I hereby claim:
- I am jogy on github.
- I am jogy (https://keybase.io/jogy) on keybase.
- I have a public key ASAhVR1P4R03UIoqAcs6uSPTwZ-59aOOzVO8_ieB7XSqcwo
To claim this, I am signing this object:
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: vault-kubernetes-authenticator-demo | |
labels: | |
appl: vault-kubernetes-authenticator-demo | |
spec: | |
replicas: 1 | |
selector: |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: vault-serviceaccount | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: |
# NOTE: You may need to set these addresses differently. | |
export INTERNAL_IP=$(dig +short `hostname -f`) | |
export VAULT_ADDR=http://${INTERNAL_IP}:8200 | |
# Enable and configure the Kubernetes auth method. | |
# For details, see: | |
# - https://www.vaultproject.io/docs/auth/kubernetes.html | |
# - https://www.vaultproject.io/api/auth/kubernetes/index.html | |
vault auth enable kubernetes | |
vault write auth/kubernetes/config \ |
$ vault server -dev -dev-listen-address=0.0.0.0:8200 & | |
==> Vault server configuration: | |
Api Address: http://0.0.0.0:8200 | |
Cgo: disabled | |
Cluster Address: https://0.0.0.0:8201 | |
Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled") | |
Log Level: info | |
Mlock: supported: true, enabled: false | |
Storage: inmem |
# Install Vault | |
sudo apt install -y zip | |
curl -OL https://releases.hashicorp.com/vault/1.1.1/vault_1.1.1_linux_amd64.zip | |
unzip vault_1.1.1_linux_amd64.zip | |
sudo mv vault /usr/local/bin/ | |
vault -autocomplete-install && exec $SHELL |
# 1) Install Kubernetes on a Ubuntu machine | |
sudo -i | |
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - | |
echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' >> /etc/apt/sources.list.d/kubernetes.list | |
apt update && apt install -y docker.io kubelet kubeadm kubectl | |
sudo systemctl enable docker.service | |
kubeadm init --pod-network-cidr=10.244.0.0/16 # Flannel pod network, see below | |
exit | |
# 2) Prepare kubectl |
I hereby claim:
To claim this, I am signing this object: