Skip to content

lomar92/vault-k8s-demo-python-mysql-webapp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
app
app
 
 
.gitignore
.gitignore
 
 
01_build_webapp_container.sh
01_build_webapp_container.sh
 
 
02_start_mysql.sh
02_start_mysql.sh
 
 
03_start_webapp_without_vault.sh
03_start_webapp_without_vault.sh
 
 
04_stop_webapp.sh
04_stop_webapp.sh
 
 
05_start_vault.sh
05_start_vault.sh
 
 
06_create_namespace.sh
06_create_namespace.sh
 
 
07_create_k8s_service_acc.sh
07_create_k8s_service_acc.sh
 
 
08_configure_k8s_auth_method.sh
08_configure_k8s_auth_method.sh
 
 
09_database_setup.sh
09_database_setup.sh
 
 
10_transit_setup.sh
10_transit_setup.sh
 
 
11_transform_ssn_setup.sh
11_transform_ssn_setup.sh
 
 
12_transform_ccn_setup.sh
12_transform_ccn_setup.sh
 
 
13_start_webapp_with_vault.sh
13_start_webapp_with_vault.sh
 
 
99.kill_all.sh
99.kill_all.sh
 
 
CRB-vault-auth-service-account.yaml
CRB-vault-auth-service-account.yaml
 
 
README.md
README.md
 
 
configmap.yaml
configmap.yaml
 
 
license.hclic
license.hclic
 
 
vault-auth-secret.yaml
vault-auth-secret.yaml
 
 
vault-helm-values.yaml
vault-helm-values.yaml
 
 
webapp-policy.hcl
webapp-policy.hcl
 
 
webapp-with-vault.yaml
webapp-with-vault.yaml
 
 
webapp.yaml
webapp.yaml
 
 

Repository files navigation

vault-k8s-demo-python-mysql-webapp

Based on https://github.com/kaparora/vault-k8s-demo-python-mysql-webapp & https://github.com/Sasano63/vault-k8s-demo-python-mysql-webapp with some updates included.

My test Env

  1. Docker Desktop v2.3.0.3 with k8s enabled
  2. Helm v3.2.1
  3. MacOS 13.2.1

Create Docker Image for your Demo. Change in app directory and push your image in docker hub. Change image in your configuration.

This is a bunch of shell scripts to test HashiCorp Vault K8S integration including secret injection. We use the k8s auth method, mysql db secret engine, dynamic secrets, transit and transform secret engine

This is tested on my Macbook with Docker desktop k8s All services are exposed using NodePort

In case you are using a remote k8s cluster you may need to make changes and update the VAULT_ADDR parameter to run the scripts locally

This demo works with Vault enterprise as we are using the transform secret engine. You must place the enterprise licesne in license.txt file

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages