f63f0912c6
Fixed typo in LetsEncrypt example Removed duplicate Datanet entry from main index.rst Reworked Use Kubernetes CPU Manager Static Policy prerequisite block. Restored fault/index version of FM toctree in top-level index. Added merged doc entries to top level index.rst. Incorporated review comments. Also some generic formatting clean-up such as converting abbreviations to rST-style :abbr: markup. Moved url with embedded substitution out of code-block. Addressed patch 2 review comments. Some addtional rST tidying. See comment replies for open questions/issues. This patch fixes an issue with 'stx' in filenames that may differ downstream using-an-image-from-the-local-docker-registry-in-a-container-spec new substitution and changing code-blocks to parsed-literals as required. Initial submission for review. Note that a couple of references to WR persist in examples. These will be marked up with comments in the review. Signed-off-by: Stone <ronald.stone@windriver.com> Change-Id: I1efef569842caff5def9dc00395b594d91d7a5d0 Signed-off-by: Stone <ronald.stone@windriver.com>
1.2 KiB
1.2 KiB
Vault Overview
You can optionally integrate open source Vault secret management into
the solution. The Vault integration requires PVC (Persistent Volume
Claims) as a storage backend to be enabled.
There are two methods for using Vault secrets with hosted applications:
- Have the application be Vault Aware and retrieve secrets using the
Vault REST API. This method is used to allow an application write
secrets to Vault, provided the applicable policy gives write permission
at the specified Vault path. For more information, see
Vault Aware <vault-aware>. - Have the application be Vault Unaware and use the Vault Agent
Injector to make secrets available on the container filesystem. For more
information, see,
Vault Unaware <vault-unaware>.
Both methods require appropriate roles, policies and auth methods to be configured in Vault.