-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: clarify requirement to explicitly specify storage class for vault on rke2 (PAC-829) #1733
Conversation
✅ Deploy Preview for docs-spectrocloud ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lennessyy and I had a conversation about the changes and how to go about exposing this challenge in a manner that helps out from a long-term perspective.
…cloud/librarium into vault-rke2-storage-class
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great refactor. Just some minor suggestions, and a Terraform section is needed.
Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com>
…cloud/librarium into vault-rke2-storage-class
|
||
## Supported Use cases | ||
8. Open your browser and access the [Vault UI](https://localhost:8200/ui. You will receive a warning due to using a self-signed certificate, but you can ignore this warning. Follow the prompts on the UI to initialize your root token. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lennessyy What is the root token? Can I set the root token value through the YAML? Can I get it by reviewing a kubernetes secret?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can add a brief definition of root tokens, but I don't think you can set root token value through the YAML unless you are using Dev mode instead of Prod. If you enable Dev mode, then yes, you can set it in the YAML and can probably set some other configuration to get it by reviewing Kubernetes secret, but otherwise I think you have to go through initialization:
https://developer.hashicorp.com/vault/docs/concepts/tokens#root-tokens
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can add dev mode to the list of parameters so people know
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Co-authored-by: Karl Cardenas <karl@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com>
@karl-cardenas-coding I added a parameter to let people know that they can enable dev mode to skip initialization and how to configure the root token in the yaml file. I didn't add instructions on how to view it using If you think that having this is still good information to provide, I can try to figure it out and add it to the page. |
|
||
## How secrets are injected in deployments? | ||
In a production Vault server, backend storage is on a data persistent layer, is untrusted and only stores encrypted data. In a dev mode Vault server, all data is stored in-memory and will be erased when Vault restarts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In a production Vault server, backend storage is on a data persistent layer, is untrusted and only stores encrypted data. In a dev mode Vault server, all data is stored in-memory and will be erased when Vault restarts. | |
In a production Vault server, backend storage is on a data persistent layer, is untrusted, and only stores encrypted data. In a dev mode Vault server, all data is stored in-memory and will be erased when Vault restarts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving - just one comma to add where suggested.
…lt on rke2 (PAC-829) (#1733) * docs: clarify requirement to explicitly specify storage class for vault on rke2 * docs: specify location of change * docs: refactor vault pack page * Apply suggestions from code review Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Added a terraform section * Add bullet in troubleshooting section on rke2 page * address vale comments * Apply suggestions from code review Co-authored-by: Karl Cardenas <karl@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Address review comments * address vale comments * Fix parameter path * remove warning callout --------- Co-authored-by: Lenny Chen <lenny.chen@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> Co-authored-by: Karl Cardenas <karl@spectrocloud.com> (cherry picked from commit 265d79d)
…lt on rke2 (PAC-829) (#1733) * docs: clarify requirement to explicitly specify storage class for vault on rke2 * docs: specify location of change * docs: refactor vault pack page * Apply suggestions from code review Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Added a terraform section * Add bullet in troubleshooting section on rke2 page * address vale comments * Apply suggestions from code review Co-authored-by: Karl Cardenas <karl@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Address review comments * address vale comments * Fix parameter path * remove warning callout --------- Co-authored-by: Lenny Chen <lenny.chen@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> Co-authored-by: Karl Cardenas <karl@spectrocloud.com> (cherry picked from commit 265d79d)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation and see the Github Action logs for details |
…lt on rke2 (PAC-829) (#1733) (#1753) * docs: clarify requirement to explicitly specify storage class for vault on rke2 * docs: specify location of change * docs: refactor vault pack page * Apply suggestions from code review Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Added a terraform section * Add bullet in troubleshooting section on rke2 page * address vale comments * Apply suggestions from code review Co-authored-by: Karl Cardenas <karl@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Address review comments * address vale comments * Fix parameter path * remove warning callout --------- Co-authored-by: Lenny Chen <lenny.chen@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> Co-authored-by: Karl Cardenas <karl@spectrocloud.com> (cherry picked from commit 265d79d) Co-authored-by: Lenny Chen <55669665+lennessyy@users.noreply.github.com>
…lt on rke2 (PAC-829) (#1733) (#1754) * docs: clarify requirement to explicitly specify storage class for vault on rke2 * docs: specify location of change * docs: refactor vault pack page * Apply suggestions from code review Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Added a terraform section * Add bullet in troubleshooting section on rke2 page * address vale comments * Apply suggestions from code review Co-authored-by: Karl Cardenas <karl@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Address review comments * address vale comments * Fix parameter path * remove warning callout --------- Co-authored-by: Lenny Chen <lenny.chen@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> Co-authored-by: Karl Cardenas <karl@spectrocloud.com> (cherry picked from commit 265d79d) Co-authored-by: Lenny Chen <55669665+lennessyy@users.noreply.github.com>
Describe the Change
This PR clarifies the requirement to explicitly specify the storage class for Vault on RKE2 clusters.
Review Changes
💻 Preview URLs:
🎫 PAC-829