diff --git a/hashicorp/readme.md b/hashicorp/readme.md index 4056add..49e3fe1 100644 --- a/hashicorp/readme.md +++ b/hashicorp/readme.md @@ -2,4 +2,56 @@ # Vault -For the exact files I used during my video guide, refer to commit: +For this tutorial, I use Kuberentes 1.17 +It's critical because we'll need certain [admission controllers](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) enabled. + +To get 1.17 for Linux\Windows, just use `kind` since you can create a 1.17 with admissions all setup. + +``` +kind create cluster --name vault --image kindest/node:v1.17.0@sha256:9512edae126da271b66b990b6fff768fbb7cd786c7d39e86bdf55906352fdf62 +``` + +## TLS End to End Encryption + +See steps in `hashicorp/vault/tls/ssl_generate_self_signed.txt` +You'll need to generate TLS certs (or bring your own) +Create base64 strings from the files, place it in the `server-tls-secret.yaml` and apply it. +Remember not to check-in your TLS to GIT :) + +## Deployment + +``` +kubectl create ns vault-example +kubectl -n vault-example apply -f .\hashicorp\vault\server\ +``` + +## Storage + +``` +kubectl -n vault-example get pvc +``` +ensure vault-claim is bound, if not, `kubectl -n vault-example describe pvc vault-claim` +ensure correct storage class is used for your cluster. +if you need to change the storage class, deleve the pvc , edit YAML and re-apply + +## Initialising Vault + +``` +kubectl -n vault-example exec -it vault-example-0 vault operator init +kubectl -n vault-example exec -it vault-example-0 vault operator unseal +``` + +## Depploy the Injector + +Injector allows pods to automatically get secrets from the vault. + +``` +kubectl -n vault-example apply -f .\hashicorp\vault\injector\ +``` + + + + + + + diff --git a/hashicorp/vault/example-app/deployment.yaml b/hashicorp/vault/example-app/deployment.yaml new file mode 100644 index 0000000..01a480e --- /dev/null +++ b/hashicorp/vault/example-app/deployment.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app + labels: + app: vault-agent-demo +spec: + selector: + matchLabels: + app: vault-agent-demo + replicas: 1 + template: + metadata: + labels: + app: vault-agent-demo + spec: + serviceAccountName: app + containers: + - name: app + image: jweissig/app:0.0.1 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: app + labels: + app: vault-agent-demo \ No newline at end of file diff --git a/hashicorp/vault/example-app/patch.yaml b/hashicorp/vault/example-app/patch.yaml new file mode 100644 index 0000000..b2679e1 --- /dev/null +++ b/hashicorp/vault/example-app/patch.