starlingx/docs
Code Issues Proposed changes
716f387f93
docs/doc/source/usertasks/kubernetes-user-tutorials-vault-overview.rst
Stone f63f0912c6 User Tasks guide 
Fixed typo in LetsEncrypt example

Removed duplicate Datanet entry from main index.rst

Reworked Use Kubernetes CPU Manager Static Policy prerequisite block.

Restored fault/index version of FM toctree in top-level index.

Added merged doc entries to top level index.rst.

Incorporated review comments. Also some generic formatting clean-up such as
converting abbreviations to rST-style :abbr: markup.

Moved url with embedded substitution out of code-block.

Addressed patch 2 review comments. Some addtional rST tidying. See comment replies
for open questions/issues.

This patch fixes an issue with 'stx' in filenames that may differ downstream using-an-image-from-the-local-docker-registry-in-a-container-spec
new substitution and changing code-blocks to parsed-literals as required.

Initial submission for review. Note that a couple of references to WR persist
in examples. These will be marked up with comments in the review.

Signed-off-by: Stone <ronald.stone@windriver.com>
Change-Id: I1efef569842caff5def9dc00395b594d91d7a5d0
Signed-off-by: Stone <ronald.stone@windriver.com>
2020-12-02 10:34:53 -05:00

32 lines
1.2 KiB
ReStructuredText
Raw Blame History

.. myx1596548399062
.. _kubernetes-user-tutorials-vault-overview:
==============
Vault Overview
==============
You can optionally integrate open source Vault secret management into the
|prod| solution. The Vault integration requires :abbr:`PVC (Persistent Volume
Claims)` as a storage backend to be enabled.
There are two methods for using Vault secrets with hosted applications:
.. _kubernetes-user-tutorials-vault-overview-ul-ekx-y4m-4mb:
#. Have the application be Vault Aware and retrieve secrets using the Vault
REST API. This method is used to allow an application write secrets to
Vault, provided the applicable policy gives write permission at the
specified Vault path. For more information, see
:ref:`Vault Aware <vault-aware>`.
#. Have the application be Vault Unaware and use the Vault Agent Injector to
make secrets available on the container filesystem. For more information,
see, :ref:`Vault Unaware <vault-unaware>`.
Both methods require appropriate roles, policies and auth methods to be
configured in Vault.
.. xreflink For more information, see |sec-doc|: :ref:`Vault Secret
and Data Management <security-vault-overview>`.
View Git Blame Copy Permalink