Merge pull request #28 from nmaupu/doc-samples

Doc samples

Makefile

@@ -128,11 +128,13 @@ bundle-build:
 .PHONY: CI-prepare-release
 CI-prepare-release:
 	mkdir -p release/manifests/crds
-	cp config/crd/bases/maupu.org_vaultsecrets.yaml release/manifests/crds
+	cp -a config/crd/bases/maupu.org_vaultsecrets.yaml release/manifests/crds
+	cp -a config/doc-samples/* release/manifests/
 	tar cfz release/vault-secret-manifests-$(RELEASE_NAME).tar.gz -C release manifests
 	rm -rf release/manifests/
 	sed -i -e "s/latest/$(RELEASE_NAME)/g" version/version.go
 	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o release/vault-secret-$(RELEASE_NAME)-linux-amd64 main.go
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 GO111MODULE=on go build -a -o release/vault-secret-$(RELEASE_NAME)-linux-arm64 main.go
 
 .PHONY: CI-process-release
 CI-process-release:

README.md

@@ -27,11 +27,11 @@ Get the latest release from https://github.com/nmaupu/vault-secret/releases
 
 Deploy the Custom Resource Definition and the operator:
 ```
-$ kubectl apply -f deploy/crds/maupu_v1beta1_vaultsecret_crd.yaml
-$ kubectl apply -f deploy/service_account.yaml
-$ kubectl apply -f deploy/role.yaml
-$ kubectl apply -f deploy/role_binding.yaml
-$ kubectl apply -f deploy/operator.yaml
+$ kubectl apply -f config/crd/bases/maupu.org_vaultsecrets.yaml
+$ kubectl apply -f config/doc-samples/operator.yaml
+$ kubectl apply -f config/doc-samples/role.yaml
+$ kubectl apply -f config/doc-samples/role_binding.yaml
+$ kubectl apply -f config/doc-samples/service_account.yaml
 ```
 
 ### Configuration
@@ -57,7 +57,7 @@ Example usage:
 
 ## Custom resource
 
-Here is an example (`deploy/crds/maupu_v1beta1_vaultsecret_cr.yaml`) :
+Here is an example (`config/doc-samples/maupu.org_v1beta1_vaultsecrets_cr.yaml`) :
 ```
 apiVersion: maupu.org/v1beta1
 kind: VaultSecret
@@ -130,7 +130,7 @@ Secret are resynced periodically (after a maximum of 10h) but it's possible to r
 
 If your Vault is using *TLS* but if its certificates are not signed by a *known authority*, one can use the config option `insecure` to skip tls verification.
 
-Do not use `TLS_SKIP_VERIFY` env variable, **it's not** being taken into account.
+Do not use `TLS_SKIP_VERIFY` env variable when starting the operator, **it's not** being taken into account.
 
 Here is an example:
 ```
@@ -212,11 +212,12 @@ If several configuration options are specified, there are used in the following
 
 To build, simply use *make*:
 ```
-make build
+make docker-build
+IMG=local/vault-secret:test make docker-build
 ```
 
 This task will:
-- build the binary
+- build the binary (using docker)
 - create a docker image
 
 You can then push it to any docker repository or use it locally.

config/doc-samples/maupu.org_v1beta1_vaultsecrets_cr.yaml

@@ -0,0 +1,29 @@
+apiVersion: maupu.org/v1beta1
+kind: VaultSecret
+metadata:
+  name: example-vaultsecret
+spec:
+  secretName: vault-secret-test
+  secrets:
+    - secretKey: username
+      kvPath: secrets/kv
+      path: test
+      field: username
+    - secretKey: password
+      kvPath: secrets/kv
+      path: test
+      field: password
+  syncPeriod: 1h
+  config:
+    addr: https://vault.example.com
+    # namespace: example-namespace
+    auth:
+      kubernetes:
+        role: myrole
+        cluster: kubernetes
+#   auth:
+#     token: ...
+#   auth:
+#     approle:
+#       role_id: ...
+#       secret_id: ...

config/doc-samples/operator.yaml

@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vault-secret
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: vault-secret
+  template:
+    metadata:
+      labels:
+        name: vault-secret
+    spec:
+      serviceAccountName: default
+      containers:
+        - name: vault-secret
+          # Replace this with the built image name
+          image: nmaupu/vault-secret:latest
+          imagePullPolicy: Always
+          command:
+          - vault-secret
+          env:
+            - name: WATCH_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+           #- name: WATCH_MULTINAMESPACES
+           #  value: "default,test"
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: OPERATOR_NAME
+              value: "vault-secret"

config/doc-samples/role.yaml

@@ -0,0 +1,54 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: null
+  name: vault-secret-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  - services/finalizers
+  - endpoints
+  - persistentvolumeclaims
+  - events
+  - configmaps
+  - secrets
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - replicasets
+  - statefulsets
+  verbs:
+  - '*'
+- apiGroups:
+  - extensions
+  resources:
+  - replicasets
+  - deployments
+  verbs:
+  - '*'
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - get
+  - create
+- apiGroups:
+  - maupu.org
+  resources:
+  - '*'
+  verbs:
+  - '*'

config/doc-samples/role_binding.yaml

@@ -0,0 +1,12 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: vault-secret
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: default
+roleRef:
+  kind: Role
+  name: vault-secret-role
+  apiGroup: rbac.authorization.k8s.io

config/doc-samples/service_account.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vault-secret

config/samples/maupu.org_v1beta1_vaultsecret.yaml

@@ -1,7 +1,29 @@
 apiVersion: maupu.org/v1beta1
 kind: VaultSecret
 metadata:
-  name: vaultsecret-sample
+  name: example-vaultsecret
 spec:
-  # Add fields here
-  foo: bar
+  secretName: vault-secret-test
+  secrets:
+    - secretKey: username
+      kvPath: secrets/kv
+      path: test
+      field: username
+    - secretKey: password
+      kvPath: secrets/kv
+      path: test
+      field: password
+  syncPeriod: 1h
+  config:
+    addr: https://vault.example.com
+    # namespace: example-namespace
+    auth:
+      kubernetes:
+        role: myrole
+        cluster: kubernetes
+#   auth:
+#     token: ...
+#   auth:
+#     approle:
+#       role_id: ...
+#       secret_id: ...