get2arun/txt

## txt
$ oc logs pod/vault-f65cb7877-gmh9z
Error initializing listener of type tcp: error loading TLS cert: open /etc/certs/vault.pem: no such file or directory

=================================================
vault-tls setup
=================================================
blog : https://testdriven.io/blog/running-vault-and-consul-on-kubernetes/
==================================================

INSTALL AND DIR STRUCTURE
====================================================
$ mkdir $HOME/go
$ export GOPATH=$HOME/go
$ export PATH=$PATH:$GOPATH/bin

Next, install the SSL ToolKit:
$ go get -u github.com/cloudflare/cfssl/cmd/cfssl
$ go get -u github.com/cloudflare/cfssl/cmd/cfssljson

├── certs
│   ├── config
│   │   ├── ca-config.json
│   │   ├── ca-csr.json
│   │   └── vault-csr.json
└── vault
===========================================================

Following the steps to create ca and vault key and pem files
===========================================================
cat certs/config/ca-csr.json
{
  "hosts": [
    "cluster.local"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CL",
      "ST": "RM",
      "L": "Santiago"
    }
  ]
}

cat certs/config/ca-config.json
{
  "signing": {
    "default": {
      "expiry": "87600h"
    },
    "profiles": {
      "default": {
        "usages": [
          "signing",
          "key encipherment",
          "server auth",
          "client auth"
        ],
        "expiry": "8760h"
      }
    }
  }
}

cat certs/config/vault-csr.json ## In the host's list added the minishift ip
{
  "hosts": [
    "vault",
    "127.0.0.1",
    "192.168.xx.xx"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CL",
      "ST": "RM",
      "L": "Santiago"
    }
  ]
}

cfssl$ cfssl gencert -initca certs/config/ca-csr.json | cfssljson -bare certs/ca
2019/12/27 23:54:26 [INFO] generating a new CA key and certificate from CSR
2019/12/27 23:54:26 [INFO] generate received request
2019/12/27 23:54:26 [INFO] received CSR
2019/12/27 23:54:26 [INFO] generating key: rsa-2048
2019/12/27 23:54:27 [INFO] encoded CSR
2019/12/27 23:54:27 [INFO] signed certificate with serial number 614428927684934858812592719940307578889967342863

cfssl$ ls -l certs/
total 20
-rw-r--r-- 1 apurb apurb  985 Dec 27 23:54 ca.csr
-rw------- 1 apurb apurb 1679 Dec 27 23:54 ca-key.pem
-rw-r--r-- 1 apurb apurb 1159 Dec 27 23:54 ca.pem
drwxr-xr-x 2 apurb apurb 4096 Dec 27 23:52 config
drwxr-xr-x 2 apurb apurb 4096 Dec 27 23:37 vault

for Vault:

$ cfssl gencert \
    -ca=certs/ca.pem \
    -ca-key=certs/ca-key.pem \
    -config=certs/config/ca-config.json \
    -profile=default \
    certs/config/vault-csr.json | cfssljson -bare certs/vault

cfssl$ cfssl gencert \
>     -ca=certs/ca.pem \
>     -ca-key=certs/ca-key.pem \
>     -config=certs/config/ca-config.json \
>     -profile=default \
>     certs/config/vault-csr.json | cfssljson -bare certs/vault
2019/12/28 00:07:33 [INFO] generate received request
2019/12/28 00:07:33 [INFO] received CSR
2019/12/28 00:07:33 [INFO] generating key: rsa-2048
2019/12/28 00:07:33 [INFO] encoded CSR
2019/12/28 00:07:33 [INFO] signed certificate with serial number 548062694835770430502296617561455400237122881553

==================================================
create secret
===================================================
oc create secret generic vault \
    --from-file=certs/ca.pem \
    --from-file=certs/vault.pem \
    --from-file=certs/vault-key.pem

cfssl$ oc get secrets vault -o yaml
apiVersion: v1
data:
  ca.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLakNDQWhLZ0F3SUJBZ0lVYTUveUxiQkhqaU1ad25vNW14RUFVSU41bFE4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0xURUxNQWtHQTFVRUJoTUNRMHd4Q3pBSkJnTlZCQWdUQWxKTk1SRXdEd1lEVlFRSEV3aFRZVzUwYVdGbgpiekFlRncweE9URXlNamd3TWpRNU1EQmFGdzB5TkRFeU1qWXdNalE1TURCYU1DMHhDekFKQmdOVkJBWVRBa05NCk1Rc3dDUVlEVlFRSUV3SlNUVEVSTUE4R0ExVUVCeE1JVTJGdWRHbGhaMjh3Z2dFaU1BMEdDU3FHU0liM0RRRUIKQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNwbzFSbkNJZ3pycnV4QW1XZW9jeFBYM1hFVjdSV3ZTenZjalJhNUF2SwpkZUhJdFYwckdsdlJGVHk3L2RoY3hVcnYyaGFBcVFWdDAvMkhtUEVkQzFpQWNRYVVaczJaSXU5TGFLQ1dIOTJICnhQODlCeWlpRytWaisybTV0MStndjVHb1NSclE2Z0xIZHNHNkp1WGs4NzFicGpLOHBWQmJCRDU0aC9HK0tIT2MKcFRRaDIyZXpJcWdiYlFwbWVIL2l4SlpLVkV1R2pJbnl2RXNwU0FjYm8rdHNOMXFLSTVWbyt1dld0dzhTWVZmNApQY0MwbW5FMUhCZUZJM3V1WCttK2JRVXFaMC9QMGIzTjEvcFNJcFExUmxlaVY0clJnYU4waGU1Ykd1WGNNMG1uCmpJalhTK0QzMHhXK3lYTnp3MEFROEVUL2tJZ1NlREM0bFpRRGhrYmpPK3lYQWdNQkFBR2pRakJBTUE0R0ExVWQKRHdFQi93UUVBd0lCQmpBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJTQXNYU2h5MkhpaEpLYgpzeEhyZGxhMjh2azZKakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBZFBIb2tCSzJjRy9wc2h1eFJFaXlvQWlaCi9XUDlTK1VBVERqVHVjOUh4eng3UjAxTVFUeURuY2xVQjVITy90NERXcXBzM0x4TUJhTENIWFVtMEw0SmoxL0IKRHA3TUFEazFJRHJtZkxYMXExRkNZd2crbTNkU25NVmQ0RjE4TGk5TXhmUm0vMGFFdnJpOVltbnNZNmJ1SUdxdwpOT0Y2L3dHc0lPMkdQV2lsSHozUzVvbU5ETEpxY1NyQnVRMlQvQTJHeVpOeGVKRWNFQ25RQXU2MFZoZUNUdzh2ClhYc1JvVDlEU085cGFvSnJhTUswd1pDbFcwTlB3SnV1SVlMOU9rVm9rYkpxVk5SNlFFUG5xUldBcTZDSTJYQm4KWVp5S29zbFc4bGhzOWQwVU50SnJSNnEyS3NYaWlTMy9XSjRQVHBNTWI0UzhsSjh0RkwyZ2pQa0dkbmdvWkE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  vault-key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdjVGekVVcmxKb2NvQ1FlM05RcEV6ZEloelVqWUVkbFlEdnZlRE9uWi8ydW9jTEtqCjI5a0NkUUExQktrbXh4bDZ5RjVlTlE5VndTbGlLWFduZE1LSFpmaXBCZnhNN3BFY1dNR3pWVzNsYnlFUzN0QlQKNEhXeFlBQzdncTFhV0gwNmRrRFVURTJzcUpvSEY2L09pZXpPd1hmQmFUV2d4QUxsTEw0cE1ENzVhVmFCbUJFZgpERjlSSXpjbFo2M1FzMURJbCtVQ3hpTHdQcXp0SjArMEhGWUwxVDdydHpGKzVRVEpmL09PQ1pUS05XT2xlbkhFCm8reWs4SGt3M3RTekpSTXRBRlJJbUVDTjgxT04vckNoQ0ZLL0ZiM3BHYzF1TDRRMVd1SEExai81bXROVFdHY3gKdDREUUkrdkVWZHFMeDQxQThjZGJMdXlNQVY0MHZLQlQwWExBRVFJREFRQUJBb0lCQUhMSkQxNnNOdFE0SmdnTApKSDdXa1ZXV2RJU1NBazNub25rUCtBUmExekhSNjFMajU0VWk2Zkw3VmNsZUpZc2xQRW4xS1pPM2haWEJXejBtCmIxbHAra0ZpbHJ5c2FkaUZBS3c2SEYrekFzZnMxR2JJQTRvNld6Y0FHVnI2em1pNVdKOWt4eENWZGtCc1VwV2gKMVNzVnh1bHIvV3N5SkF0dkJLMGpvSUIxSzNNdXhmaGdkeHBldWF2VDJoYkplRUpOTi9naC8yYmg2bU9Jd1hKeQp0Z1FKRk1iUHZ2aVpJN2V4SGQwbDVxMGNvNm9vY3h1UXVzVUs3cWJxUnllQWlPN2FXR3RUam15ZThQLy8wWUJJCmRibEtjQTV5OVFLNTV6Nk1YU3VTc25xeVYwTnBGUkFDNm9ieW9aRDZLU0F5Z3RxbkhVYmRyRElyenlnVHFlbnkKbjl0NHcwRUNnWUVBMlpoaHY1Q0JrRVRsMTBpNVZER21HdVdRdVJSaFh2SkZTYmdEdVMvb2JqaXlsRlA5UGY4YgpqRW9DdG5taXQxT3FubUtWZ3BYOXVGUUlqdXpxVTFrK3NSNnUraTUrc2xtRGF0dUIzSWNGTnRaWXlBOUdCWmNMCmxQWkh6REVkSEFGM0hHVVVZc1lhZUhiSlA1TytSYnNzem9MK2JyYzhmaFl5anMwU2s5RVBzcWtDZ1lFQTRXRVYKcXd4WjJmYW9HZnV6MFBOTWRsQngwcFdBQjJjWmlnM3V0VFdrM0MwbS9XQWpyN0xOV0x1WFZkN1lPNzBOUjRDUApETGtNcjZVbVpoTWM3V0lBeDVqSnV2ZjRTRFFhUnJFd2RtaE90QkhzaVBwUkFBTTgxMk9LSlhvenk4d0MrL0JLCnprNFRKZjhidGtGMjB2aXlGOWZMb3FCVDlvQ3N6OW1OL0dnKzZ5a0NnWUJpNkk5V0ludWlkbzc3WXdWTExoNVIKRDVUUGJHSXVaSFgyWW56ZXl0WWVkQXRJdlR6WjE0SlFMTHc2OGVOeTdjY2FvN2xPV0p1eUZCQ24xeTFVb2JhTAprR1Q5Ti9GRFpNa0Y0NjJON3BvQ0tVREYvNXRXb3lnU21EaGVxdHlPaEdQK05qd2tBZVM2YVZSbFgrVVhrVk4yCnM3aXYzdjdTV1lpMXZLWDdKd2E1c1FLQmdCSnV6a2JmQzdvMzRpZTkza2NJbndoT0xBRDlHU3VCMHlUblhzNlQKUkpoOVdPTUFLZXNFeEthdE1RTms1bXA4VzhtdFNnWFFYS2xBNkpNUW5SME5GdU04SzhPTzVFK0RjMkswdXpIego5ZnZrTzJRNGxNZGJmRzVoUmJzcTgzR0hqZmJ0QURFL1VYR2FHN29jUUl1Z3EzQW54Zy9XN1FjTUh4WWd4T3dQCjJwV0JBb0dBWXg1bGZOdUF3MTNoaHlWdEtvb0pzNXR6TEpvS0pLQjI0NGc2WHVFUnl1eFcyaVZqcGRjN0M5djgKTDk5Q3VyQmtxbTAyVjI1elp0QjFrSGNyZkNWSVFVRFIxNmdTMTNtd2VuREhHNmZGeEczdWQ3c0J6cU85WWM5RwpuNFdSdUhhRVluQVpnOUNnMVZseERaTTlzWEhTVFNWbDVhN1g4M1pRdHp4VUVSYm4xbVU9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
  vault.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaRENDQWt5Z0F3SUJBZ0lVWC8vN01EQ1JaVjE3NmJaNG5BMy9uazRhaUJFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0xURUxNQWtHQTFVRUJoTUNRMHd4Q3pBSkJnTlZCQWdUQWxKTk1SRXdEd1lEVlFRSEV3aFRZVzUwYVdGbgpiekFlRncweE9URXlNamd3TXpBek1EQmFGdzB5TURFeU1qY3dNekF6TURCYU1DMHhDekFKQmdOVkJBWVRBa05NCk1Rc3dDUVlEVlFRSUV3SlNUVEVSTUE4R0ExVUVCeE1JVTJGdWRHbGhaMjh3Z2dFaU1BMEdDU3FHU0liM0RRRUIKQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMva1hNUlN1VW1oeWdKQjdjMUNrVE4waUhOU05nUjJWZ08rOTRNNmRuLwphNmh3c3FQYjJRSjFBRFVFcVNiSEdYcklYbDQxRDFYQktXSXBkYWQwd29kbCtLa0YvRXp1a1J4WXdiTlZiZVZ2CklSTGUwRlBnZGJGZ0FMdUNyVnBZZlRwMlFOUk1UYXlvbWdjWHI4Nko3TTdCZDhGcE5hREVBdVVzdmlrd1B2bHAKVm9HWUVSOE1YMUVqTnlWbnJkQ3pVTWlYNVFMR0l2QStyTzBuVDdRY1ZndlZQdXUzTVg3bEJNbC84NDRKbE1vMQpZNlY2Y2NTajdLVHdlVERlMUxNbEV5MEFWRWlZUUkzelU0MytzS0VJVXI4VnZla1p6VzR2aERWYTRjRFdQL21hCjAxTllaekczZ05BajY4UlYyb3ZIalVEeHgxc3U3SXdCWGpTOG9GUFJjc0FSQWdNQkFBR2pmREI2TUE0R0ExVWQKRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVApBUUgvQkFJd0FEQWRCZ05WSFE0RUZnUVVSRFFDZkJMTkdEcko4YnE4Nk1wS3lzTWZMend3SEFZRFZSMFJCQlV3CkU0SUZkbUYxYkhTSEJIOEFBQUdIQk1Db0tsMHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSjFORU52UGpyQnoKZTFtZGZKb3BRZk1FTWNHSDdyV1lPckllYkQxbXlzS1U4ci82ZzVSSURBc0FiNnZ6SzBoQ25GMVB0K1Z6Rm8wOApsWUoxN1dMdjdlODZVSHg3UGNHdWxUaWloVVVzNFJXZlRISnhVVkgxdjA3M2xZUk4rNVZsemdwN2VaVG0zVld6CkpEbSt3dzZzdGJzSlFJcFV4L2dFZmtnd2EzUFhCTVF0dVlOSmpIaDVZUEFTcVYydDNwV2xMMkVXdDczQWIyN1QKMGJBRjNVMWxVb0huekx0dTJ5ZzBFVFM4UUZFbkpaUWxzNlV0Z05NSnZ1THRxUmxNK1M2THpETklDQTUyWlpqQgpKK3lnTU9FN01JOHBkYmdDQmRvQVBzQVJsQW5YQmczOGZJK2RNc3lmeGJQaUlpdDRRM3JDN1dqSXR2YmhJS1l6CjV3Tmt4NCtWTzBjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
  creationTimestamp: 2019-12-28T03:17:09Z
  name: vault
  namespace: vault-demo
  resourceVersion: "47312"
  selfLink: /api/v1/namespaces/vault-demo/secrets/vault
  uid: 889baf58-2920-11ea-8aa3-525400f815dd
type: Opaque


deployment.yaml
=================================================
kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    app: vault
  name: vault
spec:
  replicas: 1
  selector:
    matchLabels:
      app: vault
  template:
    metadata:
      labels:
        app: vault
    spec:
      serviceAccountName: vault-auth
      containers:
      - image: 172.30.1.1:5000/vault-demo/vault:1.3.1
        name: vault
        ports:
        - containerPort: 8200
          name: vaultport
          protocol: TCP
        args:
        - server
        - -log-level=debug
        env:
        - name: SKIP_SETCAP
          value: 'true'
        - name: SKIP_CHOWN
          value: 'true'
        - name: VAULT_LOCAL_CONFIG
          valueFrom:
            configMapKeyRef:
              name: vault-config
              key: vault-config
        volumeMounts:
        - name: vault-file-backend
          mountPath: /vault/file
          readOnly: false
      volumes:
      - name: vault-file-backend
        persistentVolumeClaim:
          claimName: vault-file-backend
      - name: vault
        secret:
          secretName: vault
	$ oc logs pod/vault-f65cb7877-gmh9z
	Error initializing listener of type tcp: error loading TLS cert: open /etc/certs/vault.pem: no such file or directory

	=================================================
	vault-tls setup
	=================================================
	blog : https://testdriven.io/blog/running-vault-and-consul-on-kubernetes/
	==================================================

	INSTALL AND DIR STRUCTURE
	====================================================
	$ mkdir $HOME/go
	$ export GOPATH=$HOME/go
	$ export PATH=$PATH:$GOPATH/bin

	Next, install the SSL ToolKit:
	$ go get -u github.com/cloudflare/cfssl/cmd/cfssl
	$ go get -u github.com/cloudflare/cfssl/cmd/cfssljson

	├── certs
	│ ├── config
	│ │ ├── ca-config.json
	│ │ ├── ca-csr.json
	│ │ └── vault-csr.json
	└── vault
	===========================================================

	Following the steps to create ca and vault key and pem files
	===========================================================
	cat certs/config/ca-csr.json
	{
	"hosts": [
	"cluster.local"
	],
	"key": {
	"algo": "rsa",
	"size": 2048
	},
	"names": [
	{
	"C": "CL",
	"ST": "RM",
	"L": "Santiago"
	}
	]
	}

	cat certs/config/ca-config.json
	{
	"signing": {
	"default": {
	"expiry": "87600h"
	},
	"profiles": {
	"default": {
	"usages": [
	"signing",
	"key encipherment",
	"server auth",
	"client auth"
	],
	"expiry": "8760h"
	}
	}
	}
	}

	cat certs/config/vault-csr.json ## In the host's list added the minishift ip
	{
	"hosts": [
	"vault",
	"127.0.0.1",
	"192.168.xx.xx"
	],
	"key": {
	"algo": "rsa",
	"size": 2048
	},
	"names": [
	{
	"C": "CL",
	"ST": "RM",
	"L": "Santiago"
	}
	]
	}

	cfssl$ cfssl gencert -initca certs/config/ca-csr.json \| cfssljson -bare certs/ca
	2019/12/27 23:54:26 [INFO] generating a new CA key and certificate from CSR
	2019/12/27 23:54:26 [INFO] generate received request
	2019/12/27 23:54:26 [INFO] received CSR
	2019/12/27 23:54:26 [INFO] generating key: rsa-2048
	2019/12/27 23:54:27 [INFO] encoded CSR
	2019/12/27 23:54:27 [INFO] signed certificate with serial number 614428927684934858812592719940307578889967342863

	cfssl$ ls -l certs/
	total 20
	-rw-r--r-- 1 apurb apurb 985 Dec 27 23:54 ca.csr
	-rw------- 1 apurb apurb 1679 Dec 27 23:54 ca-key.pem
	-rw-r--r-- 1 apurb apurb 1159 Dec 27 23:54 ca.pem
	drwxr-xr-x 2 apurb apurb 4096 Dec 27 23:52 config
	drwxr-xr-x 2 apurb apurb 4096 Dec 27 23:37 vault

	for Vault:

	$ cfssl gencert \
	-ca=certs/ca.pem \
	-ca-key=certs/ca-key.pem \
	-config=certs/config/ca-config.json \
	-profile=default \
	certs/config/vault-csr.json \| cfssljson -bare certs/vault

	cfssl$ cfssl gencert \
	> -ca=certs/ca.pem \
	> -ca-key=certs/ca-key.pem \
	> -config=certs/config/ca-config.json \
	> -profile=default \
	> certs/config/vault-csr.json \| cfssljson -bare certs/vault
	2019/12/28 00:07:33 [INFO] generate received request
	2019/12/28 00:07:33 [INFO] received CSR
	2019/12/28 00:07:33 [INFO] generating key: rsa-2048
	2019/12/28 00:07:33 [INFO] encoded CSR
	2019/12/28 00:07:33 [INFO] signed certificate with serial number 548062694835770430502296617561455400237122881553

	==================================================
	create secret
	===================================================
	oc create secret generic vault \
	--from-file=certs/ca.pem \
	--from-file=certs/vault.pem \
	--from-file=certs/vault-key.pem

	cfssl$ oc get secrets vault -o yaml
	apiVersion: v1
	data:
	ca.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLakNDQWhLZ0F3SUJBZ0lVYTUveUxiQkhqaU1ad25vNW14RUFVSU41bFE4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0xURUxNQWtHQTFVRUJoTUNRMHd4Q3pBSkJnTlZCQWdUQWxKTk1SRXdEd1lEVlFRSEV3aFRZVzUwYVdGbgpiekFlRncweE9URXlNamd3TWpRNU1EQmFGdzB5TkRFeU1qWXdNalE1TURCYU1DMHhDekFKQmdOVkJBWVRBa05NCk1Rc3dDUVlEVlFRSUV3SlNUVEVSTUE4R0ExVUVCeE1JVTJGdWRHbGhaMjh3Z2dFaU1BMEdDU3FHU0liM0RRRUIKQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNwbzFSbkNJZ3pycnV4QW1XZW9jeFBYM1hFVjdSV3ZTenZjalJhNUF2SwpkZUhJdFYwckdsdlJGVHk3L2RoY3hVcnYyaGFBcVFWdDAvMkhtUEVkQzFpQWNRYVVaczJaSXU5TGFLQ1dIOTJICnhQODlCeWlpRytWaisybTV0MStndjVHb1NSclE2Z0xIZHNHNkp1WGs4NzFicGpLOHBWQmJCRDU0aC9HK0tIT2MKcFRRaDIyZXpJcWdiYlFwbWVIL2l4SlpLVkV1R2pJbnl2RXNwU0FjYm8rdHNOMXFLSTVWbyt1dld0dzhTWVZmNApQY0MwbW5FMUhCZUZJM3V1WCttK2JRVXFaMC9QMGIzTjEvcFNJcFExUmxlaVY0clJnYU4waGU1Ykd1WGNNMG1uCmpJalhTK0QzMHhXK3lYTnp3MEFROEVUL2tJZ1NlREM0bFpRRGhrYmpPK3lYQWdNQkFBR2pRakJBTUE0R0ExVWQKRHdFQi93UUVBd0lCQmpBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJTQXNYU2h5MkhpaEpLYgpzeEhyZGxhMjh2azZKakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBZFBIb2tCSzJjRy9wc2h1eFJFaXlvQWlaCi9XUDlTK1VBVERqVHVjOUh4eng3UjAxTVFUeURuY2xVQjVITy90NERXcXBzM0x4TUJhTENIWFVtMEw0SmoxL0IKRHA3TUFEazFJRHJtZkxYMXExRkNZd2crbTNkU25NVmQ0RjE4TGk5TXhmUm0vMGFFdnJpOVltbnNZNmJ1SUdxdwpOT0Y2L3dHc0lPMkdQV2lsSHozUzVvbU5ETEpxY1NyQnVRMlQvQTJHeVpOeGVKRWNFQ25RQXU2MFZoZUNUdzh2ClhYc1JvVDlEU085cGFvSnJhTUswd1pDbFcwTlB3SnV1SVlMOU9rVm9rYkpxVk5SNlFFUG5xUldBcTZDSTJYQm4KWVp5S29zbFc4bGhzOWQwVU50SnJSNnEyS3NYaWlTMy9XSjRQVHBNTWI0UzhsSjh0RkwyZ2pQa0dkbmdvWkE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
	vault-key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdjVGekVVcmxKb2NvQ1FlM05RcEV6ZEloelVqWUVkbFlEdnZlRE9uWi8ydW9jTEtqCjI5a0NkUUExQktrbXh4bDZ5RjVlTlE5VndTbGlLWFduZE1LSFpmaXBCZnhNN3BFY1dNR3pWVzNsYnlFUzN0QlQKNEhXeFlBQzdncTFhV0gwNmRrRFVURTJzcUpvSEY2L09pZXpPd1hmQmFUV2d4QUxsTEw0cE1ENzVhVmFCbUJFZgpERjlSSXpjbFo2M1FzMURJbCtVQ3hpTHdQcXp0SjArMEhGWUwxVDdydHpGKzVRVEpmL09PQ1pUS05XT2xlbkhFCm8reWs4SGt3M3RTekpSTXRBRlJJbUVDTjgxT04vckNoQ0ZLL0ZiM3BHYzF1TDRRMVd1SEExai81bXROVFdHY3gKdDREUUkrdkVWZHFMeDQxQThjZGJMdXlNQVY0MHZLQlQwWExBRVFJREFRQUJBb0lCQUhMSkQxNnNOdFE0SmdnTApKSDdXa1ZXV2RJU1NBazNub25rUCtBUmExekhSNjFMajU0VWk2Zkw3VmNsZUpZc2xQRW4xS1pPM2haWEJXejBtCmIxbHAra0ZpbHJ5c2FkaUZBS3c2SEYrekFzZnMxR2JJQTRvNld6Y0FHVnI2em1pNVdKOWt4eENWZGtCc1VwV2gKMVNzVnh1bHIvV3N5SkF0dkJLMGpvSUIxSzNNdXhmaGdkeHBldWF2VDJoYkplRUpOTi9naC8yYmg2bU9Jd1hKeQp0Z1FKRk1iUHZ2aVpJN2V4SGQwbDVxMGNvNm9vY3h1UXVzVUs3cWJxUnllQWlPN2FXR3RUam15ZThQLy8wWUJJCmRibEtjQTV5OVFLNTV6Nk1YU3VTc25xeVYwTnBGUkFDNm9ieW9aRDZLU0F5Z3RxbkhVYmRyRElyenlnVHFlbnkKbjl0NHcwRUNnWUVBMlpoaHY1Q0JrRVRsMTBpNVZER21HdVdRdVJSaFh2SkZTYmdEdVMvb2JqaXlsRlA5UGY4YgpqRW9DdG5taXQxT3FubUtWZ3BYOXVGUUlqdXpxVTFrK3NSNnUraTUrc2xtRGF0dUIzSWNGTnRaWXlBOUdCWmNMCmxQWkh6REVkSEFGM0hHVVVZc1lhZUhiSlA1TytSYnNzem9MK2JyYzhmaFl5anMwU2s5RVBzcWtDZ1lFQTRXRVYKcXd4WjJmYW9HZnV6MFBOTWRsQngwcFdBQjJjWmlnM3V0VFdrM0MwbS9XQWpyN0xOV0x1WFZkN1lPNzBOUjRDUApETGtNcjZVbVpoTWM3V0lBeDVqSnV2ZjRTRFFhUnJFd2RtaE90QkhzaVBwUkFBTTgxMk9LSlhvenk4d0MrL0JLCnprNFRKZjhidGtGMjB2aXlGOWZMb3FCVDlvQ3N6OW1OL0dnKzZ5a0NnWUJpNkk5V0ludWlkbzc3WXdWTExoNVIKRDVUUGJHSXVaSFgyWW56ZXl0WWVkQXRJdlR6WjE0SlFMTHc2OGVOeTdjY2FvN2xPV0p1eUZCQ24xeTFVb2JhTAprR1Q5Ti9GRFpNa0Y0NjJON3BvQ0tVREYvNXRXb3lnU21EaGVxdHlPaEdQK05qd2tBZVM2YVZSbFgrVVhrVk4yCnM3aXYzdjdTV1lpMXZLWDdKd2E1c1FLQmdCSnV6a2JmQzdvMzRpZTkza2NJbndoT0xBRDlHU3VCMHlUblhzNlQKUkpoOVdPTUFLZXNFeEthdE1RTms1bXA4VzhtdFNnWFFYS2xBNkpNUW5SME5GdU04SzhPTzVFK0RjMkswdXpIego5ZnZrTzJRNGxNZGJmRzVoUmJzcTgzR0hqZmJ0QURFL1VYR2FHN29jUUl1Z3EzQW54Zy9XN1FjTUh4WWd4T3dQCjJwV0JBb0dBWXg1bGZOdUF3MTNoaHlWdEtvb0pzNXR6TEpvS0pLQjI0NGc2WHVFUnl1eFcyaVZqcGRjN0M5djgKTDk5Q3VyQmtxbTAyVjI1elp0QjFrSGNyZkNWSVFVRFIxNmdTMTNtd2VuREhHNmZGeEczdWQ3c0J6cU85WWM5RwpuNFdSdUhhRVluQVpnOUNnMVZseERaTTlzWEhTVFNWbDVhN1g4M1pRdHp4VUVSYm4xbVU9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
	vault.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaRENDQWt5Z0F3SUJBZ0lVWC8vN01EQ1JaVjE3NmJaNG5BMy9uazRhaUJFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0xURUxNQWtHQTFVRUJoTUNRMHd4Q3pBSkJnTlZCQWdUQWxKTk1SRXdEd1lEVlFRSEV3aFRZVzUwYVdGbgpiekFlRncweE9URXlNamd3TXpBek1EQmFGdzB5TURFeU1qY3dNekF6TURCYU1DMHhDekFKQmdOVkJBWVRBa05NCk1Rc3dDUVlEVlFRSUV3SlNUVEVSTUE4R0ExVUVCeE1JVTJGdWRHbGhaMjh3Z2dFaU1BMEdDU3FHU0liM0RRRUIKQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMva1hNUlN1VW1oeWdKQjdjMUNrVE4waUhOU05nUjJWZ08rOTRNNmRuLwphNmh3c3FQYjJRSjFBRFVFcVNiSEdYcklYbDQxRDFYQktXSXBkYWQwd29kbCtLa0YvRXp1a1J4WXdiTlZiZVZ2CklSTGUwRlBnZGJGZ0FMdUNyVnBZZlRwMlFOUk1UYXlvbWdjWHI4Nko3TTdCZDhGcE5hREVBdVVzdmlrd1B2bHAKVm9HWUVSOE1YMUVqTnlWbnJkQ3pVTWlYNVFMR0l2QStyTzBuVDdRY1ZndlZQdXUzTVg3bEJNbC84NDRKbE1vMQpZNlY2Y2NTajdLVHdlVERlMUxNbEV5MEFWRWlZUUkzelU0MytzS0VJVXI4VnZla1p6VzR2aERWYTRjRFdQL21hCjAxTllaekczZ05BajY4UlYyb3ZIalVEeHgxc3U3SXdCWGpTOG9GUFJjc0FSQWdNQkFBR2pmREI2TUE0R0ExVWQKRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVApBUUgvQkFJd0FEQWRCZ05WSFE0RUZnUVVSRFFDZkJMTkdEcko4YnE4Nk1wS3lzTWZMend3SEFZRFZSMFJCQlV3CkU0SUZkbUYxYkhTSEJIOEFBQUdIQk1Db0tsMHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSjFORU52UGpyQnoKZTFtZGZKb3BRZk1FTWNHSDdyV1lPckllYkQxbXlzS1U4ci82ZzVSSURBc0FiNnZ6SzBoQ25GMVB0K1Z6Rm8wOApsWUoxN1dMdjdlODZVSHg3UGNHdWxUaWloVVVzNFJXZlRISnhVVkgxdjA3M2xZUk4rNVZsemdwN2VaVG0zVld6CkpEbSt3dzZzdGJzSlFJcFV4L2dFZmtnd2EzUFhCTVF0dVlOSmpIaDVZUEFTcVYydDNwV2xMMkVXdDczQWIyN1QKMGJBRjNVMWxVb0huekx0dTJ5ZzBFVFM4UUZFbkpaUWxzNlV0Z05NSnZ1THRxUmxNK1M2THpETklDQTUyWlpqQgpKK3lnTU9FN01JOHBkYmdDQmRvQVBzQVJsQW5YQmczOGZJK2RNc3lmeGJQaUlpdDRRM3JDN1dqSXR2YmhJS1l6CjV3Tmt4NCtWTzBjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
	kind: Secret
	metadata:
	creationTimestamp: 2019-12-28T03:17:09Z
	name: vault
	namespace: vault-demo
	resourceVersion: "47312"
	selfLink: /api/v1/namespaces/vault-demo/secrets/vault
	uid: 889baf58-2920-11ea-8aa3-525400f815dd
	type: Opaque


	deployment.yaml
	=================================================
	kind: Deployment
	apiVersion: apps/v1
	metadata:
	labels:
	app: vault
	name: vault
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: vault
	template:
	metadata:
	labels:
	app: vault
	spec:
	serviceAccountName: vault-auth
	containers:
	- image: 172.30.1.1:5000/vault-demo/vault:1.3.1
	name: vault
	ports:
	- containerPort: 8200
	name: vaultport
	protocol: TCP
	args:
	- server
	- -log-level=debug
	env:
	- name: SKIP_SETCAP
	value: 'true'
	- name: SKIP_CHOWN
	value: 'true'
	- name: VAULT_LOCAL_CONFIG
	valueFrom:
	configMapKeyRef:
	name: vault-config
	key: vault-config
	volumeMounts:
	- name: vault-file-backend
	mountPath: /vault/file
	readOnly: false
	volumes:
	- name: vault-file-backend
	persistentVolumeClaim:
	claimName: vault-file-backend
	- name: vault
	secret:
	secretName: vault