|
3 | 3 | ## Description |
4 | 4 |
|
5 | 5 | A tool to watch secret changes in Vault since deploying a workload that uses them via `vault-secrets-webhook`, and "reloads" them so the `webhook` injects the latest secret versions into the objects. |
| 6 | + |
| 7 | +## Documentation |
| 8 | + |
| 9 | +The official documentation for the reloader will be available at [https://bank-vaults.dev](https://bank-vaults.dev/docs/). |
| 10 | + |
| 11 | +## Development |
| 12 | + |
| 13 | +**For an optimal developer experience, it is recommended to install [Nix](https://nixos.org/download.html) and [direnv](https://direnv.net/docs/installation.html).** |
| 14 | + |
| 15 | +_Alternatively, install [Go](https://go.dev/dl/) on your computer then run `make deps` to install the rest of the dependencies._ |
| 16 | + |
| 17 | +Make sure Docker is installed with Compose and Buildx. |
| 18 | + |
| 19 | +Run project dependencies: |
| 20 | + |
| 21 | +```shell |
| 22 | +make deps |
| 23 | + |
| 24 | +make up |
| 25 | +``` |
| 26 | + |
| 27 | +Port-forward Vault: |
| 28 | + |
| 29 | +```shell |
| 30 | +export VAULT_TOKEN=$(kubectl get secrets vault-unseal-keys -o jsonpath={.data.vault-root} | base64 --decode) |
| 31 | + |
| 32 | +kubectl get secret vault-tls -o jsonpath="{.data.ca\.crt}" | base64 --decode > $PWD/vault-ca.crt |
| 33 | +export VAULT_CACERT=$PWD/vault-ca.crt |
| 34 | + |
| 35 | +export VAULT_ADDR=https://127.0.0.1:8200 |
| 36 | + |
| 37 | +kubectl port-forward service/vault 8200 & |
| 38 | +``` |
| 39 | + |
| 40 | +Run the reloader: |
| 41 | + |
| 42 | +```shell |
| 43 | +make run |
| 44 | +``` |
| 45 | + |
| 46 | +Run the test suite: |
| 47 | + |
| 48 | +```shell |
| 49 | +make test |
| 50 | + |
| 51 | +make container-image |
| 52 | +make test-e2e-local |
| 53 | +``` |
| 54 | + |
| 55 | +Run linters: |
| 56 | + |
| 57 | +```shell |
| 58 | +make lint # pass -j option to run them in parallel |
| 59 | +``` |
| 60 | + |
| 61 | +Some linter violations can automatically be fixed: |
| 62 | + |
| 63 | +```shell |
| 64 | +make fmt |
| 65 | +``` |
| 66 | + |
| 67 | +Build artifacts locally: |
| 68 | + |
| 69 | +```shell |
| 70 | +make artifacts |
| 71 | +``` |
| 72 | + |
| 73 | +Once you are done either stop or tear down dependencies: |
| 74 | + |
| 75 | +```shell |
| 76 | +make down |
| 77 | +``` |
| 78 | + |
| 79 | +### Running e2e tests |
| 80 | + |
| 81 | +The project comes with an e2e test suite that is mostly self-contained, |
| 82 | +but at the very least, you need Docker installed. |
| 83 | + |
| 84 | +By default, the suite launches a [KinD](https://kind.sigs.k8s.io/) cluster, deploys all necessary components and runs the test suite. |
| 85 | +This is a good option if you want to run the test suite to make sure everything works. This is also how the CI runs the test suite |
| 86 | +(with a few minor differences). |
| 87 | + |
| 88 | +You can run the test suite by running the following commands: |
| 89 | + |
| 90 | +```shell |
| 91 | +make container-image |
| 92 | +make test-e2e-local |
| 93 | +``` |
| 94 | + |
| 95 | +## License |
| 96 | + |
| 97 | +The project is licensed under the [Apache 2.0 License](LICENSE). |
0 commit comments