marko/docker-development-youtube-series
1
0
Fork 0
mirror of https://github.com/marcel-dempers/docker-development-youtube-series.git synced 2025-06-06 17:01:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update vault readme.md, fix some typos

Browse Source 
Two spelling mistakes.
Formatting.
Better linking to text file.
Fix last link.
This commit is contained in:
C.Lee Taylor 2020-10-26 21:26:01 +02:00 committed by Marcel Dempers
parent 4458691860
commit cc5d627723
1 changed files with 7 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hashicorp/vault/readme.md
View File

@ -17,8 +17,8 @@ kind create cluster --name vault --kubeconfig ~/.kube/kind-vault --image kindest
## TLS End to End Encryption ## TLS End to End Encryption
VIDEO: <Coming-Soon> VIDEO: ```<Coming-Soon>```
See steps in `hashicorp/vault/tls/ssl_generate_self_signed.txt` See steps in [./tls/ssl_generate_self_signed.txt](./tls/ssl_generate_self_signed.txt)
You'll need to generate TLS certs (or bring your own) You'll need to generate TLS certs (or bring your own)
Create base64 strings from the files, place it in the `server-tls-secret.yaml` and apply it. Create base64 strings from the files, place it in the `server-tls-secret.yaml` and apply it.
Remember not to check-in your TLS to GIT :) Remember not to check-in your TLS to GIT :)
@ -38,7 +38,7 @@ kubectl -n vault-example get pvc
``` ```
ensure vault-claim is bound, if not, `kubectl -n vault-example describe pvc vault-claim` ensure vault-claim is bound, if not, `kubectl -n vault-example describe pvc vault-claim`
ensure correct storage class is used for your cluster. ensure correct storage class is used for your cluster.
if you need to change the storage class, deleve the pvc , edit YAML and re-apply if you need to change the storage class, delete the pvc, edit YAML and re-apply
## Initialising Vault ## Initialising Vault
@ -49,10 +49,9 @@ kubectl -n vault-example exec -it vault-example-0 vault operator unseal
kubectl -n vault-example get pods kubectl -n vault-example get pods
``` ```
## Depploy the Injector ## Deploy the Injector
VIDEO: <Coming-Soon>
VIDEO: ```<Coming-Soon>```
Injector allows pods to automatically get secrets from the vault. Injector allows pods to automatically get secrets from the vault.
``` ```
@ -68,7 +67,6 @@ For the injector to be authorised to access vault, we need to enable K8s auth
kubectl -n vault-example exec -it vault-example-0 vault login kubectl -n vault-example exec -it vault-example-0 vault login
kubectl -n vault-example exec -it vault-example-0 vault auth enable kubernetes kubectl -n vault-example exec -it vault-example-0 vault auth enable kubernetes
kubectl -n vault-example exec -it vault-example-0 sh kubectl -n vault-example exec -it vault-example-0 sh
vault write auth/kubernetes/config \ vault write auth/kubernetes/config \
token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
@ -77,7 +75,6 @@ kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
exit exit
kubectl -n vault-example get pods kubectl -n vault-example get pods
``` ```
# Summary # Summary
@ -108,7 +105,7 @@ Objective:
* Let's delegate Vault to manage life cycles of our database credentials * Let's delegate Vault to manage life cycles of our database credentials
* Deploy an app, that automatically gets it's credentials from vault * Deploy an app, that automatically gets it's credentials from vault
[Try it](./example-apps/basic-secret/readme.md) [Try it](./example-apps/dynamic-postgresql/readme.md)