torresdal

Keybase proof

I hereby claim:

• I am torresdal on github.
• I am torresdal (https://keybase.io/torresdal) on keybase.
• I have a public key ASCdFu6R4nM6MPD28vg1-kc3r91QVnOh0qOSOZX5t3rtawo

To claim this, I am signing this object:

torresdal

version: 2
jobs:
  build_docker:
    docker:
      - image: docker:18.09-git
    working_directory: /build
    steps:
      - checkout
      - setup_remote_docker: 
          docker_layer_caching: true

torresdal

apiVersion: apps/v1
kind: Deployment
metadata:
  name: customer
  namespace: customer
  labels:
    app: customer
  annotations:
    flux.weave.works/automated: 'true'
spec:

torresdal

...
containers:
- name: alpine
  env:
  - name: MY_PUBLIC_KEY
    value: my-first-azure-keyvault-certificate@azurekeyvault?tls.crt
  - name: MY_PRIVATE_KEY
    value: my-first-azure-keyvault-certificate@azurekeyvault?tls.key
...

torresdal

apiVersion: spv.no/v1alpha1
kind: AzureKeyVaultSecret
metadata:
  name: my-first-azure-keyvault-certificate
  namespace: default
spec:
  vault:
    name: my-kv
    object:
      type: certificate

torresdal

apiVersion: v1
data:
  tls.crt: ...
  tls.key: ...
kind: Secret
metadata:
  name: keyvault-certificate
  namespace: default
type: kubernetes.io/tls

torresdal

apiVersion: spv.no/v1alpha1
kind: AzureKeyVaultSecret
metadata:
  name: my-first-azure-keyvault-certificate
  namespace: default
spec:
  vault:
    name: my-kv
    object:
      type: certificate

torresdal

...
spec:
  containers:
    env:
    - name: MY_SECRET
      value: my-secret-from-azure@azurekeyvault
...

torresdal

# env
KUBERNETES_PORT=443
KUBERNETES_SERVICE_PORT=443
HOSTNAME=my-pod-77cb7d647–9zftg
…
MY_SECRET=my-secret-from-azure@azurekeyvault
…

torresdal

Here's the alternatives I suggest for supporting Infrastructure as Code and Continuous Delivery.

Docker Cloud

Using Docker Cloud has a cost of $7 for 5 repositories + $0.02 per hour per node.

Example:

3 nodes à $14.4 $43.2 6 nodes à $14.4 $86.4 12 nodes à $14.4 $172.8