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app + labels: + app: vault-agent-demo +spec: + selector: + matchLabels: + app: vault-agent-demo + replicas: 1 + template: + metadata: + annotations: + vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/tls-skip-verify: "true" + vault.hashicorp.com/agent-inject-secret-helloworld: "secret/helloworld" + vault.hashicorp.com/agent-inject-template-helloworld: | + {{- with secret "secret/helloworld" -}} + { + "username" : "{{ .Data.username }}", + "password" : "{{ .Data.password }}" + } + {{- end }} + vault.hashicorp.com/role: "myapp" + labels: + app: vault-agent-demo + spec: + serviceAccountName: app + containers: + - name: app + image: jweissig/app:0.0.1 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: app + labels: + app: vault-agent-demo \ No newline at end of file diff --git a/hashicorp/vault/injector/injector-deployment.yaml b/hashicorp/vault/injector/injector-deployment.yaml index 379934f..f7769fb 100644 --- a/hashicorp/vault/injector/injector-deployment.yaml +++ b/hashicorp/vault/injector/injector-deployment.yaml @@ -32,7 +32,7 @@ spec: - name: AGENT_INJECT_LOG_LEVEL value: "info" - name: AGENT_INJECT_VAULT_ADDR - value: https://vault-example:8200 + value: https://vault-example.vault-example.svc:8200 - name: AGENT_INJECT_VAULT_IMAGE value: "vault:1.3.1" - name: AGENT_INJECT_TLS_AUTO diff --git a/hashicorp/vault/injector/injector-mutating-webhook.yaml b/hashicorp/vault/injector/injector-mutating-webhook.yaml index caf6ba2..7a455b1 100644 --- a/hashicorp/vault/injector/injector-mutating-webhook.yaml +++ b/hashicorp/vault/injector/injector-mutating-webhook.yaml @@ -1,4 +1,4 @@ -apiVersion: admissionregistration.k8s.io/v1 +apiVersion: admissionregistration.k8s.io/v1beta1 kind: MutatingWebhookConfiguration metadata: name: vault-example-agent-injector-cfg @@ -17,12 +17,4 @@ webhooks: apiGroups: [""] apiVersions: ["v1"] resources: ["pods"] - namespaceSelector: - matchExpressions: - - key: name - operator: In - values: - - example-app - sideEffects: None - admissionReviewVersions: - - "v1" \ No newline at end of file + namespaceSelector: \ No newline at end of file diff --git a/hashicorp/vault/injector/kind.yaml b/hashicorp/vault/injector/kind.yaml deleted file mode 100644 index e11e6e9..0000000 --- a/hashicorp/vault/injector/kind.yaml +++ /dev/null @@ -1,4 +0,0 @@ - -# #https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/ - -#kind create cluster --name vault --image kindest/node:v1.17.0@sha256:9512edae126da271b66b990b6fff768fbb7cd786c7d39e86bdf55906352fdf62 --config kind.yaml \ No newline at end of file diff --git a/hashicorp/vault/policies/app-policy.md b/hashicorp/vault/policies/app-policy.md new file mode 100644 index 0000000..920a593 --- /dev/null +++ b/hashicorp/vault/policies/app-policy.md @@ -0,0 +1,15 @@ +# Create an App policy + +``` +kubectl -n vault-example exec -it vault-example-0 sh + +cat < /home/vault/app-policy.hcl +path "secret*" { + capabilities = ["read"] +} +EOF + +vault login +vault policy write app /home/vault/app-policy.hcl + +``` \ No newline at end of file diff --git a/hashicorp/vault/policies/example-secret.md b/hashicorp/vault/policies/example-secret.md new file mode 100644 index 0000000..cee711e --- /dev/null +++ b/hashicorp/vault/policies/example-secret.md @@ -0,0 +1,11 @@ +# Create example secret + +``` +kubectl -n vault-example exec -it vault-example-0 sh + +vault login + +vault secrets enable -path=secret/ kv +vault kv put secret/helloworld username=foobaruser password=foobarbazpass + +``` \ No newline at end of file diff --git a/hashicorp/vault/policies/vault-enable-auth-k8s.md b/hashicorp/vault/policies/vault-enable-auth-k8s.md new file mode 100644 index 0000000..7afc45a --- /dev/null +++ b/hashicorp/vault/policies/vault-enable-auth-k8s.md @@ -0,0 +1,20 @@ +# Enable Kubernetes Vault Auth + +``` +kubectl -n vault-example exec -it vault-example-0 sh + +vault login +vault auth enable kubernetes + +vault write auth/kubernetes/config \ + token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ + kubernetes_host=https://${KUBERNETES_PORT_443_TCP_ADDR}:443 \ + kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + +vault write auth/kubernetes/role/myapp \ + bound_service_account_names=app \ + bound_service_account_namespaces=vault-example \ + policies=app \ + ttl=1h + +``` \ No newline at end of file diff --git a/hashicorp/vault/server/server-tls-secret.yaml b/hashicorp/vault/server/server-tls-secret.yaml index 60ce94a..bfb4100 100644 --- a/hashicorp/vault/server/server-tls-secret.yaml +++ b/hashicorp/vault/server/server-tls-secret.yaml @@ -4,6 +4,6 @@ metadata: name: vault-example-tls-secret type: Opaque data: - vault-example.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVLVENDQXhHZ0F3SUJBZ0lVUDFOZWNYQ3RMM3cvQVJsREdkWmJvV292Vm5jd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VqRUxNQWtHQTFVRUJoTUNRVlV4RURBT0JnTlZCQWdUQjBWNFlXMXdiR1V4RWpBUUJnTlZCQWNUQ1UxbApiR0p2ZFhKdVpURVFNQTRHQTFVRUNoTUhSWGhoYlhCc1pURUxNQWtHQTFVRUN4TUNRMEV3SGhjTk1qQXdNakkyCk1EUXlNREF3V2hjTk1qRXdNakkxTURReU1EQXdXakJ1TVFzd0NRWURWUVFHRXdKVlV6RVBNQTBHQTFVRUNCTUcKVDNKbFoyOXVNUkV3RHdZRFZRUUhFd2hRYjNKMGJHRnVaREVUTUJFR0ExVUVDaE1LUzNWaVpYSnVaWFJsY3pFTwpNQXdHQTFVRUN4TUZWbUYxYkhReEZqQVVCZ05WQkFNVERYWmhkV3gwTFdWNFlXMXdiR1V3Z2dFaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURGbHdwekxwWkJScmpZNFJ6NExpci91bWlsUEFNbXVDVWEKVFY2TjQ1R2lSWVlMbk5hNmhkVW1vRmk3M3NzRFpiT1Q4eHE3eTJUZVI3eVZUV0FORUhodEViSFhNYXgrcnhoSApZYWQ3N2NpWGl1L1U3YXlUYk44QWVFTCtLc0UzU3F2OXpOK0E5QURXUjZlc01TSC9iRDY1dE1YRHBOU3F3dC9YClM4UkwrYldzbHEzY0hmT3VpeVg4NFRwUitONmNwUWNHNVZhNzd3Njltb2x2S21nM0xuZVRKM3EzUy9SeVJ4VjkKVXRWc21NTENwN3c1cVdOUStFcFdRb0xPQmFZTUpMbUZDWFM2YTRubTVld3dmaVFsOS9hd0NUVVVwWVR5UU1oOApnZU43NnEveExaTW51ZWE0Q3hkMEF2QTliK01KY24zZkc2TXN1N3MwbE9yTmVva2dSZ0VqQWdNQkFBR2pnZG93CmdkY3dEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0QKQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjBHQTFVZERnUVdCQlNwaHV5VW5Ic0VYT0RkcXphNEhkU2kxZVlBZERBZgpCZ05WSFNNRUdEQVdnQlNwaWFWY1FvUEoybnpuRlgyZzZMMHhmWmR4empCWUJnTlZIUkVFVVRCUGdnMTJZWFZzCmRDMWxlR0Z0Y0d4bGdpMTJZWFZzZEMxbGVHRnRjR3hsTG5aaGRXeDBMV1Y0WVcxd2JHVXVjM1pqTG1Oc2RYTjAKWlhJdWJHOWpZV3lDQ1d4dlkyRnNhRzl6ZEljRWZ3QUFBVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBa0VuTAozUnA0b1FNZGN3K0t3QnVONWo3MXBHTjZySXVwZGlTdlkraThJRzhqcVRiR1JqdEQyeFBuWUlja1pRakhTN2VvCnIrYWx5eC82S21oYm0wNzBROFdpdUgxZ2NuNVhqa1FJVW1qdDZLZ0F1QjBsdkdxUFlvZmV6TXVFdkoxTXEzUG0KMTcxa29oYktUME1sRFpzYXBGaHhtdnFIMDY0VHNjdTVrSVVVVGFINW1ZZkZhS0dNR0cvUGJLMWpCQkNwdTl5OApMZUVVeEMvbTFKbjh1M1hVZmRVMm0zaHZ1NnNmMVdrc0c2Sy9NQjI1ckxxZW1ZTjk3OWJQcGt5cnlBRkc4Um1WCkZ1VGl6cVc4UFA5aXNhNDdDUlpQelQ2YldDSndsc1MwT1JaWDcyRGRjODc0YzdXVDF1anFURWh0VWk4NEVlK0sKeElva25Gd1Z5Zno0YWwyWFlBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - vault-example-key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeFpjS2N5NldRVWE0Mk9FYytDNHEvN3BvcFR3REpyZ2xHazFlamVPUm9rV0dDNXpXCnVvWFZKcUJZdTk3TEEyV3prL01hdTh0azNrZThsVTFnRFJCNGJSR3gxekdzZnE4WVIyR25lKzNJbDRydjFPMnMKazJ6ZkFIaEMvaXJCTjBxci9jemZnUFFBMWtlbnJERWgvMncrdWJURnc2VFVxc0xmMTB2RVMvbTFySmF0M0Izegpyb3NsL09FNlVmamVuS1VIQnVWV3UrOE92WnFKYnlwb055NTNreWQ2dDB2MGNrY1ZmVkxWYkpqQ3dxZThPYWxqClVQaEtWa0tDemdXbURDUzVoUWwwdW11SjV1WHNNSDRrSmZmMnNBazFGS1dFOGtESWZJSGplK3F2OFMyVEo3bm0KdUFzWGRBTHdQVy9qQ1hKOTN4dWpMTHU3TkpUcXpYcUpJRVlCSXdJREFRQUJBb0lCQUYxNW92dnlvaXFuWm5OVApxL3pNK3BLWWdVRUtMd04yUWpjN091d3RLSXg0RDM0VzZJNjlHYVY0WGdJaTJDLzNRUWxSRE9paXhFbFQ3cWREClA1bHVuVW9jQU9JcEljMmMwQU9VODBMeHJ0L2lYcXVBOVErWmhiWVhMcnBIUjdqOG5ua25IdVZHaWM3VmYwRTYKelRhazR0ZS82WDh3ejFzcGJmUFFhRUQ1RlRWY0RUaUp5QlRDTHpTWXE1alZKTjdRejlQdzRXR1B5WERTNzF6YwpKNHFndDVSTkxGc2tiMnQ2dzJDQjFlOEhSUHhMU0ZycU1SL3hrbWJQM2NnSXl3MEpLVUlFTUR1WWhZY0RhZCtTCkV4TDg2UUVKSUw5VU5FZnY3K1VDMzFURGdzd3loUmZ1N1hIb1BtS0tFSTNXcHZ5aGtINXRJOUEzV0ZwUWZTcmIKTmt4S3YrRUNnWUVBeVpVdGxuT3VlZFVXU1RaMGVaaEJIekI0WWhOOVlhck55TWNvenJNb3dITFdJZWVQdHo4NQpuKzJvRjN1bEh0QmFqKzI1MzU0ZFJrU0hLQkhsRTRmMFlYVGVWTTdqZDFONzVLZWpzQzdNN2JnVHFoMFlJOFdKCmlWaVBONHpKTGNGZEtFcVd4bDRuMEV0TEZzL0lDdWliblBTUm9QUmV5c29nWkpPSWFwVzFpUDhDZ1lFQSt1M3YKekM3YXFIZGtLRGdEb3kwWmtoK3RCT001WjVQV1M4NE8rUUo4QU42TmhMeHd2N29Oa1ZnQk9OMUIwVXdySGFXbQowY3JQeEZybk5mRkg4d0pTTGNMV2hYdWdYelJpaGxaakVXYTBLdGJZOVhxQUd3V2tVcTltL2s4V04zSmpQODdlCmN5VTZMQllOdXNkM0h3TWtoS0xTWXpaU2YyRmRrdnNHT1V4TVE5MENnWUVBcU5QdjRsbndmc2tnYVNEYVhCeFEKTGpjQ0crSUcySTJjMjlNeE1peUtyT09BdzlTVVlQenEzaTdFNFNZRkhOR1RoNGVxYk1hWDdnbm15SUIwUXU5UwpsV3l6NklOOXJxcVUwT1EyQzVDbXdWR3g1bitIZ0M0cENvYkpLOVVWaU9TeGlOVXZnZVBKcElIcTJhZ2Ira2JtClRZWG5rYzRZdGU2alFwanRYNWNTK3pFQ2dZQStWa2ZoU0s2SGRZbUxPRWNuRFhneHhlNjhyUnBBc2dobHNwNGoKbkV0a0IrWE9XT1lGcTFuZGhxaGZFUkJkeDNkYW1TRjFNdFlrcUpTUjRRd0h3Y2JhbVhHam5ZKzh0dzNXNDdVZQp5STN2cW9vaGlib3pmRlpUT0VIMDRYN2FiVzljbGE3TG1pNzJidEFnVzVjclBDT2hVN1hDY2VkU3Y4UjRWQ1k2CnE4cXlmUUtCZ1FDbkt5TEpjZXhZMnpPL0lBZUtmclNLaVNoNHJsaEFhNFJHRHQwUlJGQ3Rhck80dzRNalcvNkEKMHNscUoyazRZT3gzaU1DT3J1RklGcVR5RzFoUDEzSFlhT0N0S3lLYjh5YXZWeklYUzVEZXE4cVpiZlJsUWJPdQoyeUNKS010SVVhT0E5OGd3a3pLSVlsNkNZWXRNQy9HeVg1c0QxWDMyeURmZVo0SUVkVWx4Qnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= - ca.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVUnY5bXF2Q3U3akI5ejByN0JoR2JRWWlWZndJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VqRUxNQWtHQTFVRUJoTUNRVlV4RURBT0JnTlZCQWdUQjBWNFlXMXdiR1V4RWpBUUJnTlZCQWNUQ1UxbApiR0p2ZFhKdVpURVFNQTRHQTFVRUNoTUhSWGhoYlhCc1pURUxNQWtHQTFVRUN4TUNRMEV3SGhjTk1qQXdNakkyCk1EUXhPREF3V2hjTk1qVXdNakkwTURReE9EQXdXakJTTVFzd0NRWURWUVFHRXdKQlZURVFNQTRHQTFVRUNCTUgKUlhoaGJYQnNaVEVTTUJBR0ExVUVCeE1KVFdWc1ltOTFjbTVsTVJBd0RnWURWUVFLRXdkRmVHRnRjR3hsTVFzdwpDUVlEVlFRTEV3SkRRVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNdXhDM2RMCmlPcE4zYVI1bE9XQmFkV1lONXFkdndzUmU5ekFTNmhQbkJIVUVnUXcveG82MkV2bDRvY2pnYkRPSXMra1YrVGkKYWZkeGhublRJSUdNMDJUaFp1cUpRSFhjN2hsWDRLcjdsaG4yVzdadTM1eWRSZW9jRGZnb1Z6cTM3aytydXd0OAptVFIyTFNQcUhJZmU2Lzd4czRud242MGs3b20xdlNRTzN4TGVOZm9xSWJENk01ZGNkdXNTT01NSjZLU2gxNmF1CjJHZkNrdUgzdEZuMWtBdE1RWDZPc3VJbnpuNTFzdjRRbW52WnowTUZoanVUSHpTR2pZYnB3KzFGcksveGNnRmcKU1M1eGtkYU55SjNpaG4rWjBYWkxYUHMvZEdiSWNKMnVibDk4OCthUWp6Z2JvZ09rMFRBQnlyWnZPYnBMWWNjWQpuR1AxaW1Bdm5uTlRmK2tDQXdFQUFhTm1NR1F3RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJCk1BWUJBZjhDQVFJd0hRWURWUjBPQkJZRUZLbUpwVnhDZzhuYWZPY1ZmYURvdlRGOWwzSE9NQjhHQTFVZEl3UVkKTUJhQUZLbUpwVnhDZzhuYWZPY1ZmYURvdlRGOWwzSE9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNRU2hCNgpNV0hXTTNTSmNNNkFEWGFRK3Y0SkltUWJ0Ym4xRUlpMkFKVUNIa0tORlhSaHNiYml5OFVhVldmUnZCRnFyMGFzCnA3TlpNUnB5cytRaUYzWTZDSzVFVmZSMUc2YUF6Q25QN1FkTWZzOWFraU9ydlZFaURGYlp0TDhHL3dyV0hTTGwKRWhrajZUR3JsR2FwM2tyZDFGQ1VKTE9BREpNS2VXK3FqYVdjbFRwM01hZ1Q1NStBcEkxeStqdEE4bmdRMGlzcgpBMWNVSVlGbUR6clZudmFxSkVMdlJIak1nTkR3R1lGQUh1dFdrclUybW1wNUMxN29LU1o2dnZ2M05GL3RDTFZYClFjZEt3TUtKbkc3bkYwTmdzTUdDckVXdG1FRHhNb3dJYzdTZXRieWN1aklqdHVVZTNyZktxNkdUUE5aVk1za2sKZ29rVnQvQVFmSWhJL05UMQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== \ No newline at end of file + vault-example.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVUVENDQXpXZ0F3SUJBZ0lVRU1JUSs4cFc3MDJjdzJUdFlYN2VmM2ZsUnYwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VqRUxNQWtHQTFVRUJoTUNRVlV4RURBT0JnTlZCQWdUQjBWNFlXMXdiR1V4RWpBUUJnTlZCQWNUQ1UxbApiR0p2ZFhKdVpURVFNQTRHQTFVRUNoTUhSWGhoYlhCc1pURUxNQWtHQTFVRUN4TUNRMEV3SGhjTk1qQXdNekF4Ck1ETXlOakF3V2hjTk1qRXdNekF4TURNeU5qQXdXakJ4TVFzd0NRWURWUVFHRXdKQlZURVJNQThHQTFVRUNCTUkKVm1samRHOXlhV0V4RWpBUUJnTlZCQWNUQ1UxbGJHSnZkWEp1WlRFVE1CRUdBMVVFQ2hNS1MzVmlaWEp1WlhSbApjekVPTUF3R0ExVUVDeE1GVm1GMWJIUXhGakFVQmdOVkJBTVREWFpoZFd4MExXVjRZVzF3YkdVd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEQ0VNaERwQ3RjZG9uVS9GT1BGdjIxb0xiejVMSU4KS1ppanNZM1EvWHVWZG8vY1pFSW9uazd5SFZJdTA1NU9xWTJDQnJiM2dwVHpDWVoxZFozb3lsRVdtV1hFakR5UQoyZEFPTFM2SEdoTUZLZ3FvYWlKV3pPb1JPeVhYakVXanBzTGQxWVdnVFRlY0FxMDN0R3lBVjY1WVg5dUpFY3hxCnpSMEFBVDdPZWh4aFNzSUMzeFFyczRNbURSbjdnSVNwTHErcU5RZmc3VEtMOEtleUNBNWFkMVZOWnJ3cktZZ1AKZlNwRUt6ZGhVSGZMaFlEa3M4L0NZUTFLZEJjMnc3THVSMnJDTm9ISmF5ajcwUnVpeUNubGErWU5MeHd4REhGNgpxbEFEUXh6SmZFNWtRRmljVS9HblpLV2dyNVoyNWhpYUdkZjQ2SDk1RE9lMzVzUi8rL21IcFlKbEFnTUJBQUdqCmdmc3dnZmd3RGdZRFZSMFBBUUgvQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQU1CZ05WSFJNQkFmOEVBakFBTUIwR0ExVWREZ1FXQkJROGk3VnFrWXRxclVYckp5c3dKL3NSc2dTYwpMREFmQmdOVkhTTUVHREFXZ0JRMVhlQVFUcG9xS25CbjNPQk5VQ1NVc0tYNk56QjVCZ05WSFJFRWNqQndnZzEyCllYVnNkQzFsZUdGdGNHeGxnaTEyWVhWc2RDMWxlR0Z0Y0d4bExuWmhkV3gwTFdWNFlXMXdiR1V1YzNaakxtTnMKZFhOMFpYSXViRzlqWVd5Q0gzWmhkV3gwTFdWNFlXMXdiR1V1ZG1GMWJIUXRaWGhoYlhCc1pTNXpkbU9DQ1d4dgpZMkZzYUc5emRJY0Vmd0FBQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUNLUlJHYmw5OUxuYnFBbHlRRzd5CjNFcE1COXdmRUdtOG1hMzZwc05nODhPY1Q1K2hpWnRJR3hQT0w1dEJVRURWYWFjREtpaUg0WG1hdGN2THhHVmgKSW5NYXNIbHB2RlBoUTRONDdqdjBRMk1tL2x4ZzBuOGZTNjYwMU5LNkEycmxBNXl6blZBNGlxeVV5dzZ1K2NmVwpOL3gwWUtINTRLTlA5WEZhQy9aQStoWWNFSG5ZRGZHa01vYXZHVnE1ZnB5T2Zqd2dLT1llVDhTZkJ0VG9zRUNqCkFjR3FmVHp1VGlpSkozaFlNMVViMGVUdzVSU21Gc0tGNm5icG5RYnYzQm1iNjR1WStVbzZaYUM2RXh0SmsxcWYKcjVpbmxjTDA0Sk1UYVhVQ3lMSW5mdjZMZXVXTllldmpmN1dyblJiZ2xuUGJYVDEvazREVDJlWkRiaWFTVHNHcApGUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + vault-example-key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd2hESVE2UXJYSGFKMVB4VGp4Yjl0YUMyOCtTeURTbVlvN0dOMFAxN2xYYVAzR1JDCktKNU84aDFTTHRPZVRxbU5nZ2EyOTRLVTh3bUdkWFdkNk1wUkZwbGx4SXc4a05uUURpMHVoeG9UQlNvS3FHb2kKVnN6cUVUc2wxNHhGbzZiQzNkV0ZvRTAzbkFLdE43UnNnRmV1V0YvYmlSSE1hczBkQUFFK3pub2NZVXJDQXQ4VQpLN09ESmcwWis0Q0VxUzZ2cWpVSDRPMHlpL0Nuc2dnT1duZFZUV2E4S3ltSUQzMHFSQ3MzWVZCM3k0V0E1TFBQCndtRU5TblFYTnNPeTdrZHF3amFCeVdzbys5RWJvc2dwNVd2bURTOGNNUXh4ZXFwUUEwTWN5WHhPWkVCWW5GUHgKcDJTbG9LK1dkdVlZbWhuWCtPaC9lUXpudCtiRWYvdjVoNldDWlFJREFRQUJBb0lCQUh1UGNlTFhZU0JTL1BrVgoyeUhzOG9hMUdDZDdnZjR0Y05rd2tHbnpLcitFS0o2Yld5QS9nMlpXVXVBcnJzekkyYWRqSFJYRUY1QVNqWUMxCjdWK3RpU21KYTZsVDNMQWhibjNJT0txZWFHUE9XOURWR3A0SGhEU0tZMUsxSmhYSGRLVUhjVGdhVWdETUYzdXoKTGE0ZHBZenhJM2RIVk03Zlg4cUVBSGc0ZVY5YnZQdTN4M0NQNm9yV1l0bzZzbUhEcjN2ZkZPM0RMQnIwVHRzRwpVVS9mbjcrU1U3Y2FmQTRJemc0TTlKdXl2aHZzZm91SENCajVXczJvWWxOY2FoV2pxY0tGZnA0WUoya0hkK2dlClR4VlVIejBKTDIrY0pQdThLQ0IxdllKanlwRnhvRlRUZC81cXptK3ZsK2pRNUprY2Nxd3luaXJXYVVKRm5XU3kKank3dnlyVUNnWUVBMmkxRzhHM050YkJHZHFNeVJjQmdGUHZrNXVqTUlGT1hJNHNIVkZ1TEluYzF1MGZZNkR3dQpObEJzNmFCU0ZYOSsybk1seVFDMzlzelVyWlRQakRmRkZvcGczR2FpQ0hvY09yYUVFUWhPSDBWaVpUNGJjMWE0ClNuV3F6aWRhdmkzN3FMZjB2aXladCtsYmg2NllPUWxBSHFPSW4wUlhoUzk1TjBsTzlXYkhCUjhDZ1lFQTQ3VngKRFVSS2xWL1V3REJBa3F6cVpxSWdESklwdGRGL2Yvam9uUXlVYnBLM2llYWUyN3pmaHNLZEFTRGZBcHA5aTd5KwpST1NWdnNWUGRidU9vWGJKQWxzcVJlSVBYdmVYODdGWlluNVZhWkdVdjBteHlwQXZ0NTcrdFdWT1E1aGZydGNYCk1DMyttWFFUTkxhZUxGMThySW11UktENlBxNW1JVk5kS3hibjQvc0NnWUVBeFpFT2xoVzRtL2grTmx4ZDM4L3UKc2RIUVhGRWUxMzhhYy9NbnRmb1hxaVF0SWVSVHhTa0o1K0U0WHU3d3Bjc0lRaVRYYUljZ0QzczRjOTgzZW8vZQpCeVZUeFFHalpPMit0bVFrZjQvM3ZsV0VYbzI1S2Q2emo2bXgvSENpdVdqR1pPZi8xbDVvN0tPQ1lRRjNrdDZQCms2OGV2cXFTWG1hNDY1bVV5S0JEUkowQ2dZRUF3Y2llcmppbzlGZzZ1VmdYQy93bCt6UUw3RWJUUWsxSW9VTFYKeXhseWxHczkwUmkzcHE4azF3MTJDZ2pNWU8zUzNBSEROdVFGWC9XUXV0UGovUnNXMDI5OEdUN1o3K3Jyb05NVQpDNU1SNHlhbW5PZjlhektydVN1US9oUjV0MkxNUXdIL1ZOdy9xSjQwM2c1dnE3ZmZxd0g4a2FFaGRnaDdGKzlYCkFaMmJ1Tk1DZ1lBZWJEaTMrQ3VmQzFOOGlwWUdVS1hSOFRSaFJPdDlmTzdGYjJRM25NdE1UZUx2YzJxNXlaY3oKdThIVUZCbk56Mmx6WDV3N2VwOUtSNzhvRFhRaVZGTnBYY1JwYm9ONS9YZHNFbUlXemNlN0V4ZFI4TGE4TS9YcQpKazkwdis0T2ovd013enlBZm9ZT0NHZ3Y0ZWdCNmZ0MXRwMVBjUG1QcTZCcnF3am1wNERYYmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + ca.