Главная Обзор Помощь
Вход
logic855
/
helm-external-secrets
зеркало из https://github.com/external-secrets/external-secrets
1
0
Ответвить 0
Файлы Задачи 0 Вики
Просмотр исходного кода

Deployed e4a6118e to main with MkDocs 1.2.3 and mike 1.1.2

Docs 3 лет назад
Родитель
5d64814e76
Сommit
e06b30c19d
3 измененных файлов с 12 добавлено и 7 удалено
Единый вид Показать статистику Diff
  1. 12 7
      main/provider/azure-key-vault/index.html
  2. 0 0
      main/search/search_index.json
  3. BIN
      main/sitemap.xml.gz

+ 12 - 7
main/provider/azure-key-vault/index.html
Просмотреть файл 

@@ -1813,14 +1813,19 @@ az keyvault set-policy --name kv-name-with-certs --object-id <span class="s2">&q
 
 <h4 id="managed-identity-authentication">Managed Identity authentication</h4>
 
 <h4 id="managed-identity-authentication">Managed Identity authentication</h4>
 
 <p>A Managed Identity should be created in Azure, and that Identity should have proper rights to the keyvault to be managed by the operator.</p>
 
 <p>A Managed Identity should be created in Azure, and that Identity should have proper rights to the keyvault to be managed by the operator.</p>
 
 <p>If there are multiple Managed Identitites for different keyvaults, the operator should have been assigned all identities via <a href="https://azure.github.io/aad-pod-identity/docs/">aad-pod-identity</a>, then the SecretStore configuration should include the Id of the idenetity to be used via the <code>identityId</code> field.</p>
 
 <p>If there are multiple Managed Identitites for different keyvaults, the operator should have been assigned all identities via <a href="https://azure.github.io/aad-pod-identity/docs/">aad-pod-identity</a>, then the SecretStore configuration should include the Id of the idenetity to be used via the <code>identityId</code> field.</p>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span><span class="w"></span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span><span class="w"></span>
 
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
 
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">azure-secret-sp</span><span class="w"></span>
 
-<span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Opaque</span><span class="w"></span>
 
-<span class="nt">data</span><span class="p">:</span><span class="w"></span>
 
-<span class="w">  </span><span class="nt">ClientID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">bXktc2VydmljZS1wcmluY2lwbGUtY2xpZW50LWlkCg==</span><span class="w">  </span><span class="c1">#service-principal-ID</span><span class="w"></span>
 
-<span class="w">  </span><span class="nt">ClientSecret</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">bXktc2VydmljZS1wcmluY2lwbGUtY2xpZW50LXNlY3JldAo=</span><span class="w"> </span><span class="c1">#service-principal-secret</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example-secret-store</span><span class="w"></span>
 
+<span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">    </span><span class="c1"># provider type: azure keyvault</span><span class="w"></span>
 
+<span class="w">    </span><span class="nt">azurekv</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">authType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ManagedIdentity</span><span class="w"></span>
 
+<span class="w">      </span><span class="c1"># Optionally set the Id of the Managed Identity, if multiple identities are assigned to external-secrets operator</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">identityId</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&lt;MI_clientId&gt;&quot;</span><span class="w"></span>
 
+<span class="w">      </span><span class="c1"># URL of your vault instance, see: https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">vaultUrl</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://my-keyvault-name.vault.azure.net&quot;</span><span class="w"></span>
 
 </code></pre></div>
 
 </code></pre></div>
 
 <h4 id="workload-identity">Workload Identity</h4>
 
 <h4 id="workload-identity">Workload Identity</h4>
 
 <p>You can use <a href="https://docs.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation">Azure AD Workload Identity Federation</a> to access Azure managed services like Key Vault <strong>without needing to manage secrets</strong>. You need to configure a trust relationship between your Kubernetes Cluster and Azure AD. This can be done in various ways, for instance using <code>terraform</code>, the Azure Portal or the <code>az</code> cli. We found the <a href="https://azure.github.io/azure-workload-identity/docs/installation/azwi.html">azwi</a> cli very helpful. The Azure <a href="https://azure.github.io/azure-workload-identity/docs/quick-start.html">Workload Identity Quick Start Guide</a> is also good place to get started.</p>
 
 <p>You can use <a href="https://docs.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation">Azure AD Workload Identity Federation</a> to access Azure managed services like Key Vault <strong>without needing to manage secrets</strong>. You need to configure a trust relationship between your Kubernetes Cluster and Azure AD. This can be done in various ways, for instance using <code>terraform</code>, the Azure Portal or the <code>az</code> cli. We found the <a href="https://azure.github.io/azure-workload-identity/docs/installation/azwi.html">azwi</a> cli very helpful. The Azure <a href="https://azure.github.io/azure-workload-identity/docs/quick-start.html">Workload Identity Quick Start Guide</a> is also good place to get started.</p>

Разница между файлами не показана из-за своего большого размера
+ 0 - 0
main/search/search_index.json


BIN
main/sitemap.xml.gz
Просмотреть файл


Некоторые файлы не были показаны из-за большого количества измененных файлов