/
Quick Start
Quickly get started using Azure Key Vault to Kubernetes
- 1
Installation
See installation.
- 2
Ensure Kubernetes can access objects in Azure Key Vault
By default akv2k8s use the AKS cluster credentials to authenticate with Azure Key Vault (if you run outside Azure, see using custom credentials). Run the following command to authorize akv2k8s to access
secret
-objects in Azure Key Vault.az keyvault set-policy \ -n <azure key vault name> \ --secret-permissions get \ --spn <service principal id> \ --subscription <azure subscription>
For more details and options, check out authentication and authorization.
- 3
Sync Azure Key Vault object to Kubernetes
Secret
Create a
AzureKeyVaultSecret
resource in the namespace you want the KubernetesSecret
to be synced. In this example we are using the namespaceakv-test
.# secret-sync.yaml apiVersion: spv.no/v2beta1 kind: AzureKeyVaultSecret metadata: name: secret-sync namespace: akv-test spec: vault: name: akv2k8s-test # 1. name of key vault object: name: my-secret # 2. name of the akv object type: secret # 3. akv object type output: secret: name: my-secret-from-akv # 4. kubernetes secret name dataKey: secret-value # 5. key to store object value in kubernetes secret
Apply to Kubernetes:
$ kubectl apply -f secret-sync.yaml azurekeyvaultsecret.spv.no/secret-sync created
Done
Shortly you should have a Kubernetes
Secret
resource in the namespaceakv-test
, containing the value from Azure Key Vault!To see how to use the Env-Injector to bypass using Kubernetes Secrets entirely and other options, check out the tutorials.