johanngyger/vault kubernetes synchronizer demo

## vault kubernetes synchronizer demo
$ envsubst < vault-kubernetes-synchronizer-demo.yaml | k apply -f -
job.batch/vault-kubernetes-synchronizer-demo created

$ k get all
NAME                                           READY   STATUS    RESTARTS   AGE
pod/vault-kubernetes-synchronizer-demo-m2xnz   1/1     Running   0          4s
NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   3d5h
NAME                                           COMPLETIONS   DURATION   AGE
job.batch/vault-kubernetes-synchronizer-demo   0/1           4s         4s

$ k logs pod/vault-kubernetes-synchronizer-demo-m2xnz -c vault-kubernetes-authenticator
2019/04/18 14:29:42 successfully authenticated to vault
2019/04/18 14:29:42 successfully stored vault token at /home/vault/.vault-token

$ k logs pod/vault-kubernetes-synchronizer-demo-m2xnz
2019/04/18 14:29:43 read secret/demo/first from vault
2019/04/18 14:29:43 update secret third from vault secret secret/demo/first
2019/04/18 14:29:43 read secret/demo/greek/alpha from vault
2019/04/18 14:29:43 update secret alpha from vault secret secret/demo/greek/alpha
2019/04/18 14:29:43 read secret/demo/greek/beta from vault
2019/04/18 14:29:43 update secret beta from vault secret secret/demo/greek/beta
2019/04/18 14:29:43 read secret/demo/greek/gamma from vault
2019/04/18 14:29:43 update secret gamma from vault secret secret/demo/greek/gamma
2019/04/18 14:29:43 read secret/demo/first from vault
2019/04/18 14:29:43 update secret first from vault secret secret/demo/first
2019/04/18 14:29:43 read secret/demo/second from vault
2019/04/18 14:29:43 update secret second from vault secret secret/demo/second
2019/04/18 14:29:44 secrets successfully synchronized

$ k get secrets
NAME                               TYPE                                  DATA   AGE
alpha                              Opaque                                1      2m43s
beta                               Opaque                                1      2m43s
default-token-ssd7f                kubernetes.io/service-account-token   3      3d5h
first                              Opaque                                2      2m43s
gamma                              Opaque                                1      2m43s
second                             Opaque                                2      2m43s
third                              Opaque                                2      2m43s
vault-serviceaccount-token-f6tnw   kubernetes.io/service-account-token   3      2d20h

$ k describe secret first
Name:         first
Namespace:    default
Labels:       <none>
Annotations:  vault-secret: secret/demo/first
Type:  Opaque
Data
====
one:  10 bytes
two:  10 bytes

$ k describe secret alpha
Name:         alpha
Namespace:    default
Labels:       <none>
Annotations:  vault-secret: secret/demo/greek/alpha
Type:  Opaque
Data
====
philosopher:  5 bytes
	$ envsubst < vault-kubernetes-synchronizer-demo.yaml \| k apply -f -
	job.batch/vault-kubernetes-synchronizer-demo created

	$ k get all
	NAME READY STATUS RESTARTS AGE
	pod/vault-kubernetes-synchronizer-demo-m2xnz 1/1 Running 0 4s
	NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
	service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3d5h
	NAME COMPLETIONS DURATION AGE
	job.batch/vault-kubernetes-synchronizer-demo 0/1 4s 4s

	$ k logs pod/vault-kubernetes-synchronizer-demo-m2xnz -c vault-kubernetes-authenticator
	2019/04/18 14:29:42 successfully authenticated to vault
	2019/04/18 14:29:42 successfully stored vault token at /home/vault/.vault-token

	$ k logs pod/vault-kubernetes-synchronizer-demo-m2xnz
	2019/04/18 14:29:43 read secret/demo/first from vault
	2019/04/18 14:29:43 update secret third from vault secret secret/demo/first
	2019/04/18 14:29:43 read secret/demo/greek/alpha from vault
	2019/04/18 14:29:43 update secret alpha from vault secret secret/demo/greek/alpha
	2019/04/18 14:29:43 read secret/demo/greek/beta from vault
	2019/04/18 14:29:43 update secret beta from vault secret secret/demo/greek/beta
	2019/04/18 14:29:43 read secret/demo/greek/gamma from vault
	2019/04/18 14:29:43 update secret gamma from vault secret secret/demo/greek/gamma
	2019/04/18 14:29:43 read secret/demo/first from vault
	2019/04/18 14:29:43 update secret first from vault secret secret/demo/first
	2019/04/18 14:29:43 read secret/demo/second from vault
	2019/04/18 14:29:43 update secret second from vault secret secret/demo/second
	2019/04/18 14:29:44 secrets successfully synchronized

	$ k get secrets
	NAME TYPE DATA AGE
	alpha Opaque 1 2m43s
	beta Opaque 1 2m43s
	default-token-ssd7f kubernetes.io/service-account-token 3 3d5h
	first Opaque 2 2m43s
	gamma Opaque 1 2m43s
	second Opaque 2 2m43s
	third Opaque 2 2m43s
	vault-serviceaccount-token-f6tnw kubernetes.io/service-account-token 3 2d20h

	$ k describe secret first
	Name: first
	Namespace: default
	Labels: <none>
	Annotations: vault-secret: secret/demo/first
	Type: Opaque
	Data
	====
	one: 10 bytes
	two: 10 bytes

	$ k describe secret alpha
	Name: alpha
	Namespace: default
	Labels: <none>
	Annotations: vault-secret: secret/demo/greek/alpha
	Type: Opaque
	Data
	====
	philosopher: 5 bytes