vault-on-gke - Run @HashiCorp Vault on Google Kubernetes Engine (GKE) with Terraform

  •        25

This tutorial walks through provisioning a highly-available HashiCorp Vault cluster on Google Kubernetes Engine using HashiCorp Terraform as the provisioning tool. This tutorial is based on Kelsey Hightower's Vault on Google Kubernetes Engine, but focuses on codifying the steps in Terraform instead of teaching you them individually. If you would like to know how to provision HashiCorp Vault on Kuberenetes step-by-step (aka "the hard way"), please follow Kelsey's repository instead.

https://github.com/sethvargo/vault-on-gke

Tags
Implementation
License
Platform

   




Related Projects

vault-operator - Run and manage Vault on Kubernetes simply and securely

  •    Go

The basic features have been completed, and while no breaking API changes are currently planned, the API can change in a backwards incompatible way before the project is declared stable. The Vault operator deploys and manages Vault clusters on Kubernetes. Vault instances created by the Vault operator are highly available and support automatic failover and upgrade.

kubernetes-vault - Use Vault to store secrets for Kubernetes!

  •    Go

The Kubernetes-Vault project allows pods to automatically receive a Vault token using Vault's AppRole auth backend.To run Kubernetes-Vault on your cluster, follow the quick start guide.

kubernetes-engine-samples - Sample applications for Google Kubernetes Engine (GKE)

  •    Go

This repository contains sample applications used in Google Kubernetes Engine tutorials.

vault-controller - Automate the creation of unique Vault tokens for Kubernetes Pods using init containers

  •    Go

The Vault Controller automates the creation of Vault tokens for Kubernetes Pods. This repo includes a set of hands-on tutorials and example programs you can use to try out the Vault Controller.This is a prototype. Do not use this in production.


voyager - ✈️️ Secure Ingress Controller for Kubernetes

  •    Go

Voyager is a HAProxy backed secure L7 and L4 ingress controller for Kubernetes developed by AppsCode. This can be used with any Kubernetes cloud providers including aws, gce, gke, azure, acs. This can also be used with bare metal Kubernetes clusters.Voyager provides L7 and L4 loadbalancing using a custom Kubernetes Ingress resource. This is built on top of the HAProxy to support high availability, sticky sessions, name and path-based virtual hosting. This also support configurable application ports with all the options available in a standard Kubernetes Ingress. Here is a complex ingress example that shows how various features can be used. You can find the generated HAProxy Configuration here.

kubestack - Manage Kubernetes with Packer and Terraform on Google Compute Engine.

  •    

Provision a Kubernetes cluster with Packer and Terraform on Google Compute Engine.Ready for testing. Over the next couple of weeks the repo should be generic enough for reuse with complete documentation.

envconsul - Launch a subprocess with environment variables using data from @HashiCorp Consul and Vault

  •    Go

Envconsul provides a convenient way to launch a subprocess with environment variables populated from HashiCorp Consul and Vault. The tool is inspired by envdir and envchain, but works on many major operating systems with no runtime requirements. It is also available via a Docker container for scheduled environments.Envconsul supports 12-factor applications which get their configuration via the environment. Environment variables are dynamically populated from Consul or Vault, but the application is unaware; applications just read environment variables. This enables extreme flexibility and portability for applications across systems.

kubespray - Deploy a Production Ready Kubernetes Cluster

  •    Python

probably pointing on a task depending on a module present in requirements.txt (i.e. "unseal vault"). One way of solving this would be to uninstall the Ansible package and then, to install it via pip but it is not always possible. A workaround consists of setting ANSIBLE_LIBRARY and ANSIBLE_MODULE_UTILS environment variables respectively to the ansible/modules and ansible/module_utils subdirectories of pip packages installation location, which can be found in the Location field of the output of pip show [package] before executing ansible-playbook.

hvac - :lock: Python 2/3 client for HashiCorp Vault

  •    Python

Tested against Vault v0.1.2 and HEAD. Requires v0.1.2 or later.if you would like to be able to return parsed HCL data as a Python dict for methods that support it.

node-keytar - Native Password Node Module

  •    C++

A native Node module to get, add, replace, and delete passwords in system's keychain. On macOS the passwords are managed by the Keychain, on Linux they are managed by the Secret Service API/libsecret, and on Windows they are managed by Credential Vault. Currently this library uses libsecret so you may need to install it before running npm install.

Okteto - A Tool for Cloud Native Developers

  •    Go

Kubernetes has made it very easy to deploy applications to the cloud at a higher scale than ever, but the development practices have not evolved at the same speed as application deployment patterns. Today, most developers try to either run parts of the infrastructure locally, or just test these integrations directly in the cluster via CI jobs or the "docker build, docker push, kubectl apply" cycle. It works, but this workflow is painful and incredibly slow.

tack - Terraform module for creating Kubernetes cluster running on Container Linux by CoreOS in an AWS VPC

  •    HCL

Opinionated Terraform module for creating a Highly Available Kubernetes cluster running on Container Linux by CoreOS (any channel) in an AWS Virtual Private Cloud VPC. With prerequisites installed make all will simply spin up a default cluster; and, since it is based on Terraform, customization is much easier than CloudFormation.The default configuration includes Kubernetes add-ons: DNS, Dashboard and UI.

consul-template - Template rendering, notifier, and supervisor for @HashiCorp Consul and Vault data.

  •    Go

This project provides a convenient way to populate values from Consul into the file system using the consul-template daemon.The daemon consul-template queries a Consul or Vault cluster and updates any number of specified templates on the file system. As an added bonus, it can optionally run arbitrary commands when the update process completes. Please see the examples folder for some scenarios where this functionality might prove useful.

buttercup-desktop - :key: Javascript Secrets Vault - Multi-Platform Desktop Application

  •    Javascript

Cross-platform, free and open-source password manager based on NodeJS. Buttercup is a password manager - an assistant for helping you store all of your login credentials. Buttercup helps you keep your accounts safe and assists you when you want to log in - all you need to do is remember just one password: your master password.

Vault - A tool for managing secrets

  •    Go

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Vault presents a unified API to access multiple backends: HSMs, AWS IAM, SQL databases, raw key/value, and more.

Vault - Vault of common API's for Bukkit Plugins

  •    Java

Vault is a Permissions & Economy API to allow plugins to more easily hook into these systems without needing to hook each individual system themselves. Vault currently supports the following: Permissions 3, PEX, GroupManager, bPerms, bPerms2, SimplyPerms, DroxPerms, zPermissions, rscPermissions, KPerms, Starburst, iConomy (4/5/6) BOSEconomy *6/7), EssentialsEcon, 3Co, MultiConomy, MineConomy, EconXP, eWallet, CurrencyCore, XPBank, CraftConomy, AEco, SDFEconomy, TAEcon, and OverPermissions

terraform-provider-kubernetes - Terraform Kubernetes provider

  •    Go

In order to prevent breaking changes and migration of user-created resources, resources included in this provider will be limited to v1 APIs and not alpha or beta. You can find v1 resources in the Kubernetes API documentation for the appropriate version of Kubernetes. If you wish to work on the provider, you'll first need Go installed on your machine (version 1.9+ is required). You'll also need to correctly setup a GOPATH, as well as adding $GOPATH/bin to your $PATH.