This commit is contained in:
325
platform/install-vault.html
Normal file
325
platform/install-vault.html
Normal file
@ -0,0 +1,325 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
|
||||
<head>
|
||||
<title>Install HashiCorp Vault</title>
|
||||
<meta name="generator" content="Help+Manual" />
|
||||
<meta name="keywords" content="" />
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta name="description" content="HashiCorp Vault is an open-source tool that provides secure storage and encryption of confidential data, as well as access to data based on identity through customizable..." />
|
||||
<meta name="picture" content="" />
|
||||
<meta property="og:type" content="website" />
|
||||
<meta property="og:title" content="Full documentation for BRIX365 platform. Low-code developer guide. User guide. Admin guide. Developer guide." />
|
||||
<meta property="og:url" content="https://brix365.com/en/help" />
|
||||
<meta property="og:image" content="" />
|
||||
<link rel="icon" href="favicon.png" type="image/png" />
|
||||
|
||||
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet" />
|
||||
<link rel="stylesheet" href="./jquery-ui.min.css" />
|
||||
<link rel="stylesheet" href="default.css" />
|
||||
<link rel="stylesheet" href="./search-yandex.css" />
|
||||
<link rel="stylesheet" href="./article.css" />
|
||||
<link rel="stylesheet" href="./glossary.css" />
|
||||
<link rel="stylesheet" href="./theme.css" />
|
||||
<script type="text/javascript" src="jquery.js"></script>
|
||||
<script type="text/javascript" src="helpman_settings.js"></script>
|
||||
<script type="text/javascript" src="helpman_topicinit.js"></script>
|
||||
|
||||
<script type="text/javascript" src="highlight.js"></script>
|
||||
<script type="text/javascript">
|
||||
$(document).ready(function(){highlight();});
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
||||
<script>!function(e,t,c,n,r,a,m){e.ym=e.ym||function(){(e.ym.a=e.ym.a||[]).push(arguments)},e.ym.l=1*new Date;for(var s=0;s<document.scripts.length;s++)if(document.scripts[s].src===n)return;a=t.createElement(c),m=t.getElementsByTagName(c)[0],a.async=1,a.src=n,m.parentNode.insertBefore(a,m)}(window,document,"script","https://mc.yandex.ru/metrika/tag.js"),ym(83179930,"init",{clickmap:!0,trackLinks:!0,accurateTrackBounce:!0,webvisor:!0})</script><noscript><div><img alt=""src=https://mc.yandex.ru/watch/83179930 style=position:absolute;left:-9999px></div></noscript>
|
||||
|
||||
<header class="header elma-365">
|
||||
<div class="container">
|
||||
<a class="header__logo" href="https://brix365.com/en/help">
|
||||
<img src="./logo-en.svg" alt="header logo">
|
||||
</a>
|
||||
<!-- <div class="hero__search-form" id="search-panel">
|
||||
<form class="search-form" onsubmit="ym(83180416,'reachGoal','poisk')">
|
||||
<label class="search-form__label">
|
||||
<span id="reset-search" class="search__icon"></span>
|
||||
<input class="search-form__input" type="text">
|
||||
</label>
|
||||
<input class="search-form__submit" type="submit" value="Submit">
|
||||
</form>
|
||||
</div> -->
|
||||
|
||||
<div class="hero__search-form" id="search-panel"> <form class="search-form"> <label class="search-form__label"> <span id="reset-search" class="search__icon"></span> <input class="search-form__input" type="text"> </label> <input class="search-form__submit" type="submit" value="Submit"> </form> </div>
|
||||
<div class="hero__search">
|
||||
<a href="#" id="search-icon" class="hero__search-icon">
|
||||
<img src="search-icon-white.svg" alt="search string">
|
||||
</a>
|
||||
<a href="#" id="side-menu-icon" class="hero__side-icon">
|
||||
<img src="side_menu.svg" alt="side menu">
|
||||
</a>
|
||||
</div>
|
||||
<div class="header__navi">
|
||||
|
||||
<ul class="header__list"><li><span class="solution-select"><span class="solution-select__selected"></span><svg width="7" height="4" viewBox="0 0 7 4" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M1 1L3.5 3.5L6 1" stroke="white" stroke-linecap="round" stroke-linejoin="round"/></svg><ul class="solution-select__list"><li><a class="project-link" href="https://brix365.com/en/help/platform/get-trial.html">Platform</a></li><li><a class="project-link" href="https://brix365.com/en/help/ecm/ecm-functions.html">ECM</a></li><li><a class="project-link" href="https://brix365.com/en/help/crm/crm_overview.html">CRM</a></li><li><a class="project-link" href="https://brix365.com/en/help/service/service-functions.html">Service</a></li><li><a class="project-link" href="https://brix365.com/en/help/projects/projects-functions.html">Projects</a></li><li><a class="project-link" href="https://brix365.com/en/help/business_solutions/-elma365-store.html">Business Solutions</a></li></ul></span></li><li><a href="https://api.brix365.com/en/" target="_blank">API</a></li><li><a href="https://tssdk.brix365.com/" target="_blank">SDK</a></li></ul>
|
||||
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</header>
|
||||
|
||||
|
||||
|
||||
|
||||
<main class="main container">
|
||||
|
||||
<aside class="sidebar" id="sidebar">
|
||||
<div class="sidebar__header">
|
||||
<a class="header__logo" href="https://brix365.com/en/help">
|
||||
<img src="./logo-light-en.svg">
|
||||
</a>
|
||||
<span class="sidebar__close elma-365-close" id="close"></span>
|
||||
</div>
|
||||
<div class="sidebar__wrapper" id="side-menu">
|
||||
|
||||
</div>
|
||||
</aside>
|
||||
|
||||
<article class="article" id="article">
|
||||
<div class="article-inner">
|
||||
<div class="content">
|
||||
<header class="article__header">
|
||||
<div class="article__bread" style="display:flex; gap:10px;">
|
||||
<span id="subcategory" class="search-res__item-category search-res__item-category_subcategory subcategory article__badge"></span>
|
||||
|
||||
<div class="topic__breadcrumbs">
|
||||
<p><a href="elma365-on-premises.html">BRIX On-Premises</a> > <a href="elma365-enterprise.html">BRIX On-Premises Enterprise</a> > Install add-on components for BRIX / Install HashiCorp Vault</p>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<div class="topic__title"><h1 class="p_Heading1"><span class="f_Heading1">Install HashiCorp Vault</span></h1>
|
||||
</div>
|
||||
|
||||
</header>
|
||||
<section class="article__content">
|
||||
<div class="scroll-top-inner">
|
||||
<a href="#h1-article" class="scroll-top"></a>
|
||||
</div>
|
||||
<!-- Placeholder for topic body. -->
|
||||
<p class="p_Normal">HashiCorp Vault is an open-source tool that provides secure storage and encryption of confidential data, as well as access to data based on identity through customizable policies.</p>
|
||||
<p class="p_Normal">The installation of HashiCorp Vault consists of the following steps:</p>
|
||||
<ol style="list-style-type:decimal">
|
||||
<li value="1" class="p_Normal"><a href="install-vault.html#install-config-file-vault" class="topiclink">Download the Helm chart and Vault configuration file</a>.</li><li value="2" class="p_Normal"><a href="install-vault.html#vault-parameters" class="topiclink">Fill out the Vault configuration file</a>.</li><li value="3" class="p_Normal"><a href="install-vault.html#install-vault" class="topiclink">Install Vault using Helm in a Kubernetes cluster</a>.</li><li value="4" class="p_Normal"><a href="install-vault.html#vault-settings" class="topiclink">Configure Vault</a>.</li></ol>
|
||||
<h2 class="p_Heading2"><a id="install-config-file-vault" class="hmanchor"></a><span class="f_Heading2">Step 1: Download the Helm chart and Vault configuration file</span></h2>
|
||||
<p class="p_Normal">To install via the internet, obtain the configuration file <code><b>values-vault.yaml</b></code> by running the command:</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">helm repo add elma365 https://charts.elma365.tech</span><br />
|
||||
<span class="f_CodeExample">helm repo update</span><br />
|
||||
<span class="f_CodeExample">helm show values elma365/vault > values-vault.yaml</span></p>
|
||||
<p class="p_Normal"><a class="dropdown-toggle" style="font-style: normal; font-weight: normal; color: #000000; background-color: transparent; text-decoration: none;" href="javascript:HMToggle('toggle','TOGGLE0186A1')">Obtaining the configuration file for installation in an isolated environment without internet access</a></p>
|
||||
<div id="TOGGLE0186A1" class="dropdown-toggle-body" style="text-align: left; text-indent: 0; line-height: 1.80; padding: 0 0 0 0; margin: 0 0 0 0;"><table style="border:none; border-spacing:0;">
|
||||
<tr>
|
||||
<td style="vertical-align:top; padding:0; border:none"><ol style="list-style-type:decimal">
|
||||
<li value="1" class="p_Normal" style="page-break-after: avoid;">On a computer with internet access, download the BRIX images and upload them to the local image registry by running the following command.:</li></ol>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid; page-break-after: avoid;"><span class="f_CodeExample">helm repo add elma365 https://charts.elma365.tech</span><br />
|
||||
<span class="f_CodeExample">helm repo update</span><br />
|
||||
<span class="f_CodeExample">helm pull elma365/vault</span></p>
|
||||
<p class="p_Normal" style="page-break-after: avoid;"> <br />
|
||||
To learn more, see <a href="downloadin-images-elma365.html" class="topiclink">Download BRIX imagaes</a>.</p>
|
||||
<ol style="list-style-type:decimal">
|
||||
<li value="2" class="p_Normal" style="page-break-after: avoid;">Copy the downloaded archive of the chart <span style="font-weight: bold;">vault-X.Y.Z.tgz</span> to the server where the installation will take place.</li><li value="3" class="p_Normal" style="page-break-after: avoid;">Unpack the chart and copy the default configuration file <code><b>values.yaml</b></code> to <code><b>values-vault.yaml</b></code>:</li></ol>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid; page-break-after: avoid;"><span class="f_CodeExample">tar -xf vault-X.Y.Z.tgz</span><br />
|
||||
<span class="f_CodeExample">cp vault/values.yaml values-vault.yaml</span></p>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
<h2 class="p_Heading2"><a id="vault-parameters" class="hmanchor"></a><span class="f_Heading2">Step 2: Fill out the Vault configuration file</span></h2>
|
||||
<p class="p_Normal">Fill out the configuration file <code><b>values-vault.yaml</b></code> to install the <span style="font-weight: bold;">Vault </span>service.</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample"># Vault settings</span><br />
|
||||
<span class="f_CodeExample">vault:</span><br />
|
||||
<span class="f_CodeExample"> global:</span><br />
|
||||
<span class="f_CodeExample"># if not defined, StorageClass is used by default</span><br />
|
||||
<span class="f_CodeExample"> storageClass: ""</span><br />
|
||||
<span class="f_CodeExample">...</span></p>
|
||||
<p class="p_Normal"><a class="dropdown-toggle" style="font-style: normal; font-weight: normal; color: #000000; background-color: transparent; text-decoration: none;" href="javascript:HMToggle('toggle','TOGGLE0186A2')">Filling in the connection parameters for a private registry for installation in an isolated environment without internet access involves the following steps:</a></p>
|
||||
<div id="TOGGLE0186A2" class="dropdown-toggle-body" style="text-align: left; text-indent: 0; line-height: 1.80; padding: 0 0 0 0; margin: 0 0 0 0;"><table style="border:none; border-spacing:0;">
|
||||
<tr>
|
||||
<td style="vertical-align:top; padding:0; border:none"><p class="p_Normal" style="page-break-after: avoid;"> <br />
