This repository provides supporting scripts and an example Golang application for the Vault Kubernetes Auth Method blog post. These scripts can be run on a standard unix terminal.
- OpenShift
ocCLI should be setup with administrative access. - OpenShift API server
ca.crtfile should be in the current directory. For default installs this file is located in:/etc/origin/master/ca.crt. Please copt this file to the current directory. Example command:sudo cp /etc/origin/master/ca.crt . curlandjqutilities should be installed.- Please see download jq if not installed already.
vaultbinary should be on your PATH. You can download Vault binary here.- Please adjust the environment variables under
Setup environmentappropriately.
# Setup environment
export K8S_API_SERVER="https://master.ocp.example.org"
export VAULT_ADDR="https://vault.example.org:8200"
export VAULT_TOKEN="admin-or-root-token"
# Clone repo and adjust permissions
git clone https://github.com/kawsark/vault-openshift-demo.git
cd vault-openshift-demo
chmod +x *.sh
# Copy the ca.crt file (please adjust path as needed)
sudo cp /etc/origin/master/ca.crt .
# (Optional) Adjust variable default in env.sh
vi env.sh
# Execute scripts
./0_openshift_setup.sh
./1_vault_setup.sh
./2_test_vault_login.sh
./3_deploy_app.sh
Please ensure that the environment variables K8S_API_SERVER, VAULT_ADDR and VAULT_TOKEN are set properly. Then run the clean script.
- Careful: this will delete the OpenShift project, 2 service accounts, Vault Auth method and Vault secrets engine.
./0_cleanup.sh