Add Vault offline installation #1371
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ar3ndt
approved these changes
Jun 17, 2020
ar3ndt
pushed a commit
to ar3ndt/epiphany
that referenced
this pull request
Jun 22, 2020
sk4zuzu
pushed a commit
to sk4zuzu/epiphany
that referenced
this pull request
Jun 22, 2020
ar3ndt
pushed a commit
that referenced
this pull request
Jun 22, 2020
erzetpe
added a commit
that referenced
this pull request
Jun 26, 2020
* Fix of configure-vault script * Move initialize vault to script, change unseal logic * Add checking if vault has been unsealed properly and turning kubernetes authentication automatically with kubernetes integration. * Add userpass authentication and default policies * Adding users to userpass authentication * Add user creation for userpass authentication * Add user creation for userpass authentication - ansible part * Fix issue when no users authenticating via userpass are added to vault * Add users section to default and setting log level for vault * Kubernetes configuration and integration * Fix issue with path to helm in configure-vault.sh script Add TODOs * Add TODO, create application service account for integration with kubernetes * Add TODO, add missing service account template for application authentication * Change location of log files * Change policy to expose configurable endpoints * Create policies folder for config, change vault secret variable name * Add setting to clean of token helper disable/enable * Change setting limits for core dumps, add flag to override existing users * Add parameters to override existing vault users in vault * Add Vault symlink to PATH accessible directory * Add timestamp and changed configure_vault log location Fix typo * Changes related to code review * Change name of function check_vault_error and add errors catching to kubectl invocations * Add option to unseal vault with script after restart, cosmetic change to configure-vault.sh * Add contidional option to unseal vault with script after restart, separate autounseal from autoconfiguration option Change counter naming in unseal-vault.sh script, change error handling Remove todos, run user creation only, when specified in Epiphany configuration, change default provisioner user name Fixes and additional logging * add tls support for vault * Add namespaces support, disable/enable ui, clean defaults file * Fixes to task names * fixes * Fix issues with starting service with UI turned off and config UI setting * Add Vault offline installation (#1371) * Fixes after code review * Change hardcoded policy files to templates * Fix issue with token path * Vault: Update shell scripts * Review: shell scripts * Rename certificate_generate.yml * Changes after review * vault audit empty list status code ignored * - Added vault for single machine installation. * fix offline vault helm installation * fix offline vault installation and custom values bug * vault: adding proper fix for the "new cluster problem" (#1384) * vault selfsigned cert parametrized in config * cault selfsigned cert set country US Co-authored-by: Tomasz Arendt <[email protected]> Co-authored-by: to-bar <[email protected]> Co-authored-by: Luuk van Venrooij <[email protected]> Co-authored-by: Michał Opala <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.