contributor Author

gsurbey commented Aug 31, 2016

Hi Bill :-) This secrets-bridge solution looks like the best approach to bringing together Rancher and Vault in order to inject secrets into Docker containers in a very secure way. There is this POF code that you wrote, so how can secrets-bridge be deprecated already when it's still the best architected solution out there, as far as I can tell, and the only one out there with actual code?

I'd say that secrets-bridge can't officially be considered deprecated until there is at least actual code out there for the alternative "Rancher FlexVolume Secrets" solution. Also, I'm not sure I like the "Rancher FlexVolume Secrets" approach any better than secrets-bridge, since I like that secrets-bridge integrates with Vault.

I'd like to continue contributing to this project until something else more real comes along. Is that ok? Do the Readme changes look ok? Do some specific commits look better for cherry-picking now than others?

Thanks!

cloudnautique
cloudnautique reviewed Sep 3, 2016
View reviewed changes
README.md
* Make work with TLS production Vault setup (currently only works with a Dev Vault configuration).
* Add support for K8s and Swarm
* Add support for K8s and Swarm.
* Cattle needs signature verification call.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I forgot to remove k8s. It works there now.

@cloudnautique
Copy link
Contributor

These changes look good, if you wouldn't mind removing the k8s from the todos I'll merge.

cloudnautique
cloudnautique reviewed Sep 3, 2016
View reviewed changes
README.md
@@ -3,29 +3,29 @@
### Status: Experimental POC (Read: Do NOT use for production)

#### To Dos:
* Create catalog entry
* Create catalog entry.
* Make work with TLS production Vault setup (currently only works with a Dev Vault configuration).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This TLS line isn't needed anymore either. It should work with TLS now.

@gsurbey
Copy link
Contributor Author

gsurbey commented Sep 6, 2016

All set :-)

@cloudnautique cloudnautique merged commit 987cc97 into rancher:master Sep 7, 2016
@cloudnautique
Copy link
Contributor

@gsurbey not sure if you follow along with the dev of this thing, but lots of improvements have gone in on the k8s side. Also improved some logging/agent side code. Interested in feedback. This is still our stop gap solution, but to your point, I don't think anything else is doing this.

There is new code, not integrated, where some additional eyes would be helpful. https://github.com/cloudnautique/secrets-api

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@gsurbey @cloudnautique