Last active
November 8, 2019 12:54
-
-
Save gitrgoliveira/46c8df615189f70a8c4cf7ce64bafed6 to your computer and use it in GitHub Desktop.
OpenShift setup with Vault and minishift
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
# https://192.168.99.102:8443/console | |
MINISHIFT="true" | |
OPENSHIFT=192.168.99.103:8443 | |
OPENSHIFT_ADDR=https://$OPENSHIFT | |
PROJECT=vault-test | |
export VAULT_ADDR='http://127.0.0.1:8200' | |
export VAULT_TOKEN=root | |
if [[ $MINISHIFT = "true" ]] ; then | |
eval $(minishift oc-env) | |
oc login -u system:admin | |
oc new-project $PROJECT | |
fi | |
#### Setup up OpenShift | |
oc create sa vault-auth | |
oc adm policy add-cluster-role-to-user system:auth-delegator system:serviceaccount:$PROJECT:vault-auth | |
reviewer_service_account_jwt=$(oc serviceaccounts get-token vault-auth) | |
openssl s_client -showcerts -connect $OPENSHIFT < /dev/null | openssl x509 -outform PEM > cert.pem | |
#### Setup up Vault | |
vault auth enable -tls-skip-verify kubernetes || true | |
vault write -tls-skip-verify auth/kubernetes/config token_reviewer_jwt=${reviewer_service_account_jwt} kubernetes_host=$OPENSHIFT_ADDR kubernetes_ca_cert=@cert.pem | |
vault write -tls-skip-verify auth/kubernetes/role/test_role bound_service_account_names=default bound_service_account_namespaces='*' policies=default ttl=2h | |
#### testing kubernetes auth | |
default_account_token=$(oc serviceaccounts get-token default -n default) | |
vault write -tls-skip-verify auth/kubernetes/login role=test_role jwt=${default_account_token} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
minishift start --vm-driver=virtualbox | |
vault server -dev -dev-root-token-id='root' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment