This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: secrets-store.csi.x-k8s.io/v1 | |
kind: SecretProviderClass | |
metadata: | |
name: vault-credentials | |
spec: | |
provider: vault | |
secretObjects: | |
- data: | |
- key: user | |
objectName: user |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 | |
kind: SecretProviderClass | |
metadata: | |
name: vault-user-creds | |
spec: | |
provider: vault | |
parameters: | |
roleName: 'csi-kv' | |
vaultAddress: 'http://vault:8200' | |
objects: | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
helm repo add hashicorp https://helm.releases.hashicorp.com | |
helm repo update | |
helm install vault hashicorp/vault \ | |
--set "server.dev.enabled=true" \ | |
--set "injector.enabled=false" \ | |
--set "csi.enabled=true" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 | |
kind: SecretProviderClass | |
metadata: | |
name: vault-db-creds | |
spec: | |
# Vault CSI Provider | |
provider: vault | |
parameters: | |
# Vault role name to use during login |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## ADD Helm Repo | |
helm repo add secrets-store-csi-driver https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts | |
## Install the chart | |
helm install csi secrets-store-csi-driver/secrets-store-csi-driver |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ kubectl exec -it vault-0 -- /bin/sh | |
$ vault login root | |
$ vault secrets enable -version=1 kv | |
$ vault auth enable kubernetes | |
$ vault write auth/kubernetes/config token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443" kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Pod | |
metadata: | |
annotations: | |
vault.hashicorp.com/agent-inject: "true" | |
vault.hashicorp.com/agent-init-first: "true" | |
vault.hashicorp.com/agent-inject-secret-server.key: "pki/issue/bettercallpavan" | |
vault.hashicorp.com/agent-inject-template-server.key: | | |
{{- with secret "pki/issue/bettercallpavan" "common_name=test.betetrcallpavan.com" -}} | |
{{ .Data.private_key }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
pull_request: | |
branches: | |
- infracost | |
jobs: | |
infracost: | |
runs-on: ubuntu-latest | |
env: | |
working-directory: ec2/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## | |
# You should look at the following URL's in order to grasp a solid understanding | |
# of Nginx configuration files in order to fully unleash the power of Nginx. | |
# https://www.nginx.com/resources/wiki/start/ | |
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ | |
# https://wiki.debian.org/Nginx/DirectoryStructure | |
# | |
# In most cases, administrators will remove this file from sites-enabled/ and | |
# leave it as reference inside of sites-available where it will continue to be | |
# updated by the nginx packaging team. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: 3 | |
automerge: true | |
delete_source_branch_on_merge: true | |
parallel_plan: true | |
parallel_apply: true | |
projects: | |
- name: ec2 | |
dir: ./ec2 | |
workspace: default | |
terraform_version: v1.1.1 |