Running Vault with Kubernetes can be done differently based on the environments and needs, whether you’re running Vault side-by-side or within Kubernetes. The goal is to provide a variety of options around how to leverage Vault and Kubernetes to securely introduce secrets into applications and infrastructure.
Integrate a Kubernetes Cluster with an External Vault
In this guide, you will run Vault locally, start a Kubernetes cluster with Minikube, deploy an application that retrieves secrets from this Vault, and configure an injector only deployment to inject secrets into the pods from this Vault.
Injecting Secrets into Kubernetes Pods via Vault Helm Sidecar
In this guide, you setup Vault and this injector service with the Vault Helm chart. Then deploy several applications to demonstrate how this new injector service retrieves and writes these secrets for the applications use.
In this guide, you will setup Vault and its dependencies with a Helm chart. Then integrate a web application that uses the Kubernetes service account token to authenticate with Vault and retrieve a secret.
The kubernetes auth method can be used to authenticate with Vault using a Kubernetes Service Account Token. This method of authentication makes it easy to introduce a Vault token into a Kubernetes Pod.