Johann Gyger johanngyger

## vault-kubernetes-authenticator-demo.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: vault-kubernetes-authenticator-demo
  labels:
    appl: vault-kubernetes-authenticator-demo
spec:
  replicas: 1
  selector:

## vault-rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: vault-serviceaccount

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:

## configure-vault.sh
# NOTE: You may need to set these addresses differently.
export INTERNAL_IP=$(dig +short `hostname -f`)
export VAULT_ADDR=http://${INTERNAL_IP}:8200

# Enable and configure the Kubernetes auth method.
# For details, see:
# - https://www.vaultproject.io/docs/auth/kubernetes.html
# - https://www.vaultproject.io/api/auth/kubernetes/index.html
vault auth enable kubernetes
vault write auth/kubernetes/config \

## vault server
$ vault server -dev -dev-listen-address=0.0.0.0:8200 &
==> Vault server configuration:

             Api Address: http://0.0.0.0:8200
                     Cgo: disabled
         Cluster Address: https://0.0.0.0:8201
              Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
               Log Level: info
                   Mlock: supported: true, enabled: false
                 Storage: inmem

## install-vault-ubuntu.sh
# Install Vault
sudo apt install -y zip
curl -OL https://releases.hashicorp.com/vault/1.1.1/vault_1.1.1_linux_amd64.zip
unzip vault_1.1.1_linux_amd64.zip
sudo mv vault /usr/local/bin/
vault -autocomplete-install && exec $SHELL

## install-k8s-ubuntu.sh
# 1) Install Kubernetes on a Ubuntu machine
sudo -i
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' >> /etc/apt/sources.list.d/kubernetes.list
apt update && apt install -y docker.io kubelet kubeadm kubectl
sudo systemctl enable docker.service
kubeadm init --pod-network-cidr=10.244.0.0/16  # Flannel pod network, see below
exit

# 2) Prepare kubectl

## keybase.md

      
        
          
            
              
              1 file
            
          
          
            
              
              0 forks
            
          
          
            
              
              0 comments
            
          
          
            
              
              0 stars
            
          
        
        
          
              
          
          
            
                johanngyger
                / keybase.md
            
            
              Created
              September 16, 2016 16:59
            
          
        
      
        
  
      
    Keybase proof

I hereby claim:

I am jogy on github.
I am jogy (https://keybase.io/jogy) on keybase.
I have a public key ASAhVR1P4R03UIoqAcs6uSPTwZ-59aOOzVO8_ieB7XSqcwo

To claim this, I am signing this object:
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: vault-kubernetes-authenticator-demo
	labels:
	appl: vault-kubernetes-authenticator-demo
	spec:
	replicas: 1
	selector:
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: vault-serviceaccount

	---
	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRoleBinding
	metadata:
	# NOTE: You may need to set these addresses differently.
	export INTERNAL_IP=$(dig +short `hostname -f`)
	export VAULT_ADDR=http://${INTERNAL_IP}:8200

	# Enable and configure the Kubernetes auth method.
	# For details, see:
	# - https://www.vaultproject.io/docs/auth/kubernetes.html
	# - https://www.vaultproject.io/api/auth/kubernetes/index.html
	vault auth enable kubernetes
	vault write auth/kubernetes/config \
	$ vault server -dev -dev-listen-address=0.0.0.0:8200 &
	==> Vault server configuration:

	Api Address: http://0.0.0.0:8200
	Cgo: disabled
	Cluster Address: https://0.0.0.0:8201
	Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
	Log Level: info
	Mlock: supported: true, enabled: false
	Storage: inmem
	# Install Vault
	sudo apt install -y zip
	curl -OL https://releases.hashicorp.com/vault/1.1.1/vault_1.1.1_linux_amd64.zip
	unzip vault_1.1.1_linux_amd64.zip
	sudo mv vault /usr/local/bin/
	vault -autocomplete-install && exec $SHELL
	# 1) Install Kubernetes on a Ubuntu machine
	sudo -i
	curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg \| apt-key add -
	echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' >> /etc/apt/sources.list.d/kubernetes.list
	apt update && apt install -y docker.io kubelet kubeadm kubectl
	sudo systemctl enable docker.service
	kubeadm init --pod-network-cidr=10.244.0.0/16 # Flannel pod network, see below
	exit

	# 2) Prepare kubectl