mirror of
https://github.com/marcel-dempers/docker-development-youtube-series.git
synced 2025-06-06 17:01:30 +00:00
updates
This commit is contained in:
marcel-dempers
parent
f2c3647b7d
commit
428fc51e76
@ -2,4 +2,56 @@
|
||||
|
||||
# Vault
|
||||
|
||||
For the exact files I used during my video guide, refer to commit:
|
||||
For this tutorial, I use Kuberentes 1.17
|
||||
It's critical because we'll need certain [admission controllers](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) enabled.
|
||||
|
||||
To get 1.17 for Linux\Windows, just use `kind` since you can create a 1.17 with admissions all setup.
|
||||
|
||||
```
|
||||
kind create cluster --name vault --image kindest/node:v1.17.0@sha256:9512edae126da271b66b990b6fff768fbb7cd786c7d39e86bdf55906352fdf62
|
||||
```
|
||||
|
||||
## TLS End to End Encryption
|
||||
|
||||
See steps in `hashicorp/vault/tls/ssl_generate_self_signed.txt`
|
||||
You'll need to generate TLS certs (or bring your own)
|
||||
Create base64 strings from the files, place it in the `server-tls-secret.yaml` and apply it.
|
||||
Remember not to check-in your TLS to GIT :)
|
||||
|
||||
## Deployment
|
||||
|
||||
```
|
||||
kubectl create ns vault-example
|
||||
kubectl -n vault-example apply -f .\hashicorp\vault\server\
|
||||
```
|
||||
|
||||
## Storage
|
||||
|
||||
```
|
||||
kubectl -n vault-example get pvc
|
||||
```
|
||||
ensure vault-claim is bound, if not, `kubectl -n vault-example describe pvc vault-claim`
|
||||
ensure correct storage class is used for your cluster.
|
||||
if you need to change the storage class, deleve the pvc , edit YAML and re-apply
|
||||
|
||||
## Initialising Vault
|
||||
|
||||
```
|
||||
kubectl -n vault-example exec -it vault-example-0 vault operator init
|
||||
kubectl -n vault-example exec -it vault-example-0 vault operator unseal
|
||||
```
|
||||
|
||||
## Depploy the Injector
|
||||
|
||||
Injector allows pods to automatically get secrets from the vault.
|
||||
|
||||
```
|
||||
kubectl -n vault-example apply -f .\hashicorp\vault\injector\
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
27
hashicorp/vault/example-app/deployment.yaml
Normal file
27
hashicorp/vault/example-app/deployment.yaml
Normal file
@ -0,0 +1,27 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: app
|
||||
labels:
|
||||
app: vault-agent-demo
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: vault-agent-demo
