search

aws-samples / eks-anywhere-addons

https://aws-samples.github.io/eks-anywhere-addons/
MIT No Attribution
21 stars 41 forks source link

Adding Hashicorp Vault as addon #21

Closed gautambaghel closed 1 year ago

gautambaghel commented 1 year ago

Issue #, if available:

Description of changes:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

shapirov103 commented 1 year ago

@gautambaghel I gave it a shot (before merging). I am getting the following error:

Normal   ReconciliationSucceeded  16m (x11 over 66m)  kustomize-controller  (combined from similar events): Reconciliation finished in 120.898824ms, next run in 5m0s                                                                                                                                                                                                            │
│   Warning  ReconciliationFailed     13m                 kustomize-controller  Pod/vault/vault-unseal dry-run failed, reason: Forbidden, error: pods "vault-unseal" is forbidden: error looking up service account vault/vault-unseal-sa: serviceaccount "vault-unseal-sa" not found                                                                                                │
│ Namespace/vault created                                                                                                                                                                                                                                                                                                                                                            │
│   Warning  ReconciliationFailed  82s (x3 over 11m)  kustomize-controller  Pod/vault/vault-unseal dry-run failed, reason: Forbidden, error: pods "vault-unseal" is forbidden: error looking up service account vault/vault-unseal-sa: serviceaccount "vault-unseal-sa" not found                                                                                                    │

I see the sa in the yaml file, however, it does not seem to have any effect (sa is not created). It could be related to general approach dealing with multi-doc yaml files in flux. Have you tried this with fluxcd on your end?

gautambaghel commented 1 year ago

@shapirov103 - I made a few more commits to this PR, just making sure you're using the latest commit?

https://github.com/aws-samples/eks-anywhere-addons/pull/21/commits/7cabae2a23f504268023230ce6340c277cd95437

I didn't actually deploy it via FluxCD now that I think about it, I simply did a

kubectl apply -f vault-unseal.yaml

Is that a problem?

gautambaghel commented 1 year ago

@shapirov103 I can separate out the individual YAMLs, hang on

elamaran11 commented 1 year ago

Approving the PR. Please add a tester job when you get a chance.