Sample Vault injection

title: “Sample Vault injection”
date: 2020-02-17T09:23:42
slug: sample-vault-injection

helm delete vault-helm
kubectl delete pvc data-vault-helm-0
kubectl delete -f pv.yaml
kubectl delete -f app.yaml
kubectl delete -f app\_secrets.yaml
rm -rf /STORAGE/vault/\*

kubectl config set-context --current --namespace=default
kubectl create -f pv.yaml
helm install vault-helm vault-helm
kubectl get pods
kubectl logs vault-helm-0
kubectl exec -it vault-helm-0 sh

vault operator init
vault operator unseal
vault operator unseal
vault operator unseal
vault login
vault secrets enable -path="secret" kv

cat <<EOF > /home/vault/app-policy.hcl
path "secret\*" {
 capabilities = ["read"]
}
EOF

vault policy write app /home/vault/app-policy.hcl

vault auth enable kubernetes

vault write auth/kubernetes/config \
 token\_reviewer\_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
 kubernetes\_host=https://${KUBERNETES\_PORT\_443\_TCP\_ADDR}:443 \
 kubernetes\_ca\_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt

vault write auth/kubernetes/role/myapp \
 bound\_service\_account\_names=app \
 bound\_service\_account\_namespaces=default \
 policies=app \
 ttl=1h

vault kv put secret/helloworld username=foobaruser password=foobarbazpass

kubectl create -f app.yaml
kubectl get pods
kubectl delete -f app.yaml
kubectl create -f app\_secrets.yaml
kubectl get pods
cat /vault/secrets/helloworld
Print Friendly, PDF & Email