Skip to content

aradyuk/vault_in_k8s

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
certs/config
certs/config
 
 
consul
consul
 
 
vault
vault
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
init_certs.sh
init_certs.sh
 
 
init_vault.sh
init_vault.sh
 
 

Repository files navigation

Running Vault and Consul on Kubernetes

Related/Useful links: post, Nginx ingress.

Prerequisites

Install:
  1. Installing Go
  2. Install CloudFlare's SSL ToolKit (cfssl and cfssljson)
  3. Consul
  4. Vault
  5. Pre-installed k8s, by default will be used vault namespace
  6. Pre-configured AWS KMS key and access (Role/Policy)

TLS Certificates

Create a Certificate Authority:

$ cfssl gencert -initca certs/config/ca-csr.json | cfssljson -bare certs/ca

Create the private keys and TLS certificates:

$ cfssl gencert \
    -ca=certs/ca.pem \
    -ca-key=certs/ca-key.pem \
    -config=certs/config/ca-config.json \
    -profile=default \
    certs/config/consul-csr.json | cfssljson -bare certs/consul

$ cfssl gencert \
    -ca=certs/ca.pem \
    -ca-key=certs/ca-key.pem \
    -config=certs/config/ca-config.json \
    -profile=default \
    certs/config/vault-csr.json | cfssljson -bare certs/vault

Vault and Consul

Spin up Vault and Consul on Kubernetes:

$ sh create.sh

Environment Variables

In a new terminal window, navigate to the project directory and set the following environment variables:

$ export VAULT_ADDR=https://127.0.0.1:8200
$ export VAULT_TOKEN=your_token

If having problem with x509, without a proper cert is first way with cert the second one:

$ export VAULT_SKIP_VERIFY=true
$ export VAULT_CACERT="certs/ca.pem"

Verify

$ kubectl get pods
$ vault status

Under development:

- AWS KMS integration (for auto-unsealing, and encryption of root-token, unseal keys);
- AWS DynamoDB as a backend-storage of vault;
- Consider to add affinity for consul/vault nodes.

...

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages