Skip to content

Instantly share code, notes, and snippets.

Johann Gyger jogy

View GitHub Profile
View vault kubernetes synchronizer demo
$ k apply -f vault-kubernetes-synchronizer-demo.yaml
job.batch/vault-kubernetes-synchronizer-demo created
$ k get all
NAME READY STATUS RESTARTS AGE
pod/vault-kubernetes-synchronizer-demo-m2xnz 1/1 Running 0 4s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3d5h
NAME COMPLETIONS DURATION AGE
job.batch/vault-kubernetes-synchronizer-demo 0/1 4s 4s
View vault-kubernetes-synchronizer-demo.yaml
---
apiVersion: batch/v1
kind: Job
metadata:
name: vault-kubernetes-synchronizer-demo
spec:
backoffLimit: 0
template:
spec:
serviceAccountName: vault-serviceaccount
View vault kubernetes token renewer demo
$ k apply -f vault-kubernetes-token-renewer-demo.yaml
deployment.apps/vault-kubernetes-token-renewer-demo created
$ k get all
NAME READY STATUS RESTARTS AGE
pod/vault-kubernetes-token-renewer-demo-694cc7dbbd-rkbbs 2/2 Running 0 4s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 31h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/vault-kubernetes-token-renewer-demo 1/1 1 1 4s
View vault-kubernetes-token-renewer-demo.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vault-kubernetes-token-renewer-demo
labels:
appl: vault-kubernetes-token-renewer-demo
spec:
replicas: 1
selector:
View vault kubernetes authenticator demo
$ k apply -f vault-kubernetes-authenticator-demo.yaml
deployment.apps/vault-kubernetes-authenticator-demo created
$ k get all
NAME READY STATUS RESTARTS AGE
pod/vault-kubernetes-authenticator-demo-fc49b957c-b5bnx 1/1 Running 0 81s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/vault-kubernetes-authenticator-demo 1/1 1 1 81s
View rbac vault
$ k apply -f vault-rbac.yaml
serviceaccount/vault-serviceaccount created
clusterrolebinding.rbac.authorization.k8s.io/vault-clusterrolebinding created
role.rbac.authorization.k8s.io/vault-secret-admin-role created
rolebinding.rbac.authorization.k8s.io/vault-demo-secret-admin-rolebinding created
View vault-kubernetes-authenticator-demo.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vault-kubernetes-authenticator-demo
labels:
appl: vault-kubernetes-authenticator-demo
spec:
replicas: 1
selector:
View vault-rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: vault-serviceaccount
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
View configure-vault.sh
export VAULT_ADDR=http://10.142.0.3:8200
# Enable and configure the Kubernetes auth method.
# For details, see:
# - https://www.vaultproject.io/docs/auth/kubernetes.html
# - https://www.vaultproject.io/api/auth/kubernetes/index.html
vault auth enable kubernetes
vault write auth/kubernetes/config \
kubernetes_host=https://10.142.0.3:6443 \
kubernetes_ca_cert=@/etc/kubernetes/pki/ca.crt
View vault server
$ vault server -dev -dev-listen-address=0.0.0.0:8200
==> Vault server configuration:
Api Address: http://0.0.0.0:8200
Cgo: disabled
Cluster Address: https://0.0.0.0:8201
Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Log Level: info
Mlock: supported: true, enabled: false
Storage: inmem
You can’t perform that action at this time.