Kickstart for using vault and consul cli tools (helpful alternative to curl for debugging missing consul configs or vault secrets)

consul-vault-cli-kickstart.sh

# Consul and Vault k8s cli clients for working with k8s cluster consul and vault per namespace

# Mac: brew install consul vault
# Consul v1.4.4
# Vault v1.1.1
# kubectl (client: v1.14.1, server: v1.10.11)

# export k8s namespace if you use namespace, otherwise use default:
export NAMESPACE=<your-namespace-or-just-put-default>
export VAULT_TOKEN=<your-vault-token>
export CONSUL_TOKEN=<your-consul-token>
# grab cluster ip and nodeport for vault pod
export VAULT_ADDR="http://$(kubectl cluster-info |  awk -F[/:] '{print $4}' | head -1):$(kubectl -n ${NAMESPACE} get -o jsonpath='{.spec.ports[0].nodePort}' services vault)"
# grab consul pod's internal ip and assume port 8301
export CONSUL_INTERNAL_ADDR="$(kubectl -n ${NAMESPACE} describe pod consul | egrep 'IP:'| awk -F ':' '{gsub(/^[ \t]+/, "", $2);print $2":8301"}')"

vault login $VAULT_TOKEN
vault status
consul join -token=$CONSUL_TOKEN $CONSUL_INTERNAL_ADDR
consul members

# Now intead of composing a curl api request try to check vault secrets via:
#
#   vault kv get secret/$NAMESPACE/some-service/v2
#
# ...or to check on Consul configs:
#
#   consul kv get appconfig/$NAMESPACE/some-service/v2/SOME_KEY
#