GaneshSPatil
commented
4 years ago Hi @Mark-McCracken - can you elaborate a bit more on the problem statement. From the description it was unclear to me which GoCD kubernetes plugin you're referring to? (GoCD has two Kubernetes plugins: Kubernetes Elastic Agents Plugin and Kubernetes Secrets Plugin) Also, when you say Setting up a secret in GoCD, do you mean, using Secret Management within GoCD, or setting up some secure configuration fields?
It would be a lot helpful if you can provide following information along with the issue summary:
- Issue Type
- Issue Description
- Basic environment details
- Steps to reproduce
- Expected Results
- Actual Results
- Possible Fix (if any)
You can refer to this issue template for providing information.
maheshp
A lot of users running their GoCD servers within kubernetes. Setting up a secret in GoCD involves choosing an auth method, which is currently either Token, AppRole or TLS. For simplicity of setup, it's a little tempting for admins to just put in the root token, which basically grants GoCD access to do anything in vault. For those users running GoCD on kubernetes, it would be simpler to select kubernetes auth. The plugin could then fetch the kubernetes service account token from the usual location (/var/run/secrets/kubernetes.io/serviceaccount/token). The user would simply need to configure the auth path (defaulting to auth/kubernetes) and role, and their access is done! This would be a lot simpler to set up, and doesn't require the user to do any further setup or AppRole or to go and fetch any sensitive credentials to paste in.