Integrating MetalSoft with Hashicorp Vault

To integrate MetalSoft with Hashicorp Vault, please follow these instructions if Vault was not enabled as part of the original installation.

Apply default secret and configmap:

kubectl -n $ns apply -f scripts/vault-secrets.yaml

Once Vault is unsealed, run ./scripts/vault_start_agent.sh, which will:

• enable Vault approle

• overwrite vault-metalsoft-policy.hcl with capabilities for specific paths

• apply policies for Metalsoft

• set approle role_id and secret_id

• update and apply vault-secrets.yaml

Once the above is completed, few of the manifests will need to be updated to use the Vault agent:

# grep enable_vault *
auth-deployment.yaml:### NOTE: enable_vault
auth-deployment.yaml:### NOTE: enable_vault
auth-deployment.yaml:### NOTE: enable_vault
configmaps.yaml:### NOTE: enable_vault
inventory-deployment.yaml:### NOTE: enable_vault

These sections need to be uncommented, and YAML files applied to k8s