Helm/Vault: Difference between revisions
Jump to navigation
Jump to search
| Line 203: | Line 203: | ||
|valign='top' style='width:34%'| | |valign='top' style='width:34%'| | ||
* [https://developer.hashicorp.com/vault/tutorials/secrets-management Vault » Docs » Secrets management] | |||
* [https://developer.hashicorp.com/vault/tutorials/pki/pki-engine Vault » Docs » Build your CA] | |||
* [https://developer.hashicorp.com/vault/tutorials/monitoring Vault » Docs » Monitoring] | |||
* [https://developer.hashicorp.com/vault/tutorials/get-started/learn-ui Vault » Docs » How] | * [https://developer.hashicorp.com/vault/tutorials/get-started/learn-ui Vault » Docs » How] | ||
* [https://developer.hashicorp.com/vault/tutorials/get-started/why-use-vault Vault » Docs » Why] | * [https://developer.hashicorp.com/vault/tutorials/get-started/why-use-vault Vault » Docs » Why] | ||
Revision as of 09:32, 19 January 2026
helm repo add hashicorp https://helm.releases.hashicorp.com
helm repo update && helm repo list
kubectl config get-contexts
|
Helm » Context
|
Helm » Context | |
|---|---|
export KUBECONFIG="${HOME}/.kube/aws-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/dev-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/gcp-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/config"
|
cat <<'EXE'| sudo bash
mkdir -p /var/minikube/pvc/vault/data-vault-0/
chown -R 1001:1001 /var/minikube/pvc/vault/
EXE
|
Helm » Install
|
Helm » Install | |
|---|---|
helm show values hashicorp/vault --version=0.30.1|less
helm show values hashicorp/vault --version=0.31.0|less
| |
export KUBECONFIG="${HOME}/.kube/shahed-ab-kubeconfig.yaml"
kubectl create ns vault || true
|
kubectl get ns|grep vault
kubectl delete ns vault || true
|
|
| |
cat <<'YML'| \
kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: vault-data-vault-0
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hostpath
hostPath:
path: /var/hostpath_pv/vault/data-vault-0
type: DirectoryOrCreate
YML
|
cat << YML | \
kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/name: vault
name: data-vault-0
namespace: vault
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: hostpath
volumeName: vault-data-vault-0
YML
|
cat <<'YML' | \
helm -n=vault upgrade -i vault hashicorp/vault --version=0.31.0 -f -
---
global:
enabled: true
injector:
replicas: 1
image:
repository: hashicorp/vault-k8s
tag: 1.7.0
agentImage:
repository: hashicorp/vault
tag: 1.20.1
server:
image:
repository: hashicorp/vault
tag: 1.20.1
resources:
requests:
memory: 256Mi
cpu: 250m
limits:
memory: 512Mi
cpu: 500m
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
ingressClassName: nginx
hosts:
- host: vault.shahed.biz.ops
dataStorage:
size: 10Gi
enabled: true
storageClass: standard
dev:
enabled: false
ui:
enabled: true
serviceType: ClusterIP
YML
|
|
kubectl -n vault exec -it svc/vault -- vault operator init
kubectl -n vault exec -it svc/vault -- vault status
kubectl -n vault exec -it svc/vault -- ash
:'
vault operator init
vault operator unseal
vault status
'
|
Unseal Key 1: 2CMJ+UxMNVo7OD9ovT9ZUQmGFCj1nNOaAttIow9TNybq Unseal Key 2: RGbEYaLbwElPYmNfSxvpGCJre+rQe0aJ/qjKilU80rQ0 Unseal Key 3: GMkN2PdMVFgwmyCPBC3hwd1NzNGba7HLr9mP2NCmz4eQ Unseal Key 4: QWn5JBPeptgKd19c7A22PSQ4RZsiNkPgngvBkgUoyC3d Unseal Key 5: expQJJ5HZ1tq30TvUO8dYsjzfYr+fj//hOO8RBhULgpC Initial Root Token: hvs.zv7QKjHDzNPFQOG7UMwTm72y |
helm -n=vault status vault
helm -n=vault get manifest vault
|
telnet vault.shahed.biz.ops 443
setsid open https://vault.shahed.biz.ops >/dev/null 2>&1 &
|
References
|
References | ||
|---|---|---|