Skip to content

rdamrong/consul-vault-helm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
pki
pki
 
 
.vaultrc
.vaultrc
 
 
README.md
README.md
 
 
consul-vaules.yaml
consul-vaules.yaml
 
 
init-result.txt
init-result.txt
 
 
pv.yaml
pv.yaml
 
 
vault-svc.yaml
vault-svc.yaml
 
 
vault-values.yaml
vault-values.yaml
 
 

Repository files navigation

Install HashiCorp Vault on K8s by Helm using HahsiCorp Consul storage backend

  1. Create NFS Server and K8s Cluster (My Private Lab provided by oVirt)
cd /Users/drs/Dropbox/01-Kubernetes/provisioning/ng_lab_home_nfs
terraform destroy --auto-approve; terraform apply --auto-approve
cd /Users/drs/Dropbox/01-Kubernetes/provisioning/ng_lab_home_k8s
terraform destroy --auto-approve; terraform apply --auto-approve

rsync -av [email protected]:.kube/config $HOME/.kube
kubectl get nodes
  1. create pv
#- My Home
cd /Users/drs/Dropbox/01-Kubernetes/scenario/vaultproject/helm
kubectl apply -f pv.yaml

#- For Friends
git clone https://github.com/rdamrong/consul-vault-helm.git
cd consul-vault-helm
kubectl apply -f pv.yaml
  1. Create Secret
kubectl create ns vault
kubectl -n vault create secret generic consul-gossip-key --from-literal=key='UXtObIAKDo7gfV07++izEB8Va7pBsG5YkzS5LaqNTlg='
#- Gossip Key generated from command 'consul keygen'
kubectl -n vault create secret tls tls-server --cert ./pki/server1.crt --key ./pki/server1.key
kubectl -n vault create secret tls tls-ca --cert ./pki/ca.crt --key ./pki/ca.key
#- kubectl -n vault create secret tls consul-consul-connect-inject-webhook-cert --cert ./pki/consul.crt --key ./pki/consul.key
kubectl -n vault create secret tls tls-consul --cert ./pki/consul.crt --key ./pki/consul.key
kubectl -n vault create secret tls  client-tls-init  --cert ./pki/consul.crt --key ./pki/consul.key
  1. Install Consul
helm install consul hashicorp/consul --create-namespace --namespace vault -f consul-vaules.yaml
  1. Install Vault
helm install vault hashicorp/vault --values vault-values.yaml --namespace vault
  1. Unseal
rm -f init-result.txt
kubectl exec --stdin=true --tty=true -n vault  vault-0 -- vault operator init > init-result.txt

cat init-result.txt | grep "Key 1" |awk '{print "kubectl exec -it -n vault vault-0 -- vault operator unseal "$4}' | sed -r "s/\x1B\[[0-9;]*[a-zA-Z]//g" | sh
cat init-result.txt | grep "Key 2" |awk '{print "kubectl exec -it -n vault vault-0 -- vault operator unseal "$4}' | sed -r "s/\x1B\[[0-9;]*[a-zA-Z]//g" | sh
cat init-result.txt | grep "Key 3" |awk '{print "kubectl exec -it -n vault vault-0 -- vault operator unseal "$4}' | sed -r "s/\x1B\[[0-9;]*[a-zA-Z]//g" | sh


cat init-result.txt | grep "Key 1" |awk '{print "kubectl exec -it -n vault vault-1 -- vault operator unseal "$4}' | sed -r "s/\x1B\[[0-9;]*[a-zA-Z]//g" | sh
cat init-result.txt | grep "Key 2" |awk '{print "kubectl exec -it -n vault vault-1 -- vault operator unseal "$4}' | sed -r "s/\x1B\[[0-9;]*[a-zA-Z]//g" | sh
cat init-result.txt | grep "Key 3" |awk '{print "kubectl exec -it -n vault vault-1 -- vault operator unseal "$4}' | sed -r "s/\x1B\[[0-9;]*[a-zA-Z]//g" | sh
  1. Expose and Test Connection
kubectl apply -f vault-svc.yaml
source .vaultrc
vault status

Unknonw Issue

  1. Configuring Gossip Encryption Solved, Sun 15 Oct 2023
  2. Use the same key in every Consul Compoment

About

Install Vault with Consul backend by Helm

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages