docs: clarify requirement to explicitly specify storage class for vault on rke2 (PAC-829) #1733
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for docs-spectrocloud ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
lennessyy
commented
Nov 1, 2023
lennessyy
requested review from
karl-cardenas-coding,
caroldelwing,
ritawatson and
vishwanaths
There was a problem hiding this comment.
@lennessyy and I had a conversation about the changes and how to go about exposing this challenge in a manner that helps out from a long-term perspective.
added 2 commits
November 2, 2023 17:03
…cloud/librarium into vault-rke2-storage-class
lennessyy
added
auto-backport
ritawatson
suggested changes
Nov 3, 2023
Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com>
…cloud/librarium into vault-rke2-storage-class
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
karl-cardenas-coding
requested changes
Nov 6, 2023
|
|
||
| ## Supported Use cases | ||
| 8. Open your browser and access the [Vault UI](https://localhost:8200/ui. You will receive a warning due to using a self-signed certificate, but you can ignore this warning. Follow the prompts on the UI to initialize your root token. |
There was a problem hiding this comment.
@lennessyy What is the root token? Can I set the root token value through the YAML? Can I get it by reviewing a kubernetes secret?
There was a problem hiding this comment.
I can add a brief definition of root tokens, but I don't think you can set root token value through the YAML unless you are using Dev mode instead of Prod. If you enable Dev mode, then yes, you can set it in the YAML and can probably set some other configuration to get it by reviewing Kubernetes secret, but otherwise I think you have to go through initialization:
https://developer.hashicorp.com/vault/docs/concepts/tokens#root-tokens
There was a problem hiding this comment.
I can add dev mode to the list of parameters so people know
ritawatson
reviewed
Nov 6, 2023
ritawatson
reviewed
Nov 6, 2023
ritawatson
suggested changes
Nov 6, 2023
Co-authored-by: Karl Cardenas <karl@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com>
added 2 commits
November 6, 2023 13:49
|
@karl-cardenas-coding I added a parameter to let people know that they can enable dev mode to skip initialization and how to configure the root token in the yaml file. I didn't add instructions on how to view it using If you think that having this is still good information to provide, I can try to figure it out and add it to the page. |
karl-cardenas-coding
approved these changes
Nov 6, 2023
ritawatson
reviewed
Nov 7, 2023
|
|
||
| ## How secrets are injected in deployments? | ||
| In a production Vault server, backend storage is on a data persistent layer, is untrusted and only stores encrypted data. In a dev mode Vault server, all data is stored in-memory and will be erased when Vault restarts. |
There was a problem hiding this comment.
Suggested change
| In a production Vault server, backend storage is on a data persistent layer, is untrusted and only stores encrypted data. In a dev mode Vault server, all data is stored in-memory and will be erased when Vault restarts. | |
| In a production Vault server, backend storage is on a data persistent layer, is untrusted, and only stores encrypted data. In a dev mode Vault server, all data is stored in-memory and will be erased when Vault restarts. |
ritawatson
approved these changes
Nov 7, 2023
vault-token-factory-spectrocloud bot
pushed a commit
that referenced
this pull request
Nov 7, 2023
…lt on rke2 (PAC-829) (#1733) * docs: clarify requirement to explicitly specify storage class for vault on rke2 * docs: specify location of change * docs: refactor vault pack page * Apply suggestions from code review Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Added a terraform section * Add bullet in troubleshooting section on rke2 page * address vale comments * Apply suggestions from code review Co-authored-by: Karl Cardenas <karl@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Address review comments * address vale comments * Fix parameter path * remove warning callout --------- Co-authored-by: Lenny Chen <lenny.chen@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> Co-authored-by: Karl Cardenas <karl@spectrocloud.com> (cherry picked from commit 265d79d)
vault-token-factory-spectrocloud bot
pushed a commit
that referenced
this pull request
Nov 7, 2023
…lt on rke2 (PAC-829) (#1733) * docs: clarify requirement to explicitly specify storage class for vault on rke2 * docs: specify location of change * docs: refactor vault pack page * Apply suggestions from code review Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Added a terraform section * Add bullet in troubleshooting section on rke2 page * address vale comments * Apply suggestions from code review Co-authored-by: Karl Cardenas <karl@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Address review comments * address vale comments * Fix parameter path * remove warning callout --------- Co-authored-by: Lenny Chen <lenny.chen@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> Co-authored-by: Karl Cardenas <karl@spectrocloud.com> (cherry picked from commit 265d79d)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation and see the Github Action logs for details |
lennessyy
added a commit
that referenced
this pull request
Nov 7, 2023
…lt on rke2 (PAC-829) (#1733) (#1753) * docs: clarify requirement to explicitly specify storage class for vault on rke2 * docs: specify location of change * docs: refactor vault pack page * Apply suggestions from code review Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Added a terraform section * Add bullet in troubleshooting section on rke2 page * address vale comments * Apply suggestions from code review Co-authored-by: Karl Cardenas <karl@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Address review comments * address vale comments * Fix parameter path * remove warning callout --------- Co-authored-by: Lenny Chen <lenny.chen@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> Co-authored-by: Karl Cardenas <karl@spectrocloud.com> (cherry picked from commit 265d79d) Co-authored-by: Lenny Chen <55669665+lennessyy@users.noreply.github.com>
lennessyy
added a commit
that referenced
this pull request
Nov 7, 2023
…lt on rke2 (PAC-829) (#1733) (#1754) * docs: clarify requirement to explicitly specify storage class for vault on rke2 * docs: specify location of change * docs: refactor vault pack page * Apply suggestions from code review Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Added a terraform section * Add bullet in troubleshooting section on rke2 page * address vale comments * Apply suggestions from code review Co-authored-by: Karl Cardenas <karl@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> * Address review comments * address vale comments * Fix parameter path * remove warning callout --------- Co-authored-by: Lenny Chen <lenny.chen@spectrocloud.com> Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> Co-authored-by: Karl Cardenas <karl@spectrocloud.com> (cherry picked from commit 265d79d) Co-authored-by: Lenny Chen <55669665+lennessyy@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Describe the Change
This PR clarifies the requirement to explicitly specify the storage class for Vault on RKE2 clusters.
Review Changes
💻 Preview URLs:
🎫 PAC-829