diff --git a/content/misc/secrets-store-csi/hashicorp-vault.md b/content/misc/secrets-store-csi/hashicorp-vault.md index cdf73dd03..746cfc4d0 100644 --- a/content/misc/secrets-store-csi/hashicorp-vault.md +++ b/content/misc/secrets-store-csi/hashicorp-vault.md @@ -2,9 +2,12 @@ date: '2021-08-18' title: Installing the HashiCorp Vault Secret CSI Driver aliases: ['/experts/security/secrets-store-csi/hashicorp-vault'] -tags: ["ROSA", "ARO", "OSD", "Miscellaneous"] +tags: ["ROSA", "ARO", "OSD"] authors: - Connor Wooley + - Kevin Collins + - Deepika Ranganathan +validated_version: "4.20" --- The HashiCorp Vault Secret CSI Driver allows you to access secrets stored in HashiCorp Vault as Kubernetes Volumes. @@ -47,19 +50,31 @@ The HashiCorp Vault Secret CSI Driver allows you to access secrets stored in Has 1. Create a values file for Helm to use ```bash - cat << EOF > values.yaml + export SCRATCH_DIR=~/tmp/vault + mkdir -p $SCRATCH_DIR + cat << EOF > "${SCRATCH_DIR}/values.yaml" global: openshift: true + csi: enabled: true + image: + repository: "docker.io/hashicorp/vault-csi-provider" + tag: "1.7.0" + agent: + image: + repository: "registry.connect.redhat.com/hashicorp/vault" + tag: "1.17.2-ubi" daemonSet: providersDir: /var/run/secrets-store-csi-providers + injector: enabled: false + server: image: repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.0-ubi" + tag: "1.17.2-ubi" dev: enabled: true EOF @@ -71,7 +86,7 @@ The HashiCorp Vault Secret CSI Driver allows you to access secrets stored in Has helm install -n hashicorp-vault vault \ hashicorp/vault --values values.yaml ``` - + 1. Patch the CSI daemonset > Currently the CSI has a bug in its manifest which we need to patch @@ -152,7 +167,7 @@ The HashiCorp Vault Secret CSI Driver allows you to access secrets stored in Has ```bash cat <