|
||||
To connect to a private <span style="font-weight: bold;">registry</span>, you need to follow these steps:</p>
|
||||
<ol style="list-style-type:decimal">
|
||||
<li value="1" class="p_Normal" style="page-break-after: avoid;">Download the BRIX images and upload them to your local image registry. For more details, refer to the article <a href="downloadin-images-elma365.html" class="topiclink">Download BRIX images</a>.</li><li value="2" class="p_Normal" style="page-break-after: avoid;">Specify the address and path in the parameters <code><b>server.image.registry</b></code>, <code><b>server.image.repository</b></code>, <code><b>injector.image.registry</b></code> and <code><b>injector.image.repository</b></code>.</li><li value="3" class="p_Normal" style="page-break-after: avoid;">Specify the name of the secret with access rights to the private registry in the <code><b>imagePullSecrets</b></code> parameter. The secret must be manually created and encrypted in Base64.</li></ol>
|
||||
<p class="p_CodeExample" style="white-space: normal; page-break-inside: auto; page-break-after: avoid;"><span class="f_CodeExample"># Vault settings</span><br />
|
||||
<span class="f_CodeExample">vault:</span><br />
|
||||
<span class="f_CodeExample">...</span><br />
|
||||
<span class="f_CodeExample"> server:</span><br />
|
||||
<span class="f_CodeExample"># Parameters for connecting to the private registry</span><br />
|
||||
<span class="f_CodeExample"> image:</span><br />
|
||||
<span class="f_CodeExample"># address and path for the private registry</span><br />
|
||||
<span class="f_CodeExample"> registry: hub.elma365.tech</span><br />
|
||||
<span class="f_CodeExample"> repository: docker/addons/bitnami/vault</span><br />
|
||||
<span class="f_CodeExample"> tag: 1.17.5-debian-12-r0</span><br />
|
||||
<span class="f_CodeExample"># The secret with access permissions to the private registry must be manually created and encrypted in Base64</span><br />
|
||||
<span class="f_CodeExample"># pullSecrets:</span><br />
|
||||
<span class="f_CodeExample"># - name: "myRegistryKeySecretName"</span><br />
|
||||
<span class="f_CodeExample"> injector:</span><br />
|
||||
<span class="f_CodeExample"># Parameters for connecting to the private registry</span><br />
|
||||
<span class="f_CodeExample"> image:</span><br />
|
||||
<span class="f_CodeExample"># address and path for the private registry</span><br />
|
||||
<span class="f_CodeExample"> registry: hub.elma365.tech</span><br />
|
||||
<span class="f_CodeExample"> repository: docker/addons/bitnami/vault-k8s</span><br />
|
||||
<span class="f_CodeExample"> tag: 1.4.2-debian-12-r5</span><br />
|
||||
<span class="f_CodeExample"># The secret with access permissions to the private registry must be manually created and encrypted in Base64</span><br />
|
||||
<span class="f_CodeExample"># pullSecrets:</span><br />
|
||||
<span class="f_CodeExample"># - name: "myRegistryKeySecretName"</span></p>
|
||||
<p class="p_Normal" style="page-break-after: avoid;">Where: </p>
|
||||
<ul style="list-style-type:disc">
|
||||
<li class="p_Normal" style="page-break-after: avoid;"><span style="font-weight: bold;">registry </span>format is:<span style="font-weight: bold;"> </span>address <code><b>hub.elma365.tech</b></code>;</li><li class="p_Normal" style="page-break-after: avoid;"><span style="font-weight: bold;">repository </span>format is:<span style="font-weight: bold;"> </span>path <code><b>docker/addons/bitnami/vault, docker/addons/bitnami/vault-k8s</b></code>.</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
<h2 class="p_Heading2"><a id="install-vault" class="hmanchor"></a><span class="f_Heading2">Step 3: Install Vault using Helm in a Kubernetes cluster</span></h2>
|
||||
