helm-charts
Vault
helm-charts | Vault | |
---|---|---|
2 | 160 | |
25 | 29,693 | |
- | 0.6% | |
7.3 | 10.0 | |
15 days ago | about 14 hours ago | |
Smarty | Go | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
helm-charts
-
GKE with Consul Service Mesh
repositories: # https://artifacthub.io/packages/helm/dgraph/dgraph/0.0.19 - name: dgraph url: https://charts.dgraph.io # https://artifacthub.io/packages/helm/main/raw - name: bedag url: https://bedag.github.io/helm-charts/ releases: # Dgraph additional resources required to support Consul - name: dgraph-extra chart: bedag/raw namespace: dgraph version: 1.1.0 values: - resources: - apiVersion: v1 kind: ServiceAccount metadata: name: dgraph-dgraph-zero - apiVersion: v1 kind: ServiceAccount metadata: name: dgraph-dgraph-alpha - apiVersion: v1 kind: ServiceAccount metadata: name: dgraph-dgraph-alpha-grpc - apiVersion: v1 kind: Service metadata: name: dgraph-dgraph-alpha-grpc spec: ports: - name: grpc-alpha port: 9080 publishNotReadyAddresses: true selector: app: dgraph chart: dgraph-0.0.19 component: alpha release: dgraph type: ClusterIP # Dgraph cluster with 2 x StatefulSet (3 Zero pods, 3 Alpha pods) - name: dgraph namespace: dgraph chart: dgraph/dgraph version: 0.0.19 needs: - dgraph/dgraph-extra values: - image: tag: v21.03.2 zero: extraAnnotations: consul.hashicorp.com/connect-inject: 'true' # disable transparent-proxy for multi-port services consul.hashicorp.com/transparent-proxy: 'false' consul.hashicorp.com/transparent-proxy-exclude-inbound-ports: "5080,7080" consul.hashicorp.com/transparent-proxy-exclude-outbound-ports: "5080,7080" alpha: extraAnnotations: consul.hashicorp.com/connect-inject: 'true' # disable transparent-proxy for multi-port services consul.hashicorp.com/transparent-proxy: 'false' # use these registered consul services for different ports consul.hashicorp.com/connect-service: 'dgraph-dgraph-alpha,dgraph-dgraph-alpha-grpc' consul.hashicorp.com/connect-service-port: '8080,9080' consul.hashicorp.com/transparent-proxy-exclude-inbound-ports: "5080,7080" consul.hashicorp.com/transparent-proxy-exclude-outbound-ports: "5080,7080" configFile: config.yaml: | security: whitelist: {{ env "DG_ACCEPT_LIST" | default "0.0.0.0/0" | quote }} # patch existing resources using merge patches strategicMergePatches: # add serviceAccountName to Alpha StatefulSet - apiVersion: apps/v1 kind: StatefulSet metadata: name: dgraph-dgraph-alpha spec: template: spec: serviceAccountName: dgraph-dgraph-alpha # add serviceAccountName to Zero StatefulSet - apiVersion: apps/v1 kind: StatefulSet metadata: name: dgraph-dgraph-zero spec: template: spec: serviceAccountName: dgraph-dgraph-zero # add label to Alpha headless service - apiVersion: v1 kind: Service metadata: name: dgraph-dgraph-alpha-headless labels: consul.hashicorp.com/service-ignore: 'true' # add label to Zero headless service - apiVersion: v1 kind: Service metadata: name: dgraph-dgraph-zero-headless labels: consul.hashicorp.com/service-ignore: 'true' # patch existing resource using jsonPatches jsonPatches: # remove existing grpc port from serivce - target: version: v1 kind: Service name: dgraph-dgraph-alpha patch: - op: remove path: /spec/ports/1
-
How are charts & manifests usually deployed together?
https://github.com/helmfile/helmfile + incubator raw
Vault
- Terraform & HashiCorp Vault Integration: Seamless Secrets Management
-
Top Secrets Management Tools for 2024
HashiCorp Vault
-
Keep it cool and secure: do's and don'ts for managing Web App secrets
For a more comprehensive and robust secret management solution, get your hands on tools like GCP Secret Manager, or HashiCorp Vault. They're like the security guards of your secrets, providing a safe house, access control, and keeping logs of who’s been snooping around.
-
Kubernetes Secret Management
HashiCorp Vault is a popular tool for managing secrets in Kubernetes clusters. It offers advanced features such as secure storage, encryption, dynamic secrets generation, and integration with Kubernetes through its Kubernetes authentication method.
-
Champion Building - How to successfully adopt a developer tool
So you've just bought a new platform tool? Maybe it's Hashicorp Vault? Snyk? Backstage? You’re excited about all of the developer experience, security and other benefits you're about to unleash on your company—right? But wait…
-
AWS Secrets Manager for on-premise and other cloud accounts scaled architecture
You seem to be looking for a cross-platform solution, and https://www.vaultproject.io/ provides just that. If everything was in AWS, AWS Secret Manager might be great, but imo Vault provides much better platform-agnostic capabilities.
-
Show HN: Anchor – developer-friendly private CAs for internal TLS
https://github.com/openwrt/luci/blob/master/applications/luc...
https://developer.hashicorp.com/vault/tutorials/secrets-mana... https://github.com/hashicorp/vault :
> Refer to Build Certificate Authority (CA) in Vault with an offline Root for an example of using a root CA external to Vault.
-
The Complete Microservices Guide
Secret Management: Securely stores sensitive configuration data and secrets using tools like AWS Secrets Manager or HashiCorp Vault. Avoid hardcoding secrets in code or configuration files.
-
Horcrux: Split your file into encrypted fragments
The author of this tool basically took the Shamir code from Hashicorp Vault, which is pretty mainstream. If you're looking for a solid implementation, I would start there[0]. I wouldn't use the Shamir code from this repo, as it's an old version of the vault code using field arithmetic that doesn't run in constant time.
[0]: https://github.com/hashicorp/vault/blob/main/shamir/shamir.g...
-
OpenTF Announces Fork of Terraform
Out of curiosity, what do you mean by this? cross-cluster? they already have HA: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...
while digging up that link, I also saw one named replication: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...
What are some alternatives?
google.cloud - GCP Ansible Collection https://galaxy.ansible.com/google/cloud
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
helmfile - Declaratively deploy your Kubernetes manifests, Kustomize configs, and Charts as Helm releases. Generate all-in-one manifests for use with ArgoCD.
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
hub-feedback - Feedback and bug reports for the Docker Hub
sops - Simple and flexible tool for managing secrets
envoy - Cloud-native high-performance edge/middle/service proxy
etcd - Distributed reliable key-value store for the most critical data of a distributed system
consul-k8s-ingress-controllers - Testing for different API gateways with Consul
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
ratel - Dgraph Data Visualizer and Cluster Manager
bitwarden_rs - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs [Moved to: https://github.com/dani-garcia/vaultwarden]