multipass launch -m2G -c2 -d5G -n "k8scp" lts --network "en0" wget https://cm.lf.training/LFS258/LFS258_V2023-09-14_SOLUTIONS.tar.xz --user=LFtraining --password=Penguin2014
tar -xvf LFS258_V2023-09-14_SOLUTIONS.tar.xz
Guy Barros GuyBarros
GuyBarros
/ vault-non-disruptive-pki-rotation_sh
Created
December 16, 2022 15:25
vault 1.11+ non disruptive pki rotation example script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env zsh | |
| ########### | |
| # Root CA # | |
| ########### | |
| vault secrets enable pki | |
| vault secrets tune -max-lease-ttl=87600h pki |
GuyBarros
/ gist:c0e7f618ff7c0434b11f8ad3ac627926
Last active
December 8, 2022 14:15
Jenkins pipeline config for TFE Demos
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pipeline { | |
| agent any | |
| environment { | |
| GIT_REPO = "https://github.com/GuyBarros/terraform-azurerm-demostack" | |
| TFE_NAME = "app.terraform.io" | |
| TFE_URL = "https://app.terraform.io" | |
| TFE_ORGANIZATION = "emea-se-playground-2019" | |
| TFE_API_URL = "${TFE_URL}/api/v2" |
GuyBarros
/ vault_ldap.tf
Created
September 26, 2022 14:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "vault_mount" "ldap" { | |
| path = "ldap" | |
| type = "openldap" | |
| description = "LDAP Secret Engine" | |
| } | |
| resource "vault_generic_endpoint" "openldapconfig" { | |
| depends_on = [vault_mount.ldap] | |
| path = "${vault_mount.ldap.path}/config" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Executing the command below will bring a list of entities , their auth method and their id: | |
| Export VAULT_ADDR=https://<Vault_address>:8200 | |
| export VAULT_TOKEN=<Vault_token> | |
| export VAULT_NAMESPACE=<Vault_namespace> |
GuyBarros
/ MY_TLS_LOGIN_SETUP
Created
April 29, 2021 10:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################ start ################################################# | |
| ############################### | |
| export VAULT_ADDR=https://vault.hashidemos.io:8200 | |
| export VAULT_TOKEN=s.evX | |
| # Set up the PKI Secret Engine | |
| ############################### | |
| ## Root CA Mount |
GuyBarros
/ jenkins_create_approle_secret
Created
February 9, 2021 12:41
script to create approle credential
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hudson.util.Secret | |
| import com.datapipe.jenkins.vault.credentials.* | |
| import com.cloudbees.plugins.credentials.impl.* | |
| import com.cloudbees.plugins.credentials.* | |
| import com.cloudbees.plugins.credentials.domains.* | |
| | |
| | |
| VaultAppRoleCredential customCredential = new VaultAppRoleCredential( | |
| CredentialsScope.GLOBAL, | |
| 'custom-credential', |
GuyBarros
/ Ansible - Vault SSH-CA
Created
March 18, 2019 08:45
Ansible playbook that uses Vault Approlle to generate a SSH -CA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - | |
| hosts: localhost | |
| gather_facts: false | |
| vars: | |
| secret_token: '${option.vault_token}' | |
| role_id: '${option.approle_id}' | |
| tasks: | |
| - | |
| name: 'Get secret id from role_id' | |
| uri: {url: 'http://active.vault.service.consul:8200/v1/auth/approle/role/my-role/secret-id', method: POST, headers: {X-Vault-Token: '{{ secret_token }}'}, body_format: json, status_code: 200} |
GuyBarros
/ hashicorp-vault-helm-values.yaml
Created
November 2, 2020 17:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global: | |
| # enabled is the master enabled switch. Setting this to true or false | |
| # will enable or disable all the components within this chart by default. | |
| enabled: true | |
| # TLS for end-to-end encrypted transport | |
| tlsDisable: true | |
| # If deploying to OpenShift | |
| psp: | |
| enable: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "variables": { | |
| "version": "", | |
| "memory" : "8196", | |
| "cpucorecount": "4" | |
| }, | |
| "provisioners": [ | |
| { | |
| "type": "file", | |
| "source": "bootcamp.rli", |
NewerOlder