Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue #56: Adds vault-ui ingress #65

Conversation

SonOfLope
Copy link
Contributor

@SonOfLope SonOfLope commented Feb 26, 2024

We want to enable access to the vault-ui to enable the team to create secrets.

TODO before ready for merge:
- [ ] Find fix to enable vault config operator to have enough permissions to access and configure vault.

Preceding task will be done in another issue since its to provide automation of vault configuration but we have problems enabling the operator to have proper permissions on the cluster to interact with vault. Since this is not a priority we will open an issue.

@SonOfLope SonOfLope self-assigned this Feb 26, 2024
Copy link

@rngadam rngadam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice diagram!

Some of the filenames have inconsistent cases when we expect lowercase everywhere. Maybe an additional check to add to repo standards?

@SonOfLope
Copy link
Contributor Author

SonOfLope commented Mar 5, 2024

nice diagram!

Some of the filenames have inconsistent cases when we expect lowercase everywhere. Maybe an additional check to add to repo standards?

Updated file name and created reference issue ai-cfia/github-workflows#105

@rngadam
Copy link

rngadam commented Mar 6, 2024

Updated file name

I still see an uppercase PNG extension

@SonOfLope
Copy link
Contributor Author

Updated file name

I still see an uppercase PNG extension

done

@SonOfLope SonOfLope marked this pull request as ready for review March 8, 2024 18:36
@SonOfLope SonOfLope requested a review from rngadam March 8, 2024 18:40
@SonOfLope
Copy link
Contributor Author

remaining task should provide us the ability to operate vault through kubernetes manifest. Problem is I am having problems giving proper authentication to the operator to manage vault. Since this is not a priority, it will be done in another issue.

I also added the whitelisting source to allow access to vault only from vpn and internal.

Copy link
Member

@ThomasCardin ThomasCardin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@SonOfLope SonOfLope mentioned this pull request Mar 19, 2024
2 tasks
@SonOfLope
Copy link
Contributor Author

@rngadam We are having problems with our vault ui access since this pull request isn't merged. We have done fixing changes that would allow to fix these problems.

The vite mgiration for nachet introduces updates to secrets. Since we arent able to access vault currently, we wont be able to deploy the new version of nachet.

@@ -0,0 +1,101 @@
# Secret management
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Create follow issue to turn this into an ADR to review by team and security.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

capabilities = [ "create", "update", "delete" ]
}
---
apiVersion: redhatcop.redhat.io/v1alpha1
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

future issue: document and explain reliance on redhat.io

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

referenced in #99

@SonOfLope SonOfLope merged commit b47b6c1 into main Mar 21, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

As a developer, I would like an ingress to access the vault ui and configure secrets
3 participants