Helper setup to edit .yaml files with Vim:
List of general purpose commands for Kubernetes management:
Mishco
/ kubernetes.md
Last active
October 21, 2021 09:47
— forked from agup006/kubernetes.md
Kubernetes Commands
Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault is primarily used in production environments to manage secrets. Vault is a complex system that has many different pieces. There is a clear separation of components that are inside or outside of the security barrier. Only the storage backend and the HTTP API are outside, all other components are inside the barrier.
Figure 1: Architecture of Vault and Spring App (Click to enlarge)
The storage backend is untrusted and is used to durably store encrypted data. When the Vault server is started, it must be provided with a storage backend so that data is available across restarts. The HTTP API similarly must be started by the Vault server on start so that clients can interact with it.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.6' | |
| services: | |
| vault: | |
| image: vault:latest | |
| container_name: vault | |
| restart: on-failure:10 | |
| ports: | |
| - "8201:8201" | |
| environment: | |
| VAULT_ADDR: 'https://0.0.0.0:8201' |
Mishco
/ docker-compose.server.yml
Created
June 2, 2022 07:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.6' | |
| services: | |
| vault: | |
| image: vault:latest | |
| container_name: vault | |
| restart: on-failure:10 | |
| ports: | |
| - "8201:8201" | |
| environment: | |
| VAULT_ADDR: 'https://0.0.0.0:8201' |
Mishco
/ spring-policy.hcl
Created
June 2, 2022 07:38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| path "kv/*" { | |
| capabilities = ["create", "read", "update", "delete", "list"] | |
| } | |
| path "kv/my-secret" { | |
| capabilities = ["read"] | |
| } |
Mishco
/ workflow-vault.sh
Last active
June 2, 2022 07:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Start vault | |
| vault server -config vault-test.hcl | |
| # Export values | |
| export VAULT_ADDR='https://0.0.0.0:8201' | |
| export VAULT_SKIP_VERIFY='true' | |
| # Parse unsealed keys |
Mishco
/ VaultConfig.java
Created
June 2, 2022 07:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Configuration | |
| public class VaultConfig extends AbstractVaultConfiguration { | |
| @Override | |
| public ClientAuthentication clientAuthentication() { | |
| return new TokenAuthentication("00000000-0000-0000-0000-000000000000"); | |
| } | |
| @Override | |
| public VaultEndpoint vaultEndpoint() { |
Mishco
/ CredentialsService.java
Created
June 2, 2022 07:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Service | |
| public class CredentialsService { | |
| private VaultTemplate vaultTemplate; | |
| public void secureCredentials(String storagePlace, Credentials credentials) { | |
| initVaultTemplate(); | |
| vaultTemplate.write("kv/" + storagePlace, credentials); | |
| } |
Mishco
/ docker-compose.yml
Last active
June 2, 2022 07:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| vault-java-demo: | |
| image: registry.exxeta.com/exxetask/vault-java-demo:develop | |
| container_name: vault-java-demo | |
| restart: on-failure:10 | |
| ports: | |
| - "8444:8444" | |
| volumes: | |
| - vault-volume:/data | |
| healthcheck: |
Mishco
/ azure.yaml
Created
June 2, 2022 08:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - powershell: | | |
| $params = "$env:SONARQUBE_SCANNER_PARAMS" -replace '"sonar.branch.name":"[\w,/,-]*"\,?' | |
| Write-Host "##vso[task.setvariable variable=SONARQUBE_SCANNER_PARAMS]$params" | |
| displayName: "Remove branches info" |
OlderNewer