<p class="p_Normal">Perform the installation of the <span style="font-weight: bold;">Vault</span> service in a separate <code><b>namespace</b></code>, for example, <span style="font-weight: bold;">vault</span>. <code><b>Namespace</b></code> will be created during installation if it hasn't been created earlier.</p>
|
||||
<p class="p_Normal">For installation with internet access, run the following command:</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">helm upgrade --install vault elma365/vault -f values-vault.yaml -n vault --create-namespace</span></p>
|
||||
<p class="p_Normal">For offline installation (without internet access), navigate to the directory with the downloaded service and run the following command:</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">helm upgrade --install vault ./vault -f values-vault.yaml -n vault --create-namespace</span></p>
|
||||
<h2 class="p_Heading2"><a id="vault-settings" class="hmanchor"></a><span class="f_Heading2">Step 4: Configure Vault</span></h2>
|
||||
<ol style="list-style-type:decimal">
|
||||
<li value="1" class="p_Normal">Make sure that the satus of <code><b>vault-server-0</b></code> is <code><b>Running</b></code>:</li></ol>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl get pods -n vault </span></p>
|
||||
<p class="p_Normal">2. Initialize <span style="font-weight: bold;">Vault</span>:</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl exec -ti vault-server-0 -n vault -- vault operator init</span></p>
|
||||
<p class="p_Normal">3. After initialization, retrieve the list of keys (<code><b>Unseal Key X:</b></code>) and the root token (<code><b>Initial Root Token</b></code>). Use three keys to unlock the <span style="font-weight: bold;">Vault</span> service:</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl exec vault-server-0 -n vault -- vault operator unseal <Unseal Key 1></span><br />
|
||||
<span class="f_CodeExample">kubectl exec vault-server-0 -n vault -- vault operator unseal <Unseal Key 2></span><br />
|
||||
<span class="f_CodeExample">kubectl exec vault-server-0 -n vault -- vault operator unseal <Unseal Key 3> </span></p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">Начало внимание</span></p>
|
||||
<p class="p_Normal">If the <span style="font-weight: bold;">Vault</span> service restarts, it will need to be unsealed again using the keys.</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">Конец внимание</span></p>
|
||||
<p class="p_Normal">4. After initialization and unsealing, connect to <code><b>vault-server-0</b></code> and authenticate in <span style="font-weight: bold;">Vault</span> using the root key (<code><b>Initial Root Token</b></code>):</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl exec -ti vault-server-0 -n vault -- /bin/sh</span><br />
|
||||
<span class="f_CodeExample">vault login</span></p>
|
||||
<p class="p_Normal">5. Check the service state:</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault status </span></p>
|
||||
<p class="p_Normal">6. Enable the secrets mechanism <code><b>kv-v2</b></code> on the path of <code><b>secret</b></code>:</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault secrets enable -path=secret kv-v2 </span></p>
|
||||
<p class="p_Normal">7. Create a secret at the path <code><b>secret/elma365/db</b></code>. For the secret, use the actual connection strings for the database (<code><b>сonnection strings</b></code>) and parameters for connecting to the S3 file storage, following the pattern in <a href="installing-elma365-enterprise.html#config_file" class="topiclink">values-elma365.yaml</a>: <code><b>PSQL_URL</b></code>, <code><b>RO_POSTGRES_URL</b></code>, <code><b>MONGO_URL</b></code>, <code><b>VAHTER_MONGO_URL</b></code>, <code><b>REDIS_URL</b></code>, <code><b>AMQP_URL</b></code>, <code><b>S3_BACKEND_ADDRESS</b></code>, <code><b>S3_REGION</b></code>, <code><b>S3_KEY</b></code>, <code><b>S3_SECRET</b></code>, <code><b>S3_BUCKET</b></code>, <code><b>S3_SSL_ENABLED</b></code>, <code><b>S3_UPLOAD_METHOD</b></code>, <code><b>S3_DUMP_URL</b></code>, <code><b>S3_VIRTUAL_HOSTED_STYLE_ENABLED</b></code>. </p>
|
||||
<p class="p_Normal">If a parameter, for example <code><b>RO_POSTGRES_URL</b></code> or <code><b>S3_DUMP_URL</b></code> is not used, create it with an empty value:</p>
|
||||
<p class="p_CodeExample" style="white-space: normal; page-break-inside: auto; page-break-after: avoid;"><span class="f_CodeExample">vault kv put secret/elma365/db \</span><br />
|
||||
<span class="f_CodeExample">PSQL_URL="postgresql://postgres:pgpassword@postgres.default.svc.cluster.local:5432/elma365?sslmode=disable" \</span><br />
|
||||
<span class="f_CodeExample">RO_POSTGRES_URL="" \</span><br />
|
||||
<span class="f_CodeExample">MONGO_URL="mongodb://elma365:mongopassword@mongo.default.svc.cluster.local:27017/elma365?ssl=false&replicaSet=rs0&readPreference=secondaryPreferred" \</span><br />
|
||||
<span class="f_CodeExample">VAHTER_MONGO_URL="mongodb://elma365:mongopassword@mongo.default.svc.cluster.local:27017/elma365?ssl=false&replicaSet=rs0&readPreference=secondaryPreferred" \</span><br />
|
||||
<span class="f_CodeExample">REDIS_URL="redis://redis.default.svc.cluster.local:6379/0" \</span><br />
|
||||
<span class="f_CodeExample">AMQP_URL="amqp://elma365:rmqpassword@rabbitmq.default.svc.cluster.local:5672/elma365" \</span><br />
|
||||
<span class="f_CodeExample">S3_BACKEND_ADDRESS="example.com" \</span><br />
|
||||
<span class="f_CodeExample">S3_REGION="us-east-1" \</span><br />
|
||||
<span class="f_CodeExample">S3_KEY="PZSF73JG72Ksd955JKU1HIA" \</span><br />
|
||||
<span class="f_CodeExample">S3_SECRET="aFDkj28Jbs2JKbnvJH678MNwiz88zKjsuNBHHs" \</span><br />
|
||||
<span class="f_CodeExample">S3_BUCKET="s3elma365" \</span><br />
|
||||
<span class="f_CodeExample">S3_SSL_ENABLED="false" \</span><br />
|
||||
<span class="f_CodeExample">S3_UPLOAD_METHOD="PUT" \</span><br />
|
||||
<span class="f_CodeExample">S3_DUMP_URL="" \</span><br />
|
||||
<span class="f_CodeExample">S3_VIRTUAL_HOSTED_STYLE_ENABLED="false" </span> </p>
|
||||
<p class="p_Normal">8. Make sure the secret is created at the path <code><b>secret/elma365/db</b></code>:</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault kv get secret/elma365/db </span></p>
|
||||
<p class="p_Normal">9. Enable the Kubernetes authentication method:</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault auth enable kubernetes </span></p>
|
||||
<p class="p_Normal">10. Configure the Kubernetes authentication method to use the Kubernetes API location:</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault write auth/kubernetes/config \</span><br />
|
||||
<span class="f_CodeExample">kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443"</span></p>
|
||||
<p class="p_Normal">11. Create a policy for reading secrets at the address <code><b>secret/data/elma365/db</b></code>:</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault policy write read-secret-elma365 - <<EOF</span><br />
|
||||
<span class="f_CodeExample">path "secret/data/elma365/db" {</span><br />
|
||||
<span class="f_CodeExample"> capabilities = ["read"]</span><br />
|
||||
<span class="f_CodeExample">}</span><br />
|
||||
<span class="f_CodeExample">EOF</span></p>
|
||||
<p class="p_Normal">12. Create a role named <span style="font-weight: bold;">read-secret-elma365</span>, which links the <span style="font-weight: bold;">read-secret-elma365</span> policy to the <span style="font-weight: bold;">vault-auth</span> service account in the <code><b>namespace</b></code> where BRIX is installed (e.g., <span style="font-weight: bold;">elma365</span>). The service account is created with the following command:</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault write auth/kubernetes/role/read-secret-elma365 \</span><br />
|
||||
<span class="f_CodeExample">bound_service_account_names=vault-auth \</span><br />
|
||||
<span class="f_CodeExample">bound_service_account_namespaces=elma365 \</span><br />
|
||||
<span class="f_CodeExample">policies=read-secret-elma365 \</span><br />
|
||||
<span class="f_CodeExample">ttl=24h</span></p>
|
||||
<p class="p_Normal">13. Exit <span style="font-weight: bold;">Vault</span>: </p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">exit</span></p>
|
||||
<p class="p_Normal">14. Create the <span style="font-weight: bold;">vault-auth</span> service account in the <code><b>namespace</b></code> where BRIX is installed (e.g., <span style="font-weight: bold;">elma365</span>):</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl create serviceaccount vault-auth -n elma365</span></p>
|
||||
<p class="p_Normal" style="page-break-after: avoid;">Secrets in the Kubernetes cluster can be synchronized using HashiCorp Vault with the External Secrets Operator. Read more in <a href="install-external-secrets-operator.html" class="topiclink">Install External Secrets Operator</a>.</p>
|
||||
<h2 class="p_Heading2"><span class="f_Heading2">Remove Vault using Helm in the Kubernetes cluster</span></h2>
|
||||
<p class="p_Normal">To uninstall the <span style="font-weight: bold;">Vault</span> service in the <span style="font-weight: bold;">vault</span> <code><b>namespace</b></code>, execute the command:</p>
|
||||
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">helm uninstall vault -n vault</span></p>
|
||||
|
||||
<div class="bottom-nav">
|
||||
|
||||
<a id="prev-link" class="topic__navi_prev" href="install-longhorn.html">
|
||||
<span class="bottom-nav__arrow bottom-nav__arrow--prev"></span> <span
|
||||
class="bottom-nav__link">install-longhorn.html</span>
|
||||
</a>
|
||||
|
||||
|
||||
<a id="next-link" class="topic__navi_next" href="install-external-secrets-operator.html">
|
||||
<span class="bottom-nav__link">install-external-secrets-operator.html</span> <span
|
||||
class="bottom-nav__arrow bottom-nav__arrow--next"></span>
|
||||
</a>
|
||||
|
||||
</div>
|
||||
<!-- добавляет на страницу строку блок Была ли статья полезной? -->
|
||||
<div class="feedback" id="feedback"><div class="feedback-help"><span><b>Was this helpful?</b></span><form action="" method="POST" class="feedback-form" id="feedback-form"><div class="feedback__popup feedback__popup-response" id="feedback__popup_thx" style="display: none;">Thanks for your feedback!</div><div class="feedback__popup" id="feedback__popup_why" style="display: none;"><div class="feedback__popup-header">Please specify why:</div><input type="radio" name="category" id="bad_recommendation" value="bad_recommendation"><label for="bad_recommendation">Recommendations did not help me</label><input type="radio" name="category" id="difficult_text" value="difficult_text"><label for="difficult_text">Article is hard to understand</label><input type="radio" name="category" id="no_answer" value="no_answer"><label for="no_answer">Didn`t answer my question</label><input type="radio" name="category" id="bad_header" value="bad_header"><label for="bad_header">Content does not match the topic</label><input type="radio" name="category" id="other_reason" value="other_reason"><label for="other_reason">Other</label></div><div class="feedback__popup" id="feedback__popup-other" style="display: none;"><div class="feedback__popup-header">How we can improve it?</div><textarea class="feedback__textarea" name="other" id=""></textarea><input type="submit" class="feedback__other-btn" value="Submit"></div><div class="feedback-form__btn-group"><input type="radio" name="useful" id="feedback__useful_yes" value="true"><label for="feedback__useful_yes"><img src="like.svg" class="small-img" alt="like"><spanclass="feedback-form__btn-group_yes-btn">Yes</spanclass="feedback-form__btn-group_yes-btn"></label><input type="radio" name="useful" id="feedback__useful_no" value="false"><label for="feedback__useful_no"><img src="dislike.svg" class="small-img" alt="dislike"><spanclass="feedback-form__btn-group_no-btn">No</spanclass="feedback-form__btn-group_no-btn"></label></div><select name="category"><option disabled="">Please specify why</option><option value="bad_recommendation" selected="">Recommendations did not help me</option><option value="difficult_text">Article is hard to understand</option><option value="no_answer">Didn`t answer my question</option><option value="bad_header">Content does not match the topic</option><option value="other_reason">Other</option></select><input type="submit"></form></div><div class="found_typo"><p style="margin: 0px; margin-top: 16px !important;"><span><b>Found a typo?</b></span> Select it and press <i>Ctrl+Enter</i> to send us feedback</p></div></div>
|
||||
|
||||
</section>
|
||||
</div>
|
||||
<aside class="article__sidebar" style="display:none">
|
||||
<input type="checkbox" />
|
||||
<div class="article__arrow"></div>
|
||||
<div class="table-of-contents elma365-right" id="toc2Content">
|
||||
<h3 class="h3-toc">In this topic</h3>
|
||||
<nav id="toc2"></nav>
|
||||
</div>
|
||||
</aside>
|
||||
</div>
|
||||
</article>
|
||||
</main>
|
||||
<footer class="footer">
|
||||
<div class="footer-container">
|
||||
<div class="footer-mobile">
|
||||
|
||||
<ul class="footer-mobile__list"><li><a href="https://brix365.com/en/" target="_blank">BRIX</a></li><li><a href="https://tssdk.brix365.com/en/latest/" target="_blank">SDK</a></li><li><a href="https://api.brix365.com/en/" target="_blank">API</a></li></ul><ul class="footer-mobile__list"><li><a href="https://brix365.com/en/help/platform/get-trial.html">Platform</a></li><li><a href="https://brix365.com/en/help/ecm/ecm-functions.html">ECM</a></li><li><a href="https://brix365.com/en/help/service/service-functions.html">Service</a></li><li><a href="https://brix365.com/en/help/projects/projects-functions.html">Projects</a></li></ul>
|
||||
|
||||
|
||||
</div>
|
||||
<div class="footer-wrap">
|
||||
|
||||
<div><span class="mobile-question-popup">Send feedback</span><form method="POST" action class="question__popup question-xs" id="question__popup"><div class="question-wrap"><span class="close"></span><span class="title">Ask a question</span><label for="help_question" style="display: none;"></label><textarea name="help_question" id="help_question"></textarea><input type="submit" value="Send"></div></form><div class="hidden fade-in question-success-xs">Sent</div></div>
|
||||
|
||||
<div class="footer-flex-b">
|
||||
<span class="footer-copy">© 2025 BRIX</span>
|
||||
<ul class="footer-list">
|
||||
|
||||
<li class="footer-item">
|
||||
<a href="#" class="arrow-top" style="display: block;"></a>
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</footer>
|
||||
<iframe name="hmnavigation" style="display:none!important"></iframe>
|
||||
<script src="./jquery-ui.js"></script>
|
||||
<!--script src="//cdn.jsdelivr.net/npm/featherlight@1.7.14/release/featherlight.min.js" type="text/javascript" charset="utf-8"></script-->
|
||||
<script src="./jquery.tocify.min.js"></script>
|
||||
<script src="./TypoReporter.min.js"></script>
|
||||
<script src="./google-search.js"></script>
|
||||
<script src="./main.js"></script>
|
||||
<script type="text/javascript">
|
||||
HMInitToggle('TOGGLE0186A1','hm.type','dropdown','hm.state','0');
|
||||
HMInitToggle('TOGGLE0186A2','hm.type','dropdown','hm.state','0');
|
||||
</script>
|
||||
</body>
|
||||
|
||||
</html>
|
Reference in New Issue
Block a user