A Kubernetes mutating webhook that makes direct secret injection into Pods possible.
The official documentation for the webhook is available at https://bank-vaults.dev.
For an optimal developer experience, it is recommended to install Nix and direnv.
Alternatively, install Go on your computer then run make deps to install the rest of the dependencies.
Make sure Docker is installed with Compose and Buildx.
Fetch required tools:
make depsRun project dependencies:
make upRun the webhook:
make -j run forwardRun the test suite:
make test
make test-e2e-localRun linters:
make lint # pass -j option to run them in parallelSome linter violations can automatically be fixed:
make fmtBuild artifacts locally:
make artifactsOnce you are done, you can tear down project dependencies:
make downThe project comes with an e2e test suite that is mostly self-contained, but at the very least, you need Docker installed.
By default, the suite launches a KinD cluster, deploys all necessary components and runs the test suite. This is a good option if you want to run the test suite to make sure everything works. This is also how the CI runs the test suite (with a few minor differences).
You can run the test suite by running the following commands:
make test-e2e-localAnother way to run the test suite is using an existing cluster. This may be a better option if you want to debug tests or figure out why something isn't working.
Set up a Kubernetes cluster of your liking. For example, launch a KinD cluster:
kind create clusterDeploy the necessary components (including the webhook itself):
garden deployRun the test suite:
make BOOTSTRAP=false test-e2eThe project is licensed under the Apache 2.0 License.