K8s: vault docs #2180
K8s: vault docs #2180
Conversation
|
Hi, I’m Jit, a friendly security platform designed to help developers build secure applications from day zero with an MVS (Minimal viable security) mindset. In case there are security findings, they will be communicated to you as a comment inside the PR. Hope you’ll enjoy using Jit. Questions? Comments? Want to learn more? Get in touch with us. |
andy-stark-redis
left a comment
andy-stark-redis
left a comment
There was a problem hiding this comment.
Just a few cosmetic suggestions and checks to consider, but otherwise language LGTM.
Co-authored-by: andy-stark-redis <[email protected]>
Co-authored-by: andy-stark-redis <[email protected]>
|
Approved by Ran Dvir via Slack |
cmilesb
left a comment
cmilesb
left a comment
There was a problem hiding this comment.
A lot of these code blocks need to be extended slightly - a chunk of text at the end is being blocked by the copy button on my laptop screen.
|
|
||
| Create a policy that grants the Redis Enterprise operator read access to secrets: | ||
|
|
||
| ```bash |
There was a problem hiding this comment.
This code block and the one below it don't scroll completely to the right on my laptop screen.
|
|
||
| Configuration parameters: | ||
|
|
||
| | Parameter | Description | Default | Required | |
There was a problem hiding this comment.
Same with the table here. You may want to make it a scrollable table.
|
|
||
| Generate and store the admission controller TLS certificate in Vault: | ||
|
|
||
| ```bash |
There was a problem hiding this comment.
Same thing with this code block and the one after the one below it.
| To create a Redis Enterprise database (REDB) with Vault integration: | ||
|
|
||
| 1. Create database password in Vault: | ||
| ```bash |
There was a problem hiding this comment.
Same with this code block:
|
|
||
| You can also update certificates using `kubectl patch`: | ||
|
|
||
| ```bash |
There was a problem hiding this comment.
Same with this code block.
| #### Backup storage credentials | ||
| Store backup storage credentials for Redis Enterprise databases: | ||
|
|
||
| ```bash |
There was a problem hiding this comment.
Same with this one and the one below.
|
|
||
| Symptoms: Operator pod remains in `Pending` or `CrashLoopBackOff` state | ||
|
|
||
| Causes and solutions: |
There was a problem hiding this comment.
The first two code blocks in this section are also not scrollable.
| curl -k https://<VAULT_FQDN>:8200/v1/sys/health | ||
| ``` | ||
|
|
||
| #### Authentication failures |
There was a problem hiding this comment.
Same with both of these code blocks.
|
|
||
| Symptoms: `Failed to read Vault secret` errors | ||
|
|
||
| Solutions: |
There was a problem hiding this comment.
All of these code blocks as well.
| vault kv get -format=json -namespace=<VAULT_NAMESPACE> <VAULT_SECRET_ROOT>/redisenterprise-<K8S_NAMESPACE>/<cluster-name> | ||
| ``` | ||
|
|
||
| ### Debugging commands |
There was a problem hiding this comment.
Same with all of these code blocks.
No description provided.