Introduction
This guide describes how to integrate a Kubernetes cluster with KeyControl Secrets Vault.
Kubernetes is an open-source system that automates the deployment, management, and scaling of containerized applications. It makes it easy for developers to quickly build, launch, and scale container-based web applications in a public cloud environment.
This integration allows pulling secrets from a secrets vault in KeyControl Vault and mount them as either environment variables or as volume mounts in containers. It focuses on the way one can pull secrets into Kubernetes pods or containers using a KeyControl Secrets Vault. For other details on the vault, please refer to the Entrust KeyControl Vault (KCV) documentation.
Integration architecture
Kubernetes cluster
In this integration, a Kubernetes K3s cluster is deployed on a Red Hat Linux VM. Container images are used from a third-party cloud registry.
Container images
Two container images are created for the purpose of this integration to demonstrate how secrets can be pulled into a container from KeyControl Vault.
Two more images are deployed to support the integration. These images come from the PASM Vault Kubernetes Agent v1.0. They are available at https://github.com/EntrustCorporation/PASM-Vault-Kubernetes-Agent/releases.
Docker Registry
An external Docker registry is required. This is where the container images from the PASM Kubernetes agents will be stored and referenced by the Kubernetes containers when they are created.