README
¶
Azure Key Vault to Kubernetes
Azure Key Vault to Kubernetes (akv2k8s) makes Azure Key Vault secrets, certificates and keys available to your applications in Kubernetes, in a simple and secure way.
Documentation available at https://akv2k8s.io. Join our Slack Workspace to ask questions to the akv2k8s community.
Please spare one minute to take our survey: https://www.surveymonkey.com/r/HMFZVYR. Why? We have no ide how many are using Akv2k8s, except through user interaction here on GitHub. More importantly - what can we do to make Akv2k8s even better?
Overview
Azure Key Vault to Kubernetes (akv2k8s) will make Azure Key Vault objects available to Kubernetes in two ways:
- As native Kubernetes
Secrets - As environment variables directly injected into your Container application
The Azure Key Vault Controller (Controller for short) is responsible for synchronizing Secrets, Certificates and Keys from Azure Key Vault to native Secret's in Kubernetes.
The Azure Key Vault Env Injector (Env Injector for short) is responsible for transparently injecting Azure Key Vault secrets as environment variables into Container applications, without touching disk or expose the actual secret to Kubernetes.
Goals
Goals for this project was:
- Avoid a direct program dependency on Azure Key Vault for getting secrets, and adhere to the 12 Factor App principle for configuration (https://12factor.net/config)
- Make it simple, secure and low risk to transfer Azure Key Vault secrets into Kubernetes as native Kubernetes secrets
- Securely and transparently be able to inject Azure Key Vault secrets as environment variables to applications, without having to use native Kubernetes secrets
All of these goals are met.
Installation
For installation instructions, see documentation at https://akv2k8s.io/installation/
Credits
Credit goes to Banzai Cloud for coming up with the original idea of environment injection for their bank-vaults solution, which they use to inject Hashicorp Vault secrets into Pods.
Contributing
Development of Azure Key Vault for Kubernetes happens in the open on GitHub, and encourage users to:
- Send a pull request with
- any security issues found and fixed
- your new features and bug fixes
- updates and improvements to the documentation
- Report issues on security or other issues you have come across
- Help new users with issues they may encounter
- Support the development of this project and star this repo!
Sparebanken Vest has adopted a Code of Conduct that we expect project participants to adhere to. Please read the full text so that you can understand what actions will and will not be tolerated.
Azure Key Vault to Kubernetes is licensed under Apache License 2.0.
Contribute to the Documentation
The documentation is located in a seperate repository at https://github.com/SparebankenVest/akv2k8s-website. We're using Gatsby + MDX (Markdown + JSX) to generate static docs for https://akv2k8s.io.
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
pkg
|
|
|
k8s/apis/azurekeyvault/v1
Package v1 is the v1 version of the API.
|
Package v1 is the v1 version of the API. |
|
k8s/apis/azurekeyvault/v1alpha1
Package v1 is the v1 version of the API.
|
Package v1 is the v1 version of the API. |
|
k8s/apis/azurekeyvault/v2alpha1
Package v2alpha1 is the v2alpha1 version of the API.
|
Package v2alpha1 is the v2alpha1 version of the API. |
|
k8s/apis/azurekeyvault/v2beta1
Package v1 is the v1 version of the API.
|
Package v1 is the v1 version of the API. |
|
k8s/client/clientset/versioned
This package has the automatically generated clientset.
|
This package has the automatically generated clientset. |
|
k8s/client/clientset/versioned/fake
This package has the automatically generated fake clientset.
|
This package has the automatically generated fake clientset. |
|
k8s/client/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
|
This package contains the scheme of the automatically generated clientset. |
|
k8s/client/clientset/versioned/typed/azurekeyvault/v1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
|
k8s/client/clientset/versioned/typed/azurekeyvault/v1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
|
k8s/client/clientset/versioned/typed/azurekeyvault/v1alpha1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
|
k8s/client/clientset/versioned/typed/azurekeyvault/v1alpha1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
|
k8s/client/clientset/versioned/typed/azurekeyvault/v2alpha1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
|
k8s/client/clientset/versioned/typed/azurekeyvault/v2alpha1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
|
k8s/client/clientset/versioned/typed/azurekeyvault/v2beta1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
|
k8s/client/clientset/versioned/typed/azurekeyvault/v2beta1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |