Skip to content

Instantly share code, notes, and snippets.

Johann Gyger jogy

Block or report user

Report or block jogy

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View vault kubernetes synchronizer demo
$ envsubst < vault-kubernetes-synchronizer-demo.yaml | k apply -f -
job.batch/vault-kubernetes-synchronizer-demo created
$ k get all
NAME READY STATUS RESTARTS AGE
pod/vault-kubernetes-synchronizer-demo-m2xnz 1/1 Running 0 4s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3d5h
NAME COMPLETIONS DURATION AGE
job.batch/vault-kubernetes-synchronizer-demo 0/1 4s 4s
View vault-kubernetes-synchronizer-demo.yaml
---
apiVersion: batch/v1
kind: Job
metadata:
name: vault-kubernetes-synchronizer-demo
spec:
backoffLimit: 0
template:
spec:
serviceAccountName: vault-serviceaccount
View vault kubernetes token renewer demo
$ envsubst < vault-kubernetes-token-renewer-demo.yaml | k apply -f -
deployment.apps/vault-kubernetes-token-renewer-demo created
$ k get all
NAME READY STATUS RESTARTS AGE
pod/vault-kubernetes-token-renewer-demo-694cc7dbbd-rkbbs 2/2 Running 0 4s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 31h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/vault-kubernetes-token-renewer-demo 1/1 1 1 4s
View vault-kubernetes-token-renewer-demo.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vault-kubernetes-token-renewer-demo
labels:
appl: vault-kubernetes-token-renewer-demo
spec:
replicas: 1
selector:
View vault kubernetes authenticator demo
$ envsubst < vault-kubernetes-authenticator-demo.yaml | k apply -f -
deployment.apps/vault-kubernetes-authenticator-demo created
$ k get all
NAME READY STATUS RESTARTS AGE
pod/vault-kubernetes-authenticator-demo-fc49b957c-b5bnx 1/1 Running 0 81s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/vault-kubernetes-authenticator-demo 1/1 1 1 81s
View rbac vault
$ k apply -f vault-rbac.yaml
serviceaccount/vault-serviceaccount created
clusterrolebinding.rbac.authorization.k8s.io/vault-clusterrolebinding created
role.rbac.authorization.k8s.io/vault-secret-admin-role created
rolebinding.rbac.authorization.k8s.io/vault-demo-secret-admin-rolebinding created
View vault-kubernetes-authenticator-demo.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vault-kubernetes-authenticator-demo
labels:
appl: vault-kubernetes-authenticator-demo
spec:
replicas: 1
selector:
View vault-rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: vault-serviceaccount
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
View configure-vault.sh
# NOTE: You may need to set these addresses differently.
export INTERNAL_IP=$(dig +short `hostname -f`)
export VAULT_ADDR=http://${INTERNAL_IP}:8200
# Enable and configure the Kubernetes auth method.
# For details, see:
# - https://www.vaultproject.io/docs/auth/kubernetes.html
# - https://www.vaultproject.io/api/auth/kubernetes/index.html
vault auth enable kubernetes
vault write auth/kubernetes/config \
View vault server
$ vault server -dev -dev-listen-address=0.0.0.0:8200 &
==> Vault server configuration:
Api Address: http://0.0.0.0:8200
Cgo: disabled
Cluster Address: https://0.0.0.0:8201
Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Log Level: info
Mlock: supported: true, enabled: false
Storage: inmem
You can’t perform that action at this time.