levis/help365
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
898b22bf327a06a47aa8f15de227f36853847009
help365/platform/install-vault.html
koziavin 898b22bf32 update help elma
2025-05-27 21:32:35 +04:00

326 lines
32 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en">
<head>
<title>Install HashiCorp Vault</title>
<meta name="generator" content="Help+Manual" />
<meta name="keywords" content="" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="HashiCorp Vault is an open-source tool that provides secure storage and encryption of confidential data, as well as access to data based on identity through customizable..." />
<meta name="picture" content="" />
<meta property="og:type" content="website" />
<meta property="og:title" content="Full documentation for BRIX365 platform. Low-code developer guide. User guide. Admin guide. Developer guide." />
<meta property="og:url" content="https://brix365.com/en/help" />
<meta property="og:image" content="" />
<link rel="icon" href="favicon.png" type="image/png" />
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet" />
<link rel="stylesheet" href="./jquery-ui.min.css" />
<link rel="stylesheet" href="default.css" />
<link rel="stylesheet" href="./search-yandex.css" />
<link rel="stylesheet" href="./article.css" />
<link rel="stylesheet" href="./glossary.css" />
<link rel="stylesheet" href="./theme.css" />
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="helpman_settings.js"></script>
<script type="text/javascript" src="helpman_topicinit.js"></script>
<script type="text/javascript" src="highlight.js"></script>
<script type="text/javascript">
$(document).ready(function(){highlight();});
</script>
</head>
<body>
<script>!function(e,t,c,n,r,a,m){e.ym=e.ym||function(){(e.ym.a=e.ym.a||[]).push(arguments)},e.ym.l=1*new Date;for(var s=0;s<document.scripts.length;s++)if(document.scripts[s].src===n)return;a=t.createElement(c),m=t.getElementsByTagName(c)[0],a.async=1,a.src=n,m.parentNode.insertBefore(a,m)}(window,document,"script","https://mc.yandex.ru/metrika/tag.js"),ym(83179930,"init",{clickmap:!0,trackLinks:!0,accurateTrackBounce:!0,webvisor:!0})</script><noscript><div><img alt=""src=https://mc.yandex.ru/watch/83179930 style=position:absolute;left:-9999px></div></noscript>
<header class="header elma-365">
<div class="container">
<a class="header__logo" href="https://brix365.com/en/help">
<img src="./logo-en.svg" alt="header logo">
</a>
<!-- <div class="hero__search-form" id="search-panel">
<form class="search-form" onsubmit="ym(83180416,'reachGoal','poisk')">
<label class="search-form__label">
<span id="reset-search" class="search__icon"></span>
<input class="search-form__input" type="text">
</label>
<input class="search-form__submit" type="submit" value="Submit">
</form>
</div> -->
<div class="hero__search-form" id="search-panel"> <form class="search-form"> <label class="search-form__label"> <span id="reset-search" class="search__icon"></span> <input class="search-form__input" type="text"> </label> <input class="search-form__submit" type="submit" value="Submit"> </form> </div>
<div class="hero__search">
<a href="#" id="search-icon" class="hero__search-icon">
<img src="search-icon-white.svg" alt="search string">
</a>
<a href="#" id="side-menu-icon" class="hero__side-icon">
<img src="side_menu.svg" alt="side menu">
</a>
</div>
<div class="header__navi">
<ul class="header__list"><li><span class="solution-select"><span class="solution-select__selected"></span><svg width="7" height="4" viewBox="0 0 7 4" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M1 1L3.5 3.5L6 1" stroke="white" stroke-linecap="round" stroke-linejoin="round"/></svg><ul class="solution-select__list"><li><a class="project-link" href="https://brix365.com/en/help/platform/get-trial.html">Platform</a></li><li><a class="project-link" href="https://brix365.com/en/help/ecm/ecm-functions.html">ECM</a></li><li><a class="project-link" href="https://brix365.com/en/help/crm/crm_overview.html">CRM</a></li><li><a class="project-link" href="https://brix365.com/en/help/service/service-functions.html">Service</a></li><li><a class="project-link" href="https://brix365.com/en/help/projects/projects-functions.html">Projects</a></li><li><a class="project-link" href="https://brix365.com/en/help/business_solutions/-elma365-store.html">Business Solutions</a></li></ul></span></li><li><a href="https://api.brix365.com/en/" target="_blank">API</a></li><li><a href="https://tssdk.brix365.com/" target="_blank">SDK</a></li></ul>
</div>
</div>
</header>
<main class="main container">
<aside class="sidebar" id="sidebar">
<div class="sidebar__header">
<a class="header__logo" href="https://brix365.com/en/help">
<img src="./logo-light-en.svg">
</a>
<span class="sidebar__close elma-365-close" id="close"></span>
</div>
<div class="sidebar__wrapper" id="side-menu">
</div>
</aside>
<article class="article" id="article">
<div class="article-inner">
<div class="content">
<header class="article__header">
<div class="article__bread" style="display:flex; gap:10px;">
<span id="subcategory" class="search-res__item-category search-res__item-category_subcategory subcategory article__badge"></span>
<div class="topic__breadcrumbs">
<p><a href="elma365-on-premises.html">BRIX On-Premises</a> &gt; <a href="elma365-enterprise.html">BRIX On-Premises Enterprise</a> &gt; Install add-on components for BRIX / Install HashiCorp Vault</p>
</div>
</div>
<div class="topic__title"><h1 class="p_Heading1"><span class="f_Heading1">Install HashiCorp Vault</span></h1>
</div>
</header>
<section class="article__content">
<div class="scroll-top-inner">
<a href="#h1-article" class="scroll-top"></a>
</div>
<!-- Placeholder for topic body. -->
<p class="p_Normal">HashiCorp Vault is an open-source tool that provides secure storage and encryption of confidential data, as well as access to data based on identity through customizable policies.</p>
<p class="p_Normal">The installation of HashiCorp Vault consists of the following steps:</p>
<ol style="list-style-type:decimal">
<li value="1" class="p_Normal"><a href="install-vault.html#install-config-file-vault" class="topiclink">Download the Helm chart and Vault configuration file</a>.</li><li value="2" class="p_Normal"><a href="install-vault.html#vault-parameters" class="topiclink">Fill out the Vault configuration file</a>.</li><li value="3" class="p_Normal"><a href="install-vault.html#install-vault" class="topiclink">Install Vault using Helm in a Kubernetes cluster</a>.</li><li value="4" class="p_Normal"><a href="install-vault.html#vault-settings" class="topiclink">Configure Vault</a>.</li></ol>
<h2 class="p_Heading2"><a id="install-config-file-vault" class="hmanchor"></a><span class="f_Heading2">Step 1: Download the Helm chart and Vault configuration file</span></h2>
<p class="p_Normal">To install via the internet, obtain the configuration file <code><b>values-vault.yaml</b></code> by running the command:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">helm&nbsp;repo&nbsp;add&nbsp;elma365&nbsp;https://charts.elma365.tech</span><br />
<span class="f_CodeExample">helm&nbsp;repo&nbsp;update</span><br />
<span class="f_CodeExample">helm&nbsp;show&nbsp;values&nbsp;elma365/vault&nbsp;&gt;&nbsp;values-vault.yaml</span></p>
<p class="p_Normal"><a class="dropdown-toggle" style="font-style: normal; font-weight: normal; color: #000000; background-color: transparent; text-decoration: none;" href="javascript:HMToggle('toggle','TOGGLE0186A1')">Obtaining the configuration file for installation in an isolated environment without internet access</a></p>
<div id="TOGGLE0186A1" class="dropdown-toggle-body" style="text-align: left; text-indent: 0; line-height: 1.80; padding: 0 0 0 0; margin: 0 0 0 0;"><table style="border:none; border-spacing:0;">
<tr>
<td style="vertical-align:top; padding:0; border:none"><ol style="list-style-type:decimal">
<li value="1" class="p_Normal" style="page-break-after: avoid;">On a computer with internet access, download the BRIX images and upload them to the local image registry by running the following command.:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid; page-break-after: avoid;"><span class="f_CodeExample">helm&nbsp;repo&nbsp;add&nbsp;elma365&nbsp;https://charts.elma365.tech</span><br />
<span class="f_CodeExample">helm&nbsp;repo&nbsp;update</span><br />
<span class="f_CodeExample">helm&nbsp;pull&nbsp;elma365/vault</span></p>
<p class="p_Normal" style="page-break-after: avoid;">&nbsp;<br />
To learn more, see <a href="downloadin-images-elma365.html" class="topiclink">Download BRIX imagaes</a>.</p>
<ol style="list-style-type:decimal">
<li value="2" class="p_Normal" style="page-break-after: avoid;">Copy the downloaded archive of the chart <span style="font-weight: bold;">vault-X.Y.Z.tgz</span> to the server where the installation will take place.</li><li value="3" class="p_Normal" style="page-break-after: avoid;">Unpack the chart and copy the default configuration file <code><b>values.yaml</b></code> to <code><b>values-vault.yaml</b></code>:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid; page-break-after: avoid;"><span class="f_CodeExample">tar&nbsp;-xf&nbsp;vault-X.Y.Z.tgz</span><br />
<span class="f_CodeExample">cp&nbsp;vault/values.yaml&nbsp;values-vault.yaml</span></p>
</td>
</tr>
</table>
</div>
<h2 class="p_Heading2"><a id="vault-parameters" class="hmanchor"></a><span class="f_Heading2">Step 2: Fill out the Vault configuration file</span></h2>
<p class="p_Normal">Fill out the configuration file <code><b>values-vault.yaml</b></code> to install the <span style="font-weight: bold;">Vault </span>service.</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">#&nbsp;Vault&nbsp;settings</span><br />
<span class="f_CodeExample">vault:</span><br />
<span class="f_CodeExample"> &nbsp;global:</span><br />
<span class="f_CodeExample">#&nbsp;if&nbsp;not&nbsp;defined,&nbsp;StorageClass&nbsp;is&nbsp;used&nbsp;by&nbsp;default</span><br />
<span class="f_CodeExample"> &nbsp;&nbsp;&nbsp;storageClass:&nbsp;&quot;&quot;</span><br />
<span class="f_CodeExample">...</span></p>
<p class="p_Normal"><a class="dropdown-toggle" style="font-style: normal; font-weight: normal; color: #000000; background-color: transparent; text-decoration: none;" href="javascript:HMToggle('toggle','TOGGLE0186A2')">Filling in the connection parameters for a private registry for installation in an isolated environment without internet access involves the following steps:</a></p>
<div id="TOGGLE0186A2" class="dropdown-toggle-body" style="text-align: left; text-indent: 0; line-height: 1.80; padding: 0 0 0 0; margin: 0 0 0 0;"><table style="border:none; border-spacing:0;">
<tr>
<td style="vertical-align:top; padding:0; border:none"><p class="p_Normal" style="page-break-after: avoid;">&nbsp;<br />
To connect to a private <span style="font-weight: bold;">registry</span>, you need to follow these steps:</p>
<ol style="list-style-type:decimal">
<li value="1" class="p_Normal" style="page-break-after: avoid;">Download the BRIX images and upload them to your local image registry. For more details, refer to the article <a href="downloadin-images-elma365.html" class="topiclink">Download BRIX images</a>.</li><li value="2" class="p_Normal" style="page-break-after: avoid;">Specify the address and path in the parameters <code><b>server.image.registry</b></code>, <code><b>server.image.repository</b></code>, <code><b>injector.image.registry</b></code> and <code><b>injector.image.repository</b></code>.</li><li value="3" class="p_Normal" style="page-break-after: avoid;">Specify the name of the secret with access rights to the private registry in the <code><b>imagePullSecrets</b></code> parameter. The secret must be manually created and encrypted in Base64.</li></ol>
<p class="p_CodeExample" style="white-space: normal; page-break-inside: auto; page-break-after: avoid;"><span class="f_CodeExample"># Vault settings</span><br />
<span class="f_CodeExample">vault:</span><br />
<span class="f_CodeExample">...</span><br />
<span class="f_CodeExample">  server:</span><br />
<span class="f_CodeExample"># Parameters for connecting to the private registry</span><br />
<span class="f_CodeExample">  &nbsp; image:</span><br />
<span class="f_CodeExample"># address and path for the private registry</span><br />
<span class="f_CodeExample">  &nbsp; &nbsp; registry: hub.elma365.tech</span><br />
<span class="f_CodeExample">  &nbsp; &nbsp; repository: docker/addons/bitnami/vault</span><br />
<span class="f_CodeExample">  &nbsp; &nbsp; tag: 1.17.5-debian-12-r0</span><br />
<span class="f_CodeExample"># The secret with access permissions to the private registry must be manually created and encrypted in Base64</span><br />
<span class="f_CodeExample">#  &nbsp; &nbsp; pullSecrets:</span><br />
<span class="f_CodeExample">#  &nbsp; &nbsp; &nbsp; - name: &quot;myRegistryKeySecretName&quot;</span><br />
<span class="f_CodeExample">  injector:</span><br />
<span class="f_CodeExample"># Parameters for connecting to the private registry</span><br />
<span class="f_CodeExample">  &nbsp; image:</span><br />
<span class="f_CodeExample"># address and path for the private registry</span><br />
<span class="f_CodeExample">  &nbsp; &nbsp; registry: hub.elma365.tech</span><br />
<span class="f_CodeExample">  &nbsp; &nbsp; repository: docker/addons/bitnami/vault-k8s</span><br />
<span class="f_CodeExample">  &nbsp; &nbsp; tag: 1.4.2-debian-12-r5</span><br />
<span class="f_CodeExample"># The secret with access permissions to the private registry must be manually created and encrypted in Base64</span><br />
<span class="f_CodeExample">#  &nbsp; &nbsp; pullSecrets:</span><br />
<span class="f_CodeExample">#  &nbsp; &nbsp; &nbsp; - name: &quot;myRegistryKeySecretName&quot;</span></p>
<p class="p_Normal" style="page-break-after: avoid;">Where: </p>
<ul style="list-style-type:disc">
<li class="p_Normal" style="page-break-after: avoid;"><span style="font-weight: bold;">registry </span>format is:<span style="font-weight: bold;"> </span>address <code><b>hub.elma365.tech</b></code>;</li><li class="p_Normal" style="page-break-after: avoid;"><span style="font-weight: bold;">repository </span>format is:<span style="font-weight: bold;"> </span>path <code><b>docker/addons/bitnami/vault, docker/addons/bitnami/vault-k8s</b></code>.</li></ul>
</td>
</tr>
</table>
</div>
<h2 class="p_Heading2"><a id="install-vault" class="hmanchor"></a><span class="f_Heading2">Step 3: Install Vault using Helm in a Kubernetes cluster</span></h2>
<p class="p_Normal">Perform the installation of the <span style="font-weight: bold;">Vault</span> service in a separate <code><b>namespace</b></code>, for example, <span style="font-weight: bold;">vault</span>. <code><b>Namespace</b></code> will be created during installation if it hasn't been created earlier.</p>
<p class="p_Normal">For installation with internet access, run the following command:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">helm&nbsp;upgrade&nbsp;--install&nbsp;vault&nbsp;elma365/vault&nbsp;-f&nbsp;values-vault.yaml&nbsp;-n&nbsp;vault&nbsp;--create-namespace</span></p>
<p class="p_Normal">For offline installation (without internet access), navigate to the directory with the downloaded service and run the following command:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">helm&nbsp;upgrade&nbsp;--install&nbsp;vault&nbsp;./vault&nbsp;-f&nbsp;values-vault.yaml&nbsp;-n&nbsp;vault&nbsp;--create-namespace</span></p>
<h2 class="p_Heading2"><a id="vault-settings" class="hmanchor"></a><span class="f_Heading2">Step 4: Configure Vault</span></h2>
<ol style="list-style-type:decimal">
<li value="1" class="p_Normal">Make sure that the satus of <code><b>vault-server-0</b></code> is <code><b>Running</b></code>:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl&nbsp;get&nbsp;pods&nbsp;-n&nbsp;vault </span></p>
<p class="p_Normal">2. Initialize <span style="font-weight: bold;">Vault</span>:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl&nbsp;exec&nbsp;-ti&nbsp;vault-server-0&nbsp;-n&nbsp;vault&nbsp;--&nbsp;vault&nbsp;operator&nbsp;init</span></p>
<p class="p_Normal">3. After initialization, retrieve the list of &nbsp;keys (<code><b>Unseal Key X:</b></code>) and the root token (<code><b>Initial Root Token</b></code>). Use three keys to unlock the <span style="font-weight: bold;">Vault</span> service:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl&nbsp;exec&nbsp;vault-server-0&nbsp;-n&nbsp;vault&nbsp;--&nbsp;vault&nbsp;operator&nbsp;unseal&nbsp;&lt;Unseal&nbsp;Key&nbsp;1&gt;</span><br />
<span class="f_CodeExample">kubectl&nbsp;exec&nbsp;vault-server-0&nbsp;-n&nbsp;vault&nbsp;--&nbsp;vault&nbsp;operator&nbsp;unseal&nbsp;&lt;Unseal&nbsp;Key&nbsp;2&gt;</span><br />
<span class="f_CodeExample">kubectl&nbsp;exec&nbsp;vault-server-0&nbsp;-n&nbsp;vault&nbsp;--&nbsp;vault&nbsp;operator&nbsp;unseal&nbsp;&lt;Unseal&nbsp;Key&nbsp;3&gt;&nbsp;</span></p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">Начало&nbsp;внимание</span></p>
<p class="p_Normal">If the <span style="font-weight: bold;">Vault</span> service restarts, it will need to be unsealed again using the keys.</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">Конец&nbsp;внимание</span></p>
<p class="p_Normal">4. After initialization and unsealing, connect to <code><b>vault-server-0</b></code> and authenticate in <span style="font-weight: bold;">Vault</span> using the root key (<code><b>Initial Root Token</b></code>):</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl&nbsp;exec&nbsp;-ti&nbsp;vault-server-0&nbsp;-n&nbsp;vault&nbsp;--&nbsp;/bin/sh</span><br />
<span class="f_CodeExample">vault&nbsp;login</span></p>
<p class="p_Normal">5. Check the service state:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault&nbsp;status&nbsp;&nbsp;&nbsp;</span></p>
<p class="p_Normal">6. Enable the secrets mechanism <code><b>kv-v2</b></code> on the path of <code><b>secret</b></code>:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault&nbsp;secrets&nbsp;enable&nbsp;-path=secret&nbsp;kv-v2&nbsp;&nbsp;</span></p>
<p class="p_Normal">7. Create a secret at the path <code><b>secret/elma365/db</b></code>. For the secret, use the actual connection strings for the database (<code><b>сonnection strings</b></code>) and parameters for connecting to the S3 file storage, following the pattern in <a href="installing-elma365-enterprise.html#config_file" class="topiclink">values-elma365.yaml</a>: <code><b>PSQL_URL</b></code>, <code><b>RO_POSTGRES_URL</b></code>, <code><b>MONGO_URL</b></code>, <code><b>VAHTER_MONGO_URL</b></code>, <code><b>REDIS_URL</b></code>, <code><b>AMQP_URL</b></code>, <code><b>S3_BACKEND_ADDRESS</b></code>, <code><b>S3_REGION</b></code>, <code><b>S3_KEY</b></code>, <code><b>S3_SECRET</b></code>, <code><b>S3_BUCKET</b></code>, <code><b>S3_SSL_ENABLED</b></code>, <code><b>S3_UPLOAD_METHOD</b></code>, <code><b>S3_DUMP_URL</b></code>, <code><b>S3_VIRTUAL_HOSTED_STYLE_ENABLED</b></code>. </p>
<p class="p_Normal">If a parameter, for example <code><b>RO_POSTGRES_URL</b></code> or <code><b>S3_DUMP_URL</b></code> is not used, create it with an empty value:</p>
<p class="p_CodeExample" style="white-space: normal; page-break-inside: auto; page-break-after: avoid;"><span class="f_CodeExample">vault kv put secret/elma365/db \</span><br />
<span class="f_CodeExample">PSQL_URL=&quot;postgresql://postgres:pgpassword@postgres.default.svc.cluster.local:5432/elma365?sslmode=disable&quot; \</span><br />
<span class="f_CodeExample">RO_POSTGRES_URL=&quot;&quot; \</span><br />
<span class="f_CodeExample">MONGO_URL=&quot;mongodb://elma365:mongopassword@mongo.default.svc.cluster.local:27017/elma365?ssl=false&amp;replicaSet=rs0&amp;readPreference=secondaryPreferred&quot; \</span><br />
<span class="f_CodeExample">VAHTER_MONGO_URL=&quot;mongodb://elma365:mongopassword@mongo.default.svc.cluster.local:27017/elma365?ssl=false&amp;replicaSet=rs0&amp;readPreference=secondaryPreferred&quot; \</span><br />
<span class="f_CodeExample">REDIS_URL=&quot;redis://redis.default.svc.cluster.local:6379/0&quot; \</span><br />
<span class="f_CodeExample">AMQP_URL=&quot;amqp://elma365:rmqpassword@rabbitmq.default.svc.cluster.local:5672/elma365&quot; \</span><br />
<span class="f_CodeExample">S3_BACKEND_ADDRESS=&quot;example.com&quot; \</span><br />
<span class="f_CodeExample">S3_REGION=&quot;us-east-1&quot; \</span><br />
<span class="f_CodeExample">S3_KEY=&quot;PZSF73JG72Ksd955JKU1HIA&quot; \</span><br />
<span class="f_CodeExample">S3_SECRET=&quot;aFDkj28Jbs2JKbnvJH678MNwiz88zKjsuNBHHs&quot; \</span><br />
<span class="f_CodeExample">S3_BUCKET=&quot;s3elma365&quot; \</span><br />
<span class="f_CodeExample">S3_SSL_ENABLED=&quot;false&quot; \</span><br />
<span class="f_CodeExample">S3_UPLOAD_METHOD=&quot;PUT&quot; \</span><br />
<span class="f_CodeExample">S3_DUMP_URL=&quot;&quot; \</span><br />
<span class="f_CodeExample">S3_VIRTUAL_HOSTED_STYLE_ENABLED=&quot;false&quot; </span> &nbsp;</p>
<p class="p_Normal">8. Make sure the secret is created at the path <code><b>secret/elma365/db</b></code>:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault&nbsp;kv&nbsp;get&nbsp;secret/elma365/db&nbsp;&nbsp;</span></p>
<p class="p_Normal">9. Enable the Kubernetes authentication method:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault&nbsp;auth&nbsp;enable&nbsp;kubernetes&nbsp;&nbsp;&nbsp;&nbsp;</span></p>
<p class="p_Normal">10. Configure the Kubernetes authentication method to use the Kubernetes API location:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault&nbsp;write&nbsp;auth/kubernetes/config&nbsp;\</span><br />
<span class="f_CodeExample">kubernetes_host=&quot;https://$KUBERNETES_PORT_443_TCP_ADDR:443&quot;</span></p>
<p class="p_Normal">11. Create a policy for reading secrets at the address <code><b>secret/data/elma365/db</b></code>:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault&nbsp;policy&nbsp;write&nbsp;read-secret-elma365&nbsp;-&nbsp;&lt;&lt;EOF</span><br />
<span class="f_CodeExample">path&nbsp;&quot;secret/data/elma365/db&quot;&nbsp;{</span><br />
<span class="f_CodeExample"> &nbsp;capabilities&nbsp;=&nbsp;[&quot;read&quot;]</span><br />
<span class="f_CodeExample">}</span><br />
<span class="f_CodeExample">EOF</span></p>
<p class="p_Normal">12. Create a role named <span style="font-weight: bold;">read-secret-elma365</span>, which links the <span style="font-weight: bold;">read-secret-elma365</span> policy to the <span style="font-weight: bold;">vault-auth</span> service account in the <code><b>namespace</b></code> where BRIX is installed (e.g., <span style="font-weight: bold;">elma365</span>). The service account is created with the following command:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault&nbsp;write&nbsp;auth/kubernetes/role/read-secret-elma365&nbsp;\</span><br />
<span class="f_CodeExample">bound_service_account_names=vault-auth&nbsp;\</span><br />
<span class="f_CodeExample">bound_service_account_namespaces=elma365&nbsp;\</span><br />
<span class="f_CodeExample">policies=read-secret-elma365&nbsp;\</span><br />
<span class="f_CodeExample">ttl=24h</span></p>
<p class="p_Normal">13. Exit <span style="font-weight: bold;">Vault</span>: </p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">exit</span></p>
<p class="p_Normal">14. Create the <span style="font-weight: bold;">vault-auth</span> service account in the <code><b>namespace</b></code> where BRIX is installed (e.g., <span style="font-weight: bold;">elma365</span>):</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl&nbsp;create&nbsp;serviceaccount&nbsp;vault-auth&nbsp;-n&nbsp;elma365</span></p>
<p class="p_Normal" style="page-break-after: avoid;">Secrets in the Kubernetes cluster can be synchronized using HashiCorp Vault with the External Secrets Operator. Read more in <a href="install-external-secrets-operator.html" class="topiclink">Install External Secrets Operator</a>.</p>
<h2 class="p_Heading2"><span class="f_Heading2">Remove Vault using Helm in the Kubernetes cluster</span></h2>
<p class="p_Normal">To uninstall the <span style="font-weight: bold;">Vault</span> service in the <span style="font-weight: bold;">vault</span> <code><b>namespace</b></code>, execute the command:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">helm&nbsp;uninstall&nbsp;vault&nbsp;-n&nbsp;vault</span></p>
<div class="bottom-nav">
<a id="prev-link" class="topic__navi_prev" href="install-longhorn.html">
<span class="bottom-nav__arrow bottom-nav__arrow--prev"></span> <span
class="bottom-nav__link">install-longhorn.html</span>
</a>
<a id="next-link" class="topic__navi_next" href="install-external-secrets-operator.html">
<span class="bottom-nav__link">install-external-secrets-operator.html</span> <span
class="bottom-nav__arrow bottom-nav__arrow--next"></span>
</a>
</div>
<!-- добавляет на страницу строку блок Была ли статья полезной? -->
<div class="feedback" id="feedback"><div class="feedback-help"><span><b>Was this helpful?</b></span><form action="" method="POST" class="feedback-form" id="feedback-form"><div class="feedback__popup feedback__popup-response" id="feedback__popup_thx" style="display: none;">Thanks for your feedback!</div><div class="feedback__popup" id="feedback__popup_why" style="display: none;"><div class="feedback__popup-header">Please specify why:</div><input type="radio" name="category" id="bad_recommendation" value="bad_recommendation"><label for="bad_recommendation">Recommendations did not help me</label><input type="radio" name="category" id="difficult_text" value="difficult_text"><label for="difficult_text">Article is hard to understand</label><input type="radio" name="category" id="no_answer" value="no_answer"><label for="no_answer">Didn`t answer my question</label><input type="radio" name="category" id="bad_header" value="bad_header"><label for="bad_header">Content does not match the topic</label><input type="radio" name="category" id="other_reason" value="other_reason"><label for="other_reason">Other</label></div><div class="feedback__popup" id="feedback__popup-other" style="display: none;"><div class="feedback__popup-header">How we can improve it?</div><textarea class="feedback__textarea" name="other" id=""></textarea><input type="submit" class="feedback__other-btn" value="Submit"></div><div class="feedback-form__btn-group"><input type="radio" name="useful" id="feedback__useful_yes" value="true"><label for="feedback__useful_yes"><img src="like.svg" class="small-img" alt="like"><spanclass="feedback-form__btn-group_yes-btn">Yes</spanclass="feedback-form__btn-group_yes-btn"></label><input type="radio" name="useful" id="feedback__useful_no" value="false"><label for="feedback__useful_no"><img src="dislike.svg" class="small-img" alt="dislike"><spanclass="feedback-form__btn-group_no-btn">No</spanclass="feedback-form__btn-group_no-btn"></label></div><select name="category"><option disabled="">Please specify why</option><option value="bad_recommendation" selected="">Recommendations did not help me</option><option value="difficult_text">Article is hard to understand</option><option value="no_answer">Didn`t answer my question</option><option value="bad_header">Content does not match the topic</option><option value="other_reason">Other</option></select><input type="submit"></form></div><div class="found_typo"><p style="margin: 0px; margin-top: 16px !important;"><span><b>Found a typo?</b></span> Select it and press <i>Ctrl+Enter</i> to send us feedback</p></div></div>
</section>
</div>
<aside class="article__sidebar" style="display:none">
<input type="checkbox" />
<div class="article__arrow"></div>
<div class="table-of-contents elma365-right" id="toc2Content">
<h3 class="h3-toc">In this topic</h3>
<nav id="toc2"></nav>
</div>
</aside>
</div>
</article>
</main>
<footer class="footer">
<div class="footer-container">
<div class="footer-mobile">
<ul class="footer-mobile__list"><li><a href="https://brix365.com/en/" target="_blank">BRIX</a></li><li><a href="https://tssdk.brix365.com/en/latest/" target="_blank">SDK</a></li><li><a href="https://api.brix365.com/en/" target="_blank">API</a></li></ul><ul class="footer-mobile__list"><li><a href="https://brix365.com/en/help/platform/get-trial.html">Platform</a></li><li><a href="https://brix365.com/en/help/ecm/ecm-functions.html">ECM</a></li><li><a href="https://brix365.com/en/help/service/service-functions.html">Service</a></li><li><a href="https://brix365.com/en/help/projects/projects-functions.html">Projects</a></li></ul>
</div>
<div class="footer-wrap">
<div><span class="mobile-question-popup">Send feedback</span><form method="POST" action class="question__popup question-xs" id="question__popup"><div class="question-wrap"><span class="close"></span><span class="title">Ask a question</span><label for="help_question" style="display: none;"></label><textarea name="help_question" id="help_question"></textarea><input type="submit" value="Send"></div></form><div class="hidden fade-in question-success-xs">Sent</div></div>
<div class="footer-flex-b">
<span class="footer-copy">&copy; 2025 BRIX</span>
<ul class="footer-list">
<li class="footer-item">
<a href="#" class="arrow-top" style="display: block;"></a>
</li>
</ul>
</div>
</div>
</div>
</footer>
<iframe name="hmnavigation" style="display:none!important"></iframe>
<script src="./jquery-ui.js"></script>
<!--script src="//cdn.jsdelivr.net/npm/featherlight@1.7.14/release/featherlight.min.js" type="text/javascript" charset="utf-8"></script-->
<script src="./jquery.tocify.min.js"></script>
<script src="./TypoReporter.min.js"></script>
<script src="./google-search.js"></script>
<script src="./main.js"></script>
<script type="text/javascript">
HMInitToggle('TOGGLE0186A1','hm.type','dropdown','hm.state','0');
HMInitToggle('TOGGLE0186A2','hm.type','dropdown','hm.state','0');
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink