Please note: We take OpenBao's security and our users' trust very seriously. If you believe you have found a security issue in OpenBao, please responsibly disclose by contacting us at [email protected].
The openbao-k8s
binary includes first-class integrations between OpenBao and Kubernetes. Currently the only integration in this repository is the OpenBao Agent Sidecar Injector (agent-inject
). In the future more integrations will be found here.
This project is versioned separately from OpenBao. Supported OpenBao versions for each feature will be noted below. By versioning this project separately, we can iterate on Kubernetes integrations more quickly and release new versions without forcing OpenBao users to do a full OpenBao upgrade.
- Agent Inject: Agent Inject is a mutation webhook controller that injects OpenBao Agent containers into pods meeting specific annotation criteria. (Requires OpenBao 2+)
openbao-k8s
is distributed in multiple forms:
-
The recommended installation method is the official OpenBao Helm chart. This will automatically configure openbao and Kubernetes integration to run within an existing Kubernetes cluster.
-
A Docker image
openbao/openbao-k8s
is in the works. This can be used to manually runopenbao-k8s
within a scheduled environment. -
Raw binaries are available on the releases page. These can be used to run openbao-k8s directly or build custom packages.