21b11b47d6
Completed review comments Minor abbreviation fix Moved topics into its own VNF Integration section Fixed abbreviations Re-organized Kubernetes topics Change-Id: I8940d3572b789990d3b5f2d201f8ec8a46ce2943 Signed-off-by: Keane Lim <keane.lim@windriver.com>
32 lines
1.2 KiB
ReStructuredText
32 lines
1.2 KiB
ReStructuredText
|
|
.. myx1596548399062
|
|
.. _kubernetes-user-tutorials-vault-overview:
|
|
|
|
==============
|
|
Vault Overview
|
|
==============
|
|
|
|
You can optionally integrate open source Vault secret management into the
|
|
|prod| solution. The Vault integration requires :abbr:`PVC (Persistent Volume
|
|
Claims)` as a storage backend to be enabled.
|
|
|
|
There are two methods for using Vault secrets with hosted applications:
|
|
|
|
.. _kubernetes-user-tutorials-vault-overview-ul-ekx-y4m-4mb:
|
|
|
|
#. Have the application be Vault Aware and retrieve secrets using the Vault
|
|
REST API. This method is used to allow an application write secrets to
|
|
Vault, provided the applicable policy gives write permission at the
|
|
specified Vault path. For more information, see
|
|
:ref:`Vault Aware <vault-aware>`.
|
|
|
|
#. Have the application be Vault Unaware and use the Vault Agent Injector to
|
|
make secrets available on the container filesystem. For more information,
|
|
see, :ref:`Vault Unaware <vault-unaware>`.
|
|
|
|
Both methods require appropriate roles, policies and auth methods to be
|
|
configured in Vault.
|
|
|
|
.. xreflink For more information, see |sec-doc|: :ref:`Vault Secret
|
|
and Data Management <security-vault-overview>`.
|