Vault Secrets Operator examples
The Operator project provides the following examples:
Using VaultStaticSecrets for imagePullSecrets
Vault Secret Operator supports Kubernetes' templating of Secrets based on their
Secret Type by setting the
Destination.Type field of the VaultStaticSecret. Users who have configured private container registries
can use the kubernetes.io/dockerconfigjson or kubernetes.io/dockerconfig types to appropriately format
a Kubernetes secret with the contents of their Vault KV Secret.
# Write the secret to Vault:$ vault kv put kvv2/docker/config .dockerconfigjson=`cat ~/.docker/config.json`# Apply a VaultStaticSecret which populates the k8s secret named 'myregistryKey' in the applications namespace# Note: this Secret uses the `default` VaultAuthMethod.apiVersion: secrets.hashicorp.com/v1beta1kind: VaultStaticSecretmetadata: namespace: awesomeapps name: vault-kv-appspec: type: kv-v2 mount: kvv2 path: docker/config # dest k8s secret destination: name: myregistryKey create: true type: "kubernetes.io/dockerconfigjson"---# Example pod from# https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-podapiVersion: v1kind: Podmetadata: name: foo namespace: awesomeappsspec: containers: - name: foo image: janedoe/awesomeapp:v1 imagePullSecrets: - name: myregistrykey