Install Vault
helm repo add hashicorp https://helm.releases.hashicorp.com
helm -n vault install vault hashicorp/vault --create-namespace --set "server.dev.enabled=true"
Start session on Vault pod
The following instructions have been tested using a KinD cluster and uses the Venafi Secrets Engine for HashiCorp Vault
install vault (dev mode)
helm repo add hashicorp https://helm.releases.hashicorp.com
helm -n vault install vault hashicorp/vault --create-namespace \
--set "server.dev.enabled=true" \
--set "server.extraArgs=-dev-plugin-dir=/vault/plugins/" \
# From https://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-on-linux | |
sudo sysctl -w net.ipv4.ip_unprivileged_port_start=80 |
--- | |
apiVersion: cert-manager.io/v1 | |
kind: Certificate | |
metadata: | |
name: www081050-jetstack-mcginlay-net | |
spec: | |
secretName: www081050-jetstack-mcginlay-net-tls | |
dnsNames: | |
- www081050.jetstack.mcginlay.net | |
issuerRef: |
--- | |
apiVersion: cert-manager.io/v1 | |
kind: ClusterIssuer | |
metadata: | |
name: self-signed | |
spec: | |
selfSigned: {} |
--- | |
apiVersion: policy.cert-manager.io/v1alpha1 | |
kind: CertificateRequestPolicy | |
metadata: | |
name: accept-all | |
spec: | |
allowed: | |
dnsNames: | |
values: | |
- "*" |
kubectl -n demos apply -f - << EOF | |
apiVersion: cert-manager.io/v1 | |
kind: Certificate | |
metadata: | |
name: demo-cert-tls | |
spec: | |
dnsNames: | |
- demo-cert.jetstack.mcginlay.net | |
issuerRef: | |
group: cert-manager.io |