At $WORK we use Kubernetes and Vault and we are considering using vault-crd to turn Vault paths into Secret resources in our cluster for certain applications.

I helped evaluate it and I found a couple of bugs which I created github issues for. I really wanted to try the new versioned secret engine because it was similar to a home-grown app configuration system we had written. I enabled the versioned engine on a new path in our Vault cluster and tried out some examples with vault-crd. No matter what I did, I could not make it work.

Fully expecting that I was doing something wrong I dug into the Java code just to have a look. After a bit I found some code that definitely seemed to be doing the wrong thing. I’m not a Java programmer normally so I did not have the full complement of IDEs and compilers on my laptop. I remembered repl.it and created a new Java session. I added analog versions of the methods I wanted to change in the ‘Hello World’ sample and tweaked them until they worked.

Next I forked the repo and made the same changes to the original code. Luckily it had a Dockerfile so I built it locally and pushed up an image to our internal registry. I changed the CRD .yaml to use this new image and 💥 it worked! I made a pull request to the original repo and it was merged.

To me this is the beauty of containers and Kubernetes. I was able to make a fix to some software and I did not have to install any of the associated tooling. Then I was able to try it for my use case because Kubernetes gives me a standardized way to run apps. Last year I bought an old Thinkpad to use for development and I try to use docker containers for little utilities that I write or install. It can be a pain and I don’t do it for everything but I really like the isolation it provides.