Skip to content

Instantly share code, notes, and snippets.

View johanngyger's full-sized avatar

Johann Gyger johanngyger

View GitHub Profile

Keybase proof

I hereby claim:

  • I am jogy on github.
  • I am jogy (https://keybase.io/jogy) on keybase.
  • I have a public key ASAhVR1P4R03UIoqAcs6uSPTwZ-59aOOzVO8_ieB7XSqcwo

To claim this, I am signing this object:

@johanngyger
johanngyger / install-k8s-ubuntu.sh
Last active March 2, 2020 08:42
Installing a single node Kubernetes on Ubuntu with kubeadm
# 1) Install Kubernetes on a Ubuntu machine
sudo -i
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' >> /etc/apt/sources.list.d/kubernetes.list
apt update && apt install -y docker.io kubelet kubeadm kubectl
sudo systemctl enable docker.service
kubeadm init --pod-network-cidr=10.244.0.0/16 # Flannel pod network, see below
exit
# 2) Prepare kubectl
# Install Vault
sudo apt install -y zip
curl -OL https://releases.hashicorp.com/vault/1.1.1/vault_1.1.1_linux_amd64.zip
unzip vault_1.1.1_linux_amd64.zip
sudo mv vault /usr/local/bin/
vault -autocomplete-install && exec $SHELL
$ vault server -dev -dev-listen-address=0.0.0.0:8200 &
==> Vault server configuration:
Api Address: http://0.0.0.0:8200
Cgo: disabled
Cluster Address: https://0.0.0.0:8201
Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Log Level: info
Mlock: supported: true, enabled: false
Storage: inmem
# NOTE: You may need to set these addresses differently.
export INTERNAL_IP=$(dig +short `hostname -f`)
export VAULT_ADDR=http://${INTERNAL_IP}:8200
# Enable and configure the Kubernetes auth method.
# For details, see:
# - https://www.vaultproject.io/docs/auth/kubernetes.html
# - https://www.vaultproject.io/api/auth/kubernetes/index.html
vault auth enable kubernetes
vault write auth/kubernetes/config \
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: vault-serviceaccount
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vault-kubernetes-authenticator-demo
labels:
appl: vault-kubernetes-authenticator-demo
spec:
replicas: 1
selector:
$ k apply -f vault-rbac.yaml
serviceaccount/vault-serviceaccount created
clusterrolebinding.rbac.authorization.k8s.io/vault-clusterrolebinding created
role.rbac.authorization.k8s.io/vault-secret-admin-role created
rolebinding.rbac.authorization.k8s.io/vault-demo-secret-admin-rolebinding created
$ envsubst < vault-kubernetes-authenticator-demo.yaml | k apply -f -
deployment.apps/vault-kubernetes-authenticator-demo created
$ k get all
NAME READY STATUS RESTARTS AGE
pod/vault-kubernetes-authenticator-demo-fc49b957c-b5bnx 1/1 Running 0 81s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/vault-kubernetes-authenticator-demo 1/1 1 1 81s
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vault-kubernetes-token-renewer-demo
labels:
appl: vault-kubernetes-token-renewer-demo
spec:
replicas: 1
selector: