Last active
April 28, 2019 21:55
-
-
Save kainlite/269dd3f96ef2b5505a50513eef9ff94c to your computer and use it in GitHub Desktop.
kubernetes vault test
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Finally let's create our app and see if we can fetch secrets from Vault | |
| $ kubectl apply -f example-k8s-spec.yml | |
| # The init container log should look something like this if everything went well. | |
| $ kubectl logs vault-agent-example vault-agent-auth -f | |
| Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --privileged or --cap-add IPC_LOCK | |
| ==> Vault server started! Log data will stream in below: | |
| ==> Vault agent configuration: | |
| Cgo: disabled | |
| Log Level: info | |
| Version: Vault v1.1.2 | |
| Version Sha: 0082501623c0b704b87b1fbc84c2d725994bac54 | |
| 2019-04-28T20:37:46.328Z [INFO] sink.file: creating file sink | |
| 2019-04-28T20:37:46.328Z [INFO] sink.file: file sink configured: path=/home/vault/.vault-token | |
| 2019-04-28T20:37:46.329Z [INFO] auth.handler: starting auth handler | |
| 2019-04-28T20:37:46.