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVZnFKeTY5QXlnY1l5MGgvbC9XdTRkeVU4MlRFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VqRUxNQWtHQTFVRUJoTUNRVlV4RURBT0JnTlZCQWdUQjBWNFlXMXdiR1V4RWpBUUJnTlZCQWNUQ1UxbApiR0p2ZFhKdVpURVFNQTRHQTFVRUNoTUhSWGhoYlhCc1pURUxNQWtHQTFVRUN4TUNRMEV3SGhjTk1qQXdNekF4Ck1ETXlOVEF3V2hjTk1qVXdNakk0TURNeU5UQXdXakJTTVFzd0NRWURWUVFHRXdKQlZURVFNQTRHQTFVRUNCTUgKUlhoaGJYQnNaVEVTTUJBR0ExVUVCeE1KVFdWc1ltOTFjbTVsTVJBd0RnWURWUVFLRXdkRmVHRnRjR3hsTVFzdwpDUVlEVlFRTEV3SkRRVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNelVkWGlOCjRiN3dDK3JrRlFkTFlsclpleWttNkQrYk16T3B2N0JnZUkrdnIrVy9GZE9HR1ZkMnQwbWpDMVhvcWgrSCtERU0Kc3Z0bFpLOW9DT080RnlleUZuSXhqcktDNXp0REJJSlNJYzhYR2NjUTVFY1VXdDRiMnVOVXVKM1dMVFlYcFpFeApqVnd3YzY4aHJ6cC82TDVuMUJxVERxaWxCYk5JUi91OUdmeU40bWpXQlRUbzArTFhkakpkZ3BvOWxmWC83aEFhCnRxT0FIcFJqRWhJM0RreEZyREdSVlJsQ1ZBZlo2MWt5bFRWLzJNMW5CalJWU2RTbDlJK0lWeU4xbXpMM3AzTGwKQ3lwYWxpbGtTWS9LaTNsSFRpNnZGeEJ6c042c3N5SktmeDdpMVJmNDk2MjlKQWZNNXFad0x4enp5OFFNeEw0ZQpMN1VyYmdNMWgwRUhCa0VDQXdFQUFhTm1NR1F3RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJCk1BWUJBZjhDQVFJd0hRWURWUjBPQkJZRUZEVmQ0QkJPbWlvcWNHZmM0RTFRSkpTd3BmbzNNQjhHQTFVZEl3UVkKTUJhQUZEVmQ0QkJPbWlvcWNHZmM0RTFRSkpTd3BmbzNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFnMkZBWApnTUF4UXlndzVrcGkrSFpNWDg5K0QxQ1ptVHhGUXBhUk5vSzdOR1NTVGZLS1Z0Vjdaa1IxVVhJWVJhZTF0R2o2Cm1YeHRpOS9xd281ZlpBckNEaloyVVVNV29EVHFTNHY3ZGVaVmxiRmlVWnl2VXRPb0hjTEhhWitLdmlkVG0yL3UKMDJ0TjhscGtEMDFzeXU5akIyK2wrT01CMUtlRGpXNS8wcDk0ay8xMUd5U2dJRDF1RVVyaFUrai9CMFp1L09GegpXNE00akcrRWlsK1puMHpzcm1wVStmQk1RK20wQzFXZ05mU3NKU0FCYlZxSEVMQ05USUYzVG91V3lNdEE1YUZxCnJ1SFQwNUxxUzl6QVVKNTZ0Q2dqbGdHMDUrUG9FQjFSZUtvV1JURnBNQ0JSL0RxWjk4SnprRDNLYTJyVkMwOXgKUCs1TTNobzl0Q3J4SW42bQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== \ No newline at end of file diff --git a/hashicorp/vault/tls/ssl_generate_self_signed.txt b/hashicorp/vault/tls/ssl_generate_self_signed.txt index 0e125e5..75f9571 100644 --- a/hashicorp/vault/tls/ssl_generate_self_signed.txt +++ b/hashicorp/vault/tls/ssl_generate_self_signed.txt @@ -15,7 +15,7 @@ cfssl gencert \ -ca=ca.pem \ -ca-key=ca-key.pem \ -config=ca-config.json \ - -hostname="vault-example,vault-example.vault-example.svc.cluster.local,localhost,127.0.0.1" \ + -hostname="vault-example,vault-example.vault-example.svc.cluster.local,vault-example.vault-example.svc,localhost,127.0.0.1" \ -profile=default \ vault-csr.json | cfssljson -bare vault-example