external Vault with multiple kubernetes clusters
1,013 views
Skip to first unread message
Tech S
Aug 4, 2020, 9:11:56 AM8/4/20
to Vault
Hi Team,
I am trying to Integrate Kubernetes Clusters with an External Vault.
currently following below link and I don't see any option to configure multiple kubernetes authentication for each k8s cluster.
Is there any way to integrate multiple k8s cluster with external vault ?
Eric Horst
Aug 4, 2020, 11:12:08 AM8/4/20
to vault...@googlegroups.com
Each cluster needs a kubernetes authentication method.
vault auth enable kubernetes -path=kubernetes/cluster1
vault auth enable kubernetes -path=kubernetes/cluster2
And then configure each one with the correct values.
--
In the coming weeks, inbound messages to this group will be disabled, and it will be used for outbound announcements only. To prepare for this switch, please direct questions and conversations to our primary medium to communicate with practitioners: https://discuss.hashicorp.com/c/vault/30. We look forward to collaborating with you there!
GitHub Issues: https://github.com/hashicorp/vault/issues
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/79e28694-cfc9-4f15-b943-792a0d2883fbn%40googlegroups.com.
Tech S
Aug 4, 2020, 11:55:45 AM8/4/20
to vault...@googlegroups.com
Thanks Eric. let me try it once.
Also, do you have any idea if the secrets will be automatically updated in pods soon after changing secrets in vault or will there be any time lag.
I am looking for changing static secrets on a monthly basis without any service disruption.
Thanks
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAF-To-2NGNv4%3DdS_WQZ0zZ%3D2LSCt7o_9FodZTnV6vXnyFyX2fw%40mail.gmail.com.
Eric Horst
Aug 4, 2020, 12:12:06 PM8/4/20
to vault...@googlegroups.com
You are talking about authentication right now. Vault does not synchronize secrets to kubernetes. You need to use something else to do that.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAMaVebD0-XzuN_OPUrwQoeghCPvFDsDWagGJZ9g_0XrxYtVacw%40mail.gmail.com.
Tech S
Aug 4, 2020, 12:30:42 PM8/4/20
to vault...@googlegroups.com
Thanks Eric. I am trying to achieve a similar thing and integrate K8s clusters with external Vault.
I am following this link https://learn.hashicorp.com/vault/kubernetes/external-vault#configure-kubernetes-authentication
and setting up auth is one of the steps here. Now I am now clear on setting up K8s auth for multiple clusters and have a follow up question about time to synchronise secret using sidecar.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAF-To-3JMcr3gLgj8xCCWeZ7Jf%2BBp%2BewvKufVDubcM%2BRn_E80A%40mail.gmail.com.
Alexandra Freeman
Aug 20, 2020, 9:31:47 AM8/20/20
to Vault
Hello and thank you for your email!
On June 3, 2019 HashiCorp launched Discuss, a forum to facilitate dialogue within the HashiCorp community. This format allows answers to be more readily searched and indexed, making it easier to find answers to existing questions and to share knowledge with each other.
The HashiCorp team will be shifting to interact with practitioners on the forum, and we will be phasing out the Google Groups; soon we will disable incoming messages, and use this group for outbound announcements only.
To prepare for this switch, please direct questions and conversations to the Vault discussion forum. We look forward to collaborating with you there!
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/79e28694-cfc9-4f15-b943-792a0d2883fbn%40googlegroups.com.
--
In the coming weeks, inbound messages to this group will be disabled, and it will be used for outbound announcements only. To prepare for this switch, please direct questions and conversations to our primary medium to communicate with practitioners: https://discuss.hashicorp.com/c/vault/30. We look forward to collaborating with you there!
GitHub Issues: https://github.com/hashicorp/vault/issues
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAF-To-2NGNv4%3DdS_WQZ0zZ%3D2LSCt7o_9FodZTnV6vXnyFyX2fw%40mail.gmail.com.
--
In the coming weeks, inbound messages to this group will be disabled, and it will be used for outbound announcements only. To prepare for this switch, please direct questions and conversations to our primary medium to communicate with practitioners: https://discuss.hashicorp.com/c/vault/30. We look forward to collaborating with you there!
GitHub Issues: https://github.com/hashicorp/vault/issues
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAMaVebD0-XzuN_OPUrwQoeghCPvFDsDWagGJZ9g_0XrxYtVacw%40mail.gmail.com.
--
In the coming weeks, inbound messages to this group will be disabled, and it will be used for outbound announcements only. To prepare for this switch, please direct questions and conversations to our primary medium to communicate with practitioners: https://discuss.hashicorp.com/c/vault/30. We look forward to collaborating with you there!
GitHub Issues: https://github.com/hashicorp/vault/issues
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages