Difficulty: intermediate
Estimated Time: 30 minutes

The Vault Helm chart enables you to run Vault and the Vault Agent injector service. This injector service leverages the Kubernetes mutating admission webhook to intercept pods that define specific annotations and inject a Vault Agent container to manage these secrets. This is beneficial because:

  • Applications remain Vault unaware as the secrets are stored on the file-system within their container.
  • Existing deployments require no change; as annotations can be patched.
  • Access to secrets can be enforced via Kubernetes service accounts and namespaces

In this tutorial, you setup Vault and this injector service with the Vault Helm chart. Then you will deploy several applications to demonstrate how this new injector service retrieves and writes these secrets for the applications to use.

You launched Vault and the injector service with the Vault Helm chart. Learn more about the Vault Helm chart by reading the documentation, exploring the project source code, reading the blog post announcing the "Injecting Vault Secrets into Kubernetes Pods via a Sidecar", or the documentation for Agent Sidecar Injector

Then you deployed several applications to demonstrate how this new injector service retrieves and writes these secrets for the applications to use. Explore how pods can retrieve them directly via network requests or secrets mounted on ephemeral volumes.

Injecting Secrets into Kubernetes Pods via Vault Helm Sidecar

Step 1 of 11

Start Minikube

Minikube is a CLI tool that provisions and manages the lifecycle of single-node Kubernetes clusters running inside Virtual Machines (VM) on your local system.

Verify the minikube CLI is installed.

minikube version

Wait until the minikube version command returns a value.

Start the Minikube cluster.

minikube start --vm-driver none --bootstrapper kubeadm

Verify the status of the Minikube cluster.

minikube status

When the host, kubelet, and apiserver report that they are Running the Kubernetes cluster is ready.

This tab will not be visible to users and provides only information to help authors when creating content.

Creating Katacoda Scenarios

Thanks for creating Katacoda scenarios. This tab is designed to help you as an author have quick access the information you need when creating scenarios.

Here are some useful links to get you started.

Running Katacoda Workshops

If you are planning to use Katacoda for workshops, please contact [email protected] to arrange capacity.

Debugging Scenarios

Below is the response from any background scripts run or files uploaded. This stream can aid debugging scenarios.

If you still need assistance, please contact [email protected]