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: vault-agent-demo
|
||||
spec:
|
||||
serviceAccountName: app
|
||||
containers:
|
||||
- name: app
|
||||
image: jweissig/app:0.0.1
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: app
|
||||
labels:
|
||||
app: vault-agent-demo
|
||||
39
hashicorp/vault/example-app/patch.yaml
Normal file
39
hashicorp/vault/example-app/patch.yaml
Normal file
@ -0,0 +1,39 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: app
|
||||
labels:
|
||||
app: vault-agent-demo
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: vault-agent-demo
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
vault.hashicorp.com/agent-inject: "true"
|
||||
vault.hashicorp.com/tls-skip-verify: "true"
|
||||
vault.hashicorp.com/agent-inject-secret-helloworld: "secret/helloworld"
|
||||
vault.hashicorp.com/agent-inject-template-helloworld: |
|
||||
{{- with secret "secret/helloworld" -}}
|
||||
{
|
||||
"username" : "{{ .Data.username }}",
|
||||
"password" : "{{ .Data.password }}"
|
||||
}
|
||||
{{- end }}
|
||||
vault.hashicorp.com/role: "myapp"
|
||||
labels:
|
||||
app: vault-agent-demo
|
||||
spec:
|
||||
serviceAccountName: app
|
||||
containers:
|
||||
- name: app
|
||||
image: jweissig/app:0.0.1
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: app
|
||||
labels:
|
||||
app: vault-agent-demo
|
||||
@ -32,7 +32,7 @@ spec:
|
||||
- name: AGENT_INJECT_LOG_LEVEL
|
||||
value: "info"
|
||||
- name: AGENT_INJECT_VAULT_ADDR
|
||||
value: https://vault-example:8200
|
||||
value: https://vault-example.vault-example.svc:8200
|
||||
- name: AGENT_INJECT_VAULT_IMAGE
|
||||
value: "vault:1.3.1"
|
||||
- name: AGENT_INJECT_TLS_AUTO
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
apiVersion: admissionregistration.k8s.io/v1beta1
|
||||
kind: MutatingWebhookConfiguration
|
||||
metadata:
|
||||
name: vault-example-agent-injector-cfg
|
||||
@ -17,12 +17,4 @@ webhooks:
|
||||
apiGroups: [""]
|
||||
apiVersions: ["v1"]
|
||||
resources: ["pods"]
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
- key: name
|
||||
operator: In
|
||||
values:
|
||||
- example-app
|
||||
sideEffects: None
|
||||
admissionReviewVersions:
|
||||
- "v1"
|
||||
namespaceSelector:
|
||||
@ -1,4 +0,0 @@
|
||||
|
||||
# #https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/
|
||||
|
||||
#kind create cluster --name vault --image kindest/node:v1.17.0@sha256:9512edae126da271b66b990b6fff768fbb7cd786c7d39e86bdf55906352fdf62 --config kind.yaml
|
||||
15
hashicorp/vault/policies/app-policy.md
Normal file
15
hashicorp/vault/policies/app-policy.md
Normal file
@ -0,0 +1,15 @@
|
||||
# Create an App policy
|
||||
|
||||
```
|
||||
kubectl -n vault-example exec -it vault-example-0 sh
|
||||
|
||||
cat <<EOF > /home/vault/app-policy.hcl
|
||||
path "secret*" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
EOF
|
||||
|
||||
vault login
|
||||
vault policy write app /home/vault/app-policy.hcl
|
||||
|
||||
```
|
||||
11
hashicorp/vault/policies/example-secret.md
Normal file
11
hashicorp/vault/policies/example-secret.md
Normal file
@ -0,0 +1,11 @@
|
||||
# Create example secret
|
||||
|
||||
```
|
||||
kubectl -n vault-example exec -it vault-example-0 sh
|
||||
|
||||
vault login
|
||||
|
||||
vault secrets enable -path=secret/ kv
|
||||
vault kv put secret/helloworld username=foobaruser password=foobarbazpass
|
||||
|
||||
```
|
||||
20
hashicorp/vault/policies/vault-enable-auth-k8s.md
Normal file
20
hashicorp/vault/policies/vault-enable-auth-k8s.md
Normal file
@ -0,0 +1,20 @@
|
||||
# Enable Kubernetes Vault Auth
|
||||
|
||||
```
|
||||
kubectl -n vault-example exec -it vault-example-0 sh
|
||||
|
||||
vault login
|
||||
vault auth enable kubernetes
|
||||
|
||||
vault write auth/kubernetes/config \
|
||||
token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
|
||||
kubernetes_host=https://${KUBERNETES_PORT_443_TCP_ADDR}:443 \
|
||||
kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
|
||||
vault write auth/kubernetes/role/myapp \
|
||||
bound_service_account_names=app \
|
||||
bound_service_account_namespaces=vault-example \
|
||||
policies=app \
|
||||
ttl=1h
|
||||
|
||||
```
|
||||
@ -4,6 +4,6 @@ metadata:
|
||||
name: vault-example-tls-secret
|
||||
type: Opaque
|
||||
data:
|
||||
vault-example.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVLVENDQXhHZ0F3SUJBZ0lVUDFOZWNYQ3RMM3cvQVJsREdkWmJvV292Vm5jd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VqRUxNQWtHQTFVRUJoTUNRVlV4RURBT0JnTlZCQWdUQjBWNFlXMXdiR1V4RWpBUUJnTlZCQWNUQ1UxbApiR0p2ZFhKdVpURVFNQTRHQTFVRUNoTUhSWGhoYlhCc1pURUxNQWtHQTFVRUN4TUNRMEV3SGhjTk1qQXdNakkyCk1EUXlNREF3V2hjTk1qRXdNakkxTURReU1EQXdXakJ1TVFzd0NRWURWUVFHRXdKVlV6RVBNQTBHQTFVRUNCTUcKVDNKbFoyOXVNUkV3RHdZRFZRUUhFd2hRYjNKMGJHRnVaREVUTUJFR0ExVUVDaE1LUzNWaVpYSnVaWFJsY3pFTwpNQXdHQTFVRUN4TUZWbUYxYkhReEZqQVVCZ05WQkFNVERYWmhkV3gwTFdWNFlXMXdiR1V3Z2dFaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURGbHdwekxwWkJScmpZNFJ6NExpci91bWlsUEFNbXVDVWEKVFY2TjQ1R2lSWVlMbk5hNmhkVW1vRmk3M3NzRFpiT1Q4eHE3eTJUZVI3eVZUV0FORUhodEViSFhNYXgrcnhoSApZYWQ3N2NpWGl1L1U3YXlUYk44QWVFTCtLc0UzU3F2OXpOK0E5QURXUjZlc01TSC9iRDY1dE1YRHBOU3F3dC9YClM4UkwrYldzbHEzY0hmT3VpeVg4NFRwUitONmNwUWNHNVZhNzd3Njltb2x2S21nM0xuZVRKM3EzUy9SeVJ4VjkKVXRWc21NTENwN3c1cVdOUStFcFdRb0xPQmFZTUpMbUZDWFM2YTRubTVld3dmaVFsOS9hd0NUVVVwWVR5UU1oOApnZU43NnEveExaTW51ZWE0Q3hkMEF2QTliK01KY24zZkc2TXN1N3MwbE9yTmVva2dSZ0VqQWdNQkFBR2pnZG93CmdkY3dEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0QKQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjBHQTFVZERnUVdCQlNwaHV5VW5Ic0VYT0RkcXphNEhkU2kxZVlBZERBZgpCZ05WSFNNRUdEQVdnQlNwaWFWY1FvUEoybnpuRlgyZzZMMHhmWmR4empCWUJnTlZIUkVFVVRCUGdnMTJZWFZzCmRDMWxlR0Z0Y0d4bGdpMTJZWFZzZEMxbGVHRnRjR3hsTG5aaGRXeDBMV1Y0WVcxd2JHVXVjM1pqTG1Oc2RYTjAKWlhJdWJHOWpZV3lDQ1d4dlkyRnNhRzl6ZEljRWZ3QUFBVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBa0VuTAozUnA0b1FNZGN3K0t3QnVONWo3MXBHTjZySXVwZGlTdlkraThJRzhqcVRiR1JqdEQyeFBuWUlja1pRakhTN2VvCnIrYWx5eC82S21oYm0wNzBROFdpdUgxZ2NuNVhqa1FJVW1qdDZLZ0F1QjBsdkdxUFlvZmV6TXVFdkoxTXEzUG0KMTcxa29oYktUME1sRFpzYXBGaHhtdnFIMDY0VHNjdTVrSVVVVGFINW1ZZkZhS0dNR0cvUGJLMWpCQkNwdTl5OApMZUVVeEMvbTFKbjh1M1hVZmRVMm0zaHZ1NnNmMVdrc0c2Sy9NQjI1ckxxZW1ZTjk3OWJQcGt5cnlBRkc4Um1WCkZ1VGl6cVc4UFA5aXNhNDdDUlpQelQ2YldDSndsc1MwT1JaWDcyRGRjODc0YzdXVDF1anFURWh0VWk4NEVlK0sKeElva25Gd1Z5Zno0YWwyWFlBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
|
||||
vault-example-key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeFpjS2N5NldRVWE0Mk9FYytDNHEvN3BvcFR3REpyZ2xHazFlamVPUm9rV0dDNXpXCnVvWFZKcUJZdTk3TEEyV3prL01hdTh0azNrZThsVTFnRFJCNGJSR3gxekdzZnE4WVIyR25lKzNJbDRydjFPMnMKazJ6ZkFIaEMvaXJCTjBxci9jemZnUFFBMWtlbnJERWgvMncrdWJURnc2VFVxc0xmMTB2RVMvbTFySmF0M0Izegpyb3NsL09FNlVmamVuS1VIQnVWV3UrOE92WnFKYnlwb055NTNreWQ2dDB2MGNrY1ZmVkxWYkpqQ3dxZThPYWxqClVQaEtWa0tDemdXbURDUzVoUWwwdW11SjV1WHNNSDRrSmZmMnNBazFGS1dFOGtESWZJSGplK3F2OFMyVEo3bm0KdUFzWGRBTHdQVy9qQ1hKOTN4dWpMTHU3TkpUcXpYcUpJRVlCSXdJREFRQUJBb0lCQUYxNW92dnlvaXFuWm5OVApxL3pNK3BLWWdVRUtMd04yUWpjN091d3RLSXg0RDM0VzZJNjlHYVY0WGdJaTJDLzNRUWxSRE9paXhFbFQ3cWREClA1bHVuVW9jQU9JcEljMmMwQU9VODBMeHJ0L2lYcXVBOVErWmhiWVhMcnBIUjdqOG5ua25IdVZHaWM3VmYwRTYKelRhazR0ZS82WDh3ejFzcGJmUFFhRUQ1RlRWY0RUaUp5QlRDTHpTWXE1alZKTjdRejlQdzRXR1B5WERTNzF6YwpKNHFndDVSTkxGc2tiMnQ2dzJDQjFlOEhSUHhMU0ZycU1SL3hrbWJQM2NnSXl3MEpLVUlFTUR1WWhZY0RhZCtTCkV4TDg2UUVKSUw5VU5FZnY3K1VDMzFURGdzd3loUmZ1N1hIb1BtS0tFSTNXcHZ5aGtINXRJOUEzV0ZwUWZTcmIKTmt4S3YrRUNnWUVBeVpVdGxuT3VlZFVXU1RaMGVaaEJIekI0WWhOOVlhck55TWNvenJNb3dITFdJZWVQdHo4NQpuKzJvRjN1bEh0QmFqKzI1MzU0ZFJrU0hLQkhsRTRmMFlYVGVWTTdqZDFONzVLZWpzQzdNN2JnVHFoMFlJOFdKCmlWaVBONHpKTGNGZEtFcVd4bDRuMEV0TEZzL0lDdWliblBTUm9QUmV5c29nWkpPSWFwVzFpUDhDZ1lFQSt1M3YKekM3YXFIZGtLRGdEb3kwWmtoK3RCT001WjVQV1M4NE8rUUo4QU42TmhMeHd2N29Oa1ZnQk9OMUIwVXdySGFXbQowY3JQeEZybk5mRkg4d0pTTGNMV2hYdWdYelJpaGxaakVXYTBLdGJZOVhxQUd3V2tVcTltL2s4V04zSmpQODdlCmN5VTZMQllOdXNkM0h3TWtoS0xTWXpaU2YyRmRrdnNHT1V4TVE5MENnWUVBcU5QdjRsbndmc2tnYVNEYVhCeFEKTGpjQ0crSUcySTJjMjlNeE1peUtyT09BdzlTVVlQenEzaTdFNFNZRkhOR1RoNGVxYk1hWDdnbm15SUIwUXU5UwpsV3l6NklOOXJxcVUwT1EyQzVDbXdWR3g1bitIZ0M0cENvYkpLOVVWaU9TeGlOVXZnZVBKcElIcTJhZ2Ira2JtClRZWG5rYzRZdGU2alFwanRYNWNTK3pFQ2dZQStWa2ZoU0s2SGRZbUxPRWNuRFhneHhlNjhyUnBBc2dobHNwNGoKbkV0a0IrWE9XT1lGcTFuZGhxaGZFUkJkeDNkYW1TRjFNdFlrcUpTUjRRd0h3Y2JhbVhHam5ZKzh0dzNXNDdVZQp5STN2cW9vaGlib3pmRlpUT0VIMDRYN2FiVzljbGE3TG1pNzJidEFnVzVjclBDT2hVN1hDY2VkU3Y4UjRWQ1k2CnE4cXlmUUtCZ1FDbkt5TEpjZXhZMnpPL0lBZUtmclNLaVNoNHJsaEFhNFJHRHQwUlJGQ3Rhck80dzRNalcvNkEKMHNscUoyazRZT3gzaU1DT3J1RklGcVR5RzFoUDEzSFlhT0N0S3lLYjh5YXZWeklYUzVEZXE4cVpiZlJsUWJPdQoyeUNKS010SVVhT0E5OGd3a3pLSVlsNkNZWXRNQy9HeVg1c0QxWDMyeURmZVo0SUVkVWx4Qnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
|
||||
ca.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVUnY5bXF2Q3U3akI5ejByN0JoR2JRWWlWZndJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VqRUxNQWtHQTFVRUJoTUNRVlV4RURBT0JnTlZCQWdUQjBWNFlXMXdiR1V4RWpBUUJnTlZCQWNUQ1UxbApiR0p2ZFhKdVpURVFNQTRHQTFVRUNoTUhSWGhoYlhCc1pURUxNQWtHQTFVRUN4TUNRMEV3SGhjTk1qQXdNakkyCk1EUXhPREF3V2hjTk1qVXdNakkwTURReE9EQXdXakJTTVFzd0NRWURWUVFHRXdKQlZURVFNQTRHQTFVRUNCTUgKUlhoaGJYQnNaVEVTTUJBR0ExVUVCeE1KVFdWc1ltOTFjbTVsTVJBd0RnWURWUVFLRXdkRmVHRnRjR3hsTVFzdwpDUVlEVlFRTEV3SkRRVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNdXhDM2RMCmlPcE4zYVI1bE9XQmFkV1lONXFkdndzUmU5ekFTNmhQbkJIVUVnUXcveG82MkV2bDRvY2pnYkRPSXMra1YrVGkKYWZkeGhublRJSUdNMDJUaFp1cUpRSFhjN2hsWDRLcjdsaG4yVzdadTM1eWRSZW9jRGZnb1Z6cTM3aytydXd0OAptVFIyTFNQcUhJZmU2Lzd4czRud242MGs3b20xdlNRTzN4TGVOZm9xSWJENk01ZGNkdXNTT01NSjZLU2gxNmF1CjJHZkNrdUgzdEZuMWtBdE1RWDZPc3VJbnpuNTFzdjRRbW52WnowTUZoanVUSHpTR2pZYnB3KzFGcksveGNnRmcKU1M1eGtkYU55SjNpaG4rWjBYWkxYUHMvZEdiSWNKMnVibDk4OCthUWp6Z2JvZ09rMFRBQnlyWnZPYnBMWWNjWQpuR1AxaW1Bdm5uTlRmK2tDQXdFQUFhTm1NR1F3RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJCk1BWUJBZjhDQVFJd0hRWURWUjBPQkJZRUZLbUpwVnhDZzhuYWZPY1ZmYURvdlRGOWwzSE9NQjhHQTFVZEl3UVkKTUJhQUZLbUpwVnhDZzhuYWZPY1ZmYURvdlRGOWwzSE9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNRU2hCNgpNV0hXTTNTSmNNNkFEWGFRK3Y0SkltUWJ0Ym4xRUlpMkFKVUNIa0tORlhSaHNiYml5OFVhVldmUnZCRnFyMGFzCnA3TlpNUnB5cytRaUYzWTZDSzVFVmZSMUc2YUF6Q25QN1FkTWZzOWFraU9ydlZFaURGYlp0TDhHL3dyV0hTTGwKRWhrajZUR3JsR2FwM2tyZDFGQ1VKTE9BREpNS2VXK3FqYVdjbFRwM01hZ1Q1NStBcEkxeStqdEE4bmdRMGlzcgpBMWNVSVlGbUR6clZudmFxSkVMdlJIak1nTkR3R1lGQUh1dFdrclUybW1wNUMxN29LU1o2dnZ2M05GL3RDTFZYClFjZEt3TUtKbkc3bkYwTmdzTUdDckVXdG1FRHhNb3dJYzdTZXRieWN1aklqdHVVZTNyZktxNkdUUE5aVk1za2sKZ29rVnQvQVFmSWhJL05UMQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
|
||||
vault-example.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVUVENDQXpXZ0F3SUJBZ0lVRU1JUSs4cFc3MDJjdzJUdFlYN2VmM2ZsUnYwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VqRUxNQWtHQTFVRUJoTUNRVlV4RURBT0JnTlZCQWdUQjBWNFlXMXdiR1V4RWpBUUJnTlZCQWNUQ1UxbApiR0p2ZFhKdVpURVFNQTRHQTFVRUNoTUhSWGhoYlhCc1pURUxNQWtHQTFVRUN4TUNRMEV3SGhjTk1qQXdNekF4Ck1ETXlOakF3V2hjTk1qRXdNekF4TURNeU5qQXdXakJ4TVFzd0NRWURWUVFHRXdKQlZURVJNQThHQTFVRUNCTUkKVm1samRHOXlhV0V4RWpBUUJnTlZCQWNUQ1UxbGJHSnZkWEp1WlRFVE1CRUdBMVVFQ2hNS1MzVmlaWEp1WlhSbApjekVPTUF3R0ExVUVDeE1GVm1GMWJIUXhGakFVQmdOVkJBTVREWFpoZFd4MExXVjRZVzF3YkdVd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEQ0VNaERwQ3RjZG9uVS9GT1BGdjIxb0xiejVMSU4KS1ppanNZM1EvWHVWZG8vY1pFSW9uazd5SFZJdTA1NU9xWTJDQnJiM2dwVHpDWVoxZFozb3lsRVdtV1hFakR5UQoyZEFPTFM2SEdoTUZLZ3FvYWlKV3pPb1JPeVhYakVXanBzTGQxWVdnVFRlY0FxMDN0R3lBVjY1WVg5dUpFY3hxCnpSMEFBVDdPZWh4aFNzSUMzeFFyczRNbURSbjdnSVNwTHErcU5RZmc3VEtMOEtleUNBNWFkMVZOWnJ3cktZZ1AKZlNwRUt6ZGhVSGZMaFlEa3M4L0NZUTFLZEJjMnc3THVSMnJDTm9ISmF5ajcwUnVpeUNubGErWU5MeHd4REhGNgpxbEFEUXh6SmZFNWtRRmljVS9HblpLV2dyNVoyNWhpYUdkZjQ2SDk1RE9lMzVzUi8rL21IcFlKbEFnTUJBQUdqCmdmc3dnZmd3RGdZRFZSMFBBUUgvQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQU1CZ05WSFJNQkFmOEVBakFBTUIwR0ExVWREZ1FXQkJROGk3VnFrWXRxclVYckp5c3dKL3NSc2dTYwpMREFmQmdOVkhTTUVHREFXZ0JRMVhlQVFUcG9xS25CbjNPQk5VQ1NVc0tYNk56QjVCZ05WSFJFRWNqQndnZzEyCllYVnNkQzFsZUdGdGNHeGxnaTEyWVhWc2RDMWxlR0Z0Y0d4bExuWmhkV3gwTFdWNFlXMXdiR1V1YzNaakxtTnMKZFhOMFpYSXViRzlqWVd5Q0gzWmhkV3gwTFdWNFlXMXdiR1V1ZG1GMWJIUXRaWGhoYlhCc1pTNXpkbU9DQ1d4dgpZMkZzYUc5emRJY0Vmd0FBQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUNLUlJHYmw5OUxuYnFBbHlRRzd5CjNFcE1COXdmRUdtOG1hMzZwc05nODhPY1Q1K2hpWnRJR3hQT0w1dEJVRURWYWFjREtpaUg0WG1hdGN2THhHVmgKSW5NYXNIbHB2RlBoUTRONDdqdjBRMk1tL2x4ZzBuOGZTNjYwMU5LNkEycmxBNXl6blZBNGlxeVV5dzZ1K2NmVwpOL3gwWUtINTRLTlA5WEZhQy9aQStoWWNFSG5ZRGZHa01vYXZHVnE1ZnB5T2Zqd2dLT1llVDhTZkJ0VG9zRUNqCkFjR3FmVHp1VGlpSkozaFlNMVViMGVUdzVSU21Gc0tGNm5icG5RYnYzQm1iNjR1WStVbzZaYUM2RXh0SmsxcWYKcjVpbmxjTDA0Sk1UYVhVQ3lMSW5mdjZMZXVXTllldmpmN1dyblJiZ2xuUGJYVDEvazREVDJlWkRiaWFTVHNHcApGUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
||||
vault-example-key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd2hESVE2UXJYSGFKMVB4VGp4Yjl0YUMyOCtTeURTbVlvN0dOMFAxN2xYYVAzR1JDCktKNU84aDFTTHRPZVRxbU5nZ2EyOTRLVTh3bUdkWFdkNk1wUkZwbGx4SXc4a05uUURpMHVoeG9UQlNvS3FHb2kKVnN6cUVUc2wxNHhGbzZiQzNkV0ZvRTAzbkFLdE43UnNnRmV1V0YvYmlSSE1hczBkQUFFK3pub2NZVXJDQXQ4VQpLN09ESmcwWis0Q0VxUzZ2cWpVSDRPMHlpL0Nuc2dnT1duZFZUV2E4S3ltSUQzMHFSQ3MzWVZCM3k0V0E1TFBQCndtRU5TblFYTnNPeTdrZHF3amFCeVdzbys5RWJvc2dwNVd2bURTOGNNUXh4ZXFwUUEwTWN5WHhPWkVCWW5GUHgKcDJTbG9LK1dkdVlZbWhuWCtPaC9lUXpudCtiRWYvdjVoNldDWlFJREFRQUJBb0lCQUh1UGNlTFhZU0JTL1BrVgoyeUhzOG9hMUdDZDdnZjR0Y05rd2tHbnpLcitFS0o2Yld5QS9nMlpXVXVBcnJzekkyYWRqSFJYRUY1QVNqWUMxCjdWK3RpU21KYTZsVDNMQWhibjNJT0txZWFHUE9XOURWR3A0SGhEU0tZMUsxSmhYSGRLVUhjVGdhVWdETUYzdXoKTGE0ZHBZenhJM2RIVk03Zlg4cUVBSGc0ZVY5YnZQdTN4M0NQNm9yV1l0bzZzbUhEcjN2ZkZPM0RMQnIwVHRzRwpVVS9mbjcrU1U3Y2FmQTRJemc0TTlKdXl2aHZzZm91SENCajVXczJvWWxOY2FoV2pxY0tGZnA0WUoya0hkK2dlClR4VlVIejBKTDIrY0pQdThLQ0IxdllKanlwRnhvRlRUZC81cXptK3ZsK2pRNUprY2Nxd3luaXJXYVVKRm5XU3kKank3dnlyVUNnWUVBMmkxRzhHM050YkJHZHFNeVJjQmdGUHZrNXVqTUlGT1hJNHNIVkZ1TEluYzF1MGZZNkR3dQpObEJzNmFCU0ZYOSsybk1seVFDMzlzelVyWlRQakRmRkZvcGczR2FpQ0hvY09yYUVFUWhPSDBWaVpUNGJjMWE0ClNuV3F6aWRhdmkzN3FMZjB2aXladCtsYmg2NllPUWxBSHFPSW4wUlhoUzk1TjBsTzlXYkhCUjhDZ1lFQTQ3VngKRFVSS2xWL1V3REJBa3F6cVpxSWdESklwdGRGL2Yvam9uUXlVYnBLM2llYWUyN3pmaHNLZEFTRGZBcHA5aTd5KwpST1NWdnNWUGRidU9vWGJKQWxzcVJlSVBYdmVYODdGWlluNVZhWkdVdjBteHlwQXZ0NTcrdFdWT1E1aGZydGNYCk1DMyttWFFUTkxhZUxGMThySW11UktENlBxNW1JVk5kS3hibjQvc0NnWUVBeFpFT2xoVzRtL2grTmx4ZDM4L3UKc2RIUVhGRWUxMzhhYy9NbnRmb1hxaVF0SWVSVHhTa0o1K0U0WHU3d3Bjc0lRaVRYYUljZ0QzczRjOTgzZW8vZQpCeVZUeFFHalpPMit0bVFrZjQvM3ZsV0VYbzI1S2Q2emo2bXgvSENpdVdqR1pPZi8xbDVvN0tPQ1lRRjNrdDZQCms2OGV2cXFTWG1hNDY1bVV5S0JEUkowQ2dZRUF3Y2llcmppbzlGZzZ1VmdYQy93bCt6UUw3RWJUUWsxSW9VTFYKeXhseWxHczkwUmkzcHE4azF3MTJDZ2pNWU8zUzNBSEROdVFGWC9XUXV0UGovUnNXMDI5OEdUN1o3K3Jyb05NVQpDNU1SNHlhbW5PZjlhektydVN1US9oUjV0MkxNUXdIL1ZOdy9xSjQwM2c1dnE3ZmZxd0g4a2FFaGRnaDdGKzlYCkFaMmJ1Tk1DZ1lBZWJEaTMrQ3VmQzFOOGlwWUdVS1hSOFRSaFJPdDlmTzdGYjJRM25NdE1UZUx2YzJxNXlaY3oKdThIVUZCbk56Mmx6WDV3N2VwOUtSNzhvRFhRaVZGTnBYY1JwYm9ONS9YZHNFbUlXemNlN0V4ZFI4TGE4TS9YcQpKazkwdis0T2ovd013enlBZm9ZT0NHZ3Y0ZWdCNmZ0MXRwMVBjUG1QcTZCcnF3am1wNERYYmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
|
||||
ca.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVZnFKeTY5QXlnY1l5MGgvbC9XdTRkeVU4MlRFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VqRUxNQWtHQTFVRUJoTUNRVlV4RURBT0JnTlZCQWdUQjBWNFlXMXdiR1V4RWpBUUJnTlZCQWNUQ1UxbApiR0p2ZFhKdVpURVFNQTRHQTFVRUNoTUhSWGhoYlhCc1pURUxNQWtHQTFVRUN4TUNRMEV3SGhjTk1qQXdNekF4Ck1ETXlOVEF3V2hjTk1qVXdNakk0TURNeU5UQXdXakJTTVFzd0NRWURWUVFHRXdKQlZURVFNQTRHQTFVRUNCTUgKUlhoaGJYQnNaVEVTTUJBR0ExVUVCeE1KVFdWc1ltOTFjbTVsTVJBd0RnWURWUVFLRXdkRmVHRnRjR3hsTVFzdwpDUVlEVlFRTEV3SkRRVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNelVkWGlOCjRiN3dDK3JrRlFkTFlsclpleWttNkQrYk16T3B2N0JnZUkrdnIrVy9GZE9HR1ZkMnQwbWpDMVhvcWgrSCtERU0Kc3Z0bFpLOW9DT080RnlleUZuSXhqcktDNXp0REJJSlNJYzhYR2NjUTVFY1VXdDRiMnVOVXVKM1dMVFlYcFpFeApqVnd3YzY4aHJ6cC82TDVuMUJxVERxaWxCYk5JUi91OUdmeU40bWpXQlRUbzArTFhkakpkZ3BvOWxmWC83aEFhCnRxT0FIcFJqRWhJM0RreEZyREdSVlJsQ1ZBZlo2MWt5bFRWLzJNMW5CalJWU2RTbDlJK0lWeU4xbXpMM3AzTGwKQ3lwYWxpbGtTWS9LaTNsSFRpNnZGeEJ6c042c3N5SktmeDdpMVJmNDk2MjlKQWZNNXFad0x4enp5OFFNeEw0ZQpMN1VyYmdNMWgwRUhCa0VDQXdFQUFhTm1NR1F3RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJCk1BWUJBZjhDQVFJd0hRWURWUjBPQkJZRUZEVmQ0QkJPbWlvcWNHZmM0RTFRSkpTd3BmbzNNQjhHQTFVZEl3UVkKTUJhQUZEVmQ0QkJPbWlvcWNHZmM0RTFRSkpTd3BmbzNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFnMkZBWApnTUF4UXlndzVrcGkrSFpNWDg5K0QxQ1ptVHhGUXBhUk5vSzdOR1NTVGZLS1Z0Vjdaa1IxVVhJWVJhZTF0R2o2Cm1YeHRpOS9xd281ZlpBckNEaloyVVVNV29EVHFTNHY3ZGVaVmxiRmlVWnl2VXRPb0hjTEhhWitLdmlkVG0yL3UKMDJ0TjhscGtEMDFzeXU5akIyK2wrT01CMUtlRGpXNS8wcDk0ay8xMUd5U2dJRDF1RVVyaFUrai9CMFp1L09GegpXNE00akcrRWlsK1puMHpzcm1wVStmQk1RK20wQzFXZ05mU3NKU0FCYlZxSEVMQ05USUYzVG91V3lNdEE1YUZxCnJ1SFQwNUxxUzl6QVVKNTZ0Q2dqbGdHMDUrUG9FQjFSZUtvV1JURnBNQ0JSL0RxWjk4SnprRDNLYTJyVkMwOXgKUCs1TTNobzl0Q3J4SW42bQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
|
||||
@ -15,7 +15,7 @@ cfssl gencert \
|
||||
-ca=ca.pem \
|
||||
-ca-key=ca-key.pem \
|
||||
-config=ca-config.json \
|
||||
-hostname="vault-example,vault-example.vault-example.svc.cluster.local,localhost,127.0.0.1" \
|
||||
-hostname="vault-example,vault-example.vault-example.svc.cluster.local,vault-example.vault-example.svc,localhost,127.0.0.1" \
|
||||
-profile=default \
|
||||
vault-csr.json | cfssljson -bare vault-example
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user