Difficulty: intermediate
Estimated Time: 30 minutes

RedHat's OpenShift is a distribution of the Kubernetes platform that provides a number of usability and security enhancements.

In this tutorial, you login to an OpenShift cluster, install Vault via the Helm chart and then configure the authentication between Vault and the cluster. Then you deploy two web applications. One that authenticates and requests secrets directly from the Vault server. The other that employs deployment annotations that enable it to remain Vault unaware.

You launched Vault within OpenShift with a Helm chart. Learn more about the Vault Helm chart by reading the documentation or exploring the project source code.

Then you deployed a web application that authenticated and requested a secret directly from Vault. And finally, deployed a web application that injected secrets based on deployment annotations supported by the Vault Agent Injector service. Learn more by reading the blog post announcing the "Injecting Vault Secrets into Kubernetes Pods via a Sidecar", or the documentation for Vault Agent Injector service.

Injecting Secrets into OpenShift Pods via Vault Agent Injector

Step 1 of 5

Create an Initial Project

The OpenShift CLI is accessed using the command oc. From here, you can administrate the entire OpenShift cluster and deploy new applications. The CLI exposes the underlying Kubernetes orchestration system with the enhancements made by OpenShift.

To install Vault via the Helm chart in the next step requires that you are logged in as administrator within a project.

Login to the OpenShift cluster with as the user admin with the password admin.

oc login -u admin -p admin