# Checkout the bank-vaults project
2
3git clone [email protected]:banzaicloud/bank-vaults.git
4
5cd bank-vaults
6
7# Install the vault-operator and create a Vault instance
8# with it, which has the Kubernetes auth method configured
9
10kubectl apply -f operator/deploy/rbac.yaml
11
12kubectl apply -f operator/deploy/operator.yaml
13kubectl apply -f operator/deploy/operator-rbac.yaml
14kubectl apply -f operator/deploy/cr.yaml
15
16# Now you have a fully functional Vault installation on top of Kubernetes,
17# orchestrated by the `banzaicloud/vault-operator` and `banzaicloud/bank-vaults`.
18
19# Now install the mutating webhook with Helm
20
21helm init
22
23helm repo add banzaicloud-stable http://kubernetes-charts.banzaicloud.com/branch/master
24
25helm upgrade --install wmwh banzaicloud-stable/vault-secrets-webhook
26
27# Set the Vault token from the Kubernetes secret
28# (for demonstrating purposes only)
29
30export VAULT_TOKEN=$(kubectl get secrets vault-unseal-keys -o jsonpath={.data.vault-root} | base64 -D)
31
32# Tell the CLI that Vault Cert is signed by an unknown CA
33
34export VAULT_SKIP_VERIFY=true
35
36# Tell the CLI where Vault is listening
37
38export VAULT_ADDR=https://127.0.0.1:8200
39
40# Forward the TCP connection from your Vault pod to localhost (in the background)
41
42kubectl port-forward vault-0 8200 &
43
44# Write a secret into Vault, which will be injected as an environment variable
45
46vault kv put secret/accounts/aws AWS_SECRET_ACCESS_KEY=s3cr3t
47
48# Apply the Deployment with special environment variables
49# this will be mutated by the webhook
50
51kubectl apply -f deploy/test-deployment.yaml
Created
August 19, 2019 15:45
-
-
Save stenio123/984e025da9f4dd458871adf319e30b6e to your computer and use it in GitHub Desktop.
Vault K8s MutableWebhook
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment