Skip to content
This repository has been archived by the owner on Mar 27, 2019. It is now read-only.

Helm chart for vault-ui #149

Merged
merged 4 commits into from
Jul 25, 2017
Merged

Helm chart for vault-ui #149

merged 4 commits into from
Jul 25, 2017

Conversation

ipedrazas
Copy link
Contributor

Helm chart to deploy vault-ui into a kubernetes cluster

@ipedrazas ipedrazas changed the title chart import Helm chart for vault-ui Jul 19, 2017
@ipedrazas ipedrazas mentioned this pull request Jul 19, 2017
Copy link
Owner

@djenriquez djenriquez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @ipedrazas, sorry I haven't been able to review until now.

I don't know much about helm, but does it make sense to create a proper helm/ directory for these files?

@ipedrazas
Copy link
Contributor Author

Helm is the tool that you would use to install a chart, which is the "packaged" resources. That's why I created the chart directory.

https://github.com/kubernetes/helm
https://github.com/kubernetes/charts

@djenriquez
Copy link
Owner

Gotcha, I'm good with this. I'm not sure what standards are. Would it make sense to put it in a kubernetes/chart directory?

@ipedrazas
Copy link
Contributor Author

sure

@msessa msessa self-requested a review July 25, 2017 05:11
apiVersion: v1
description: A Helm chart for Kubernetes
name: vault-ui
version: 0.1.0
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we align the version and description here with the current vault-ui version number and summary?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Chart version and application version are 2 different things. Chart version indicates which set of resources the chart contains. Application version indicates the version of the runtime.

Happy to change the description, but I strongly advise not to sync app and chart version.

replicaCount: 1
image:
repository: djenriquez/vault-ui
tag: latest
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be latest? We use tagged images for production-ready releases

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

latest is a better default that a certain tag. When installing or upgrading the application, Helm provides different ways of setting or overriding these values.

The chart allows you to install the application, which version of the application you want to run it's a parameter that you can inject/override.

For example, you would run latest to test that the app does what you want, but if you want to run it in prod, you will run a certain tag.

Copy link
Owner

@djenriquez djenriquez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@djenriquez djenriquez merged commit 0df63db into djenriquez:master Jul 25, 2017
@beeyeas
Copy link

beeyeas commented Jul 25, 2017

Good work guys, appreciate it.
BTW, just wondering whats the use case? Why would someone run vault and vault-ui when kube have kube secrets on its own? I am i missing something?

@msessa
Copy link
Collaborator

msessa commented Jul 26, 2017

@beeyeas
Vault is a much more sophisticated system and has more applications than simple secure k/v store. You could for example use it as your own internal CA or you could use it to generate AWS IAM keys for your users and/or servers.

On a different note: Kubernetes secrets, up until v1.7.0, are far from secret :) They are written cleartext in etcd.

@beeyeas
Copy link

beeyeas commented Jul 26, 2017

@msessa , thanks for your reply.
I agree vault is powerful and functional.

Scary to know the fact that kube-secrets stores plain text in etcd.

conor-mullen added a commit to Financial-Times/vault-ui that referenced this pull request Jan 31, 2018
* ENTRYPOINT with CUSTOM_CA_CERT env var

* Replace HCL parsing library

* Helm chart for vault-ui (djenriquez#149)

* chart import

* README added

* added directory for better clarity

* fix chart description

* Upgrade base image to node:8.1.4-alpine (djenriquez#148)

* Upgrade base image to node:8.1.4-alpine

* fix invalid github endpoint var name

* fix invalid github endpoint var name (djenriquez#155)

* Upgrade base image to node:8.1.4-alpine

* fix invalid github endpoint var name

* Update Github.jsx

* Okta Authentication Backend (djenriquez#156)

* Add Okta resources

* Remove comments

* Add check for required org name

* allows for server port to be configured via env var PORT (djenriquez#162)

* Update PolicyPicker.jsx (djenriquez#169)

* Add login button (djenriquez#172)

* Add login button

* Improve validation

* AppRole Authentication Backend (djenriquez#171)

* Initial commit for approle auth

* Place role name field in new render

* Add property fields + fix create/update

* Complete base functionality

* Update README.md

* Fix README, clarify NODE_TLS_REJECT_UNAUTHORIZED

* Fix typo (djenriquez#176)

* Add ItemList Class (djenriquez#175)

* Introduce ItemList obj

* Upgrade base node image

* Add ItemList to AWS, clean up

* Add ItemList to AWSEc2, clean up

* Fix deleteobject logic

* Fix delete for AWS

* Fix delete for awsec2

* Add max items per page option

* Fix bug that randomly sets page

* Bug fixes + itemlist progress

* More bug fixes

* Cleanup and rename policypicker to itempicker

* Add ItemList to Radius

* Add ItemList to UserPass

* Refactor Secrets to use ItemList

* Fix styling

* Remove case insensitivity

* Clean up directory separator

* Fix delete regression

* Cleanup itemUri

* Breadcrumb Styles Improvement & "copy path" icon button (djenriquez#180)

* improving breadcrumb styles, adding copy path button

* improve spacing

* fix dash issue w/ breadcrumb

* Fix favicon (djenriquez#188)

* Update README.md

Add gitter badge

* Add itemlist to policy management (djenriquez#187)

* Update README.md

* Update LICENSE

* fixing behavior for ALL breaking characters

* Upgrade node to 8.5, remove deprecated MAINTAINER (djenriquez#193)

* clarifies expected value for VAULT_URL_DEFAULT (djenriquez#194)

Adds a notice to the description of the VAULT_URL_DEFAULT parameter explaining that the protocol part of the url is mandatory. This is a workaround for the unclear error message an user gets if it is missing

* Correct the dist reference for the electron app (djenriquez#199)

* Add KV compatibility (djenriquez#198)

* Maintenance: Upgrade packages (djenriquez#200)

* Upgrade dependencies

* Upgrade base node image

* Add stop propogation fix for upgrade bug

* Fix paging bug

* Upgrade react, react-dom, pagination

* Upgrade babel, webpack, extract-text-webpack-plugin; add prop-types in prep for React 16

* Update CHANGELOG

* Update version

* Squash big but easy bug for userpass (djenriquez#201)

* v2.4.0-rc2

* Fix secrets list reset (djenriquez#202)

* Fix navigation bug when access is denied (djenriquez#203)

* Fix path navigation when access is denied

* Cleanup fix

* Improve Vault endpoint check (djenriquez#204)

* empty catch statements don't resolve, breaking behavior if can't create orphan

* Improve styling (djenriquez#207)

* Improve real-estate

* Fix z-index for content container

* Fix scrolling (djenriquez#208)

* Improve real-estate

* Fix z-index for content container

* Fix styling /w @Lucretius help

* Fix right border with overflow enabled

* Reduce right margin

* v2.4.0-rc3

* Upgrade to node alpine-8.8 (djenriquez#218)

* Add logic to handle supplied auth token header (djenriquez#220)

* Fix policy schema (djenriquez#228)

* Add new vault properties

* Update policy schema

* Remove nodemon from default run (djenriquez#227)

* Updated yarn.lock after yarn build

* Updated packagaes

* Specify electron-builder version

* Updated electron to resolve critical vulnerability
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants