talalUcef

Install Hashicorp Vault official helm chart on minikube/Docker Desktop Kubernetes with PostgreSQL as a backend

Hashicorp Vault is a well-known secrets management solution that supports many technologies like Kubernetes and databases. Vault also supports many storage backends like Consul and PostgreSQL.

In this post, we will install Vault on a local Kubernetes cluster with a PostgreSQL backend storage, so to do that, we will first install PostgreSQL and pgAdmin and show how to install and configure Vault locally at the end.

Install PostgreSQL

If you don't have a running Postgres instance, install Postgres chart :

https://gist.github.com/b9a7385bcfdcb222edafcc13fcb20f65

talalUcef

injector:
  # True if you want to enable vault agent injection.
  enabled: "false"

server:

  # Affinity Settings
  # Commenting out or setting as empty the affinity variable, will allow
  # deployment to single node services such as Minikube
  affinity: null

talalUcef

# Create a namespace for Vault
kubectl create namespace vault

#Add helm official repo for Vault
helm repo add hashicorp https://helm.releases.hashicorp.com

# Install Vault helm chart
helm install vault-release vault --namespace vault -f values.yaml

# Expose Vault service locally

talalUcef

# Install pgAdmin helm chart
helm install pgadmin stable/pgadmin --namespace postgresql

# Expose pgAdmin service locally
kubectl port-forward -n postgresql  svc/pgadmin 8085:80

talalUcef

CREATE TABLE vault_kv_store (
  parent_path TEXT COLLATE "C" NOT NULL,
  path        TEXT COLLATE "C",
  key         TEXT COLLATE "C",
  value       BYTEA,
  CONSTRAINT pkey PRIMARY KEY (path, key)
);

CREATE INDEX parent_path_idx ON vault_kv_store (parent_path);

talalUcef

# Create a namespace for PostgreSQL
kubectl create namespace postgresql

#Install helm chart for postgreSQL 
helm install postgresql stable/postgresql --namespace postgresql

# Get postgres host
kubectl get svc --namespace postgresql postgres-release-postgresql -o jsonpath="{.spec.clusterIP}"

# Get postgreSQL postgres's user password

talalUcef

[http]
	proxy = http://host:port

[user]
	name = Name
	email = mail
[alias]
	# current branch, complete subject
        l = log --graph --abbrev-commit --date=relative --pretty=format:'%C(yellow)%h%Creset%C(auto)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset'

talalUcef

stage('Dependency Check') {
    steps {
        echo 'Running dependency check'
        withMaven(maven: 'maven 3.6.0', globalMavenSettingsConfig: 'sfcoGlobalSettingsV1', mavenSettingsConfig: 'sfcoSettingsV1') {
            sh 'mvn -Dmaven.test.skip=true package -Psecurity'
        }
    }
    post {
        always {
            dependencyCheckPublisher pattern: "**/dependency-check-report.xml"

talalUcef

package com.red.bol.serializer;

import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import org.apache.commons.lang3.StringUtils;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

talalUcef

package com.red.bol.serializer;

import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.SerializerProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.io.IOException;
import java.util.Map;