Closed empiricaldevops closed 5 years ago
@Ramk22 Please take a look at #64. Let me know how this works for you.
Here is a working example
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: <servicename>
namespace: <namespace>
spec:
replicas: 2
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
minReadySeconds: 5
template:
metadata:
labels:
app: myappname
aadpodidbinding: <selector mentioned in your AzureIdentityBinding>
namespace: <namespace>
spec:
containers:
- name: <anyname>
image: <reference-to-image>
imagePullPolicy: Always
# mount the volume created below from key-vault flexvolume driver
volumeMounts:
- name: test
mountPath: /etc/kvmnt
readOnly: true
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
resources:
requests:
cpu: 100m
limits:
cpu: 200m
volumes:
- name: test
flexVolume:
driver: "azure/kv"
options:
usepodidentity: "true" # [OPTIONAL] if not provided, will default to "false"
keyvaultname: "<keyvaultname>" # the name of the KeyVault
keyvaultobjectnames: "secret1;secret2" # list of KeyVault object names (semi-colon separated)
keyvaultobjecttypes: "secret;secret" # list of KeyVault object types: secret, key or cert (semi-colon separated)
keyvaultobjectversions: "47b45e##5d6###ae75####ddcf6;3c6c##########f0009693bee;" # [OPTIONAL] list of KeyVault object versions (semi-colon separated), will get latest if empty
resourcegroup: "<key vault resourcegroup name>" # the resource group of the KeyVault
subscriptionid: "########-####-####-####-############" # the subscription ID of the KeyVault
tenantid: "########-####-####-####-############"
Hope this helps
@ritazh That worked. Thank you.
I could get this working on a pod. But how can I use it in a deployment, where I will have multiple pods spread across nodes. Each pod has to access the volume that contains the key.
Is there any alternate solution for such a scenario?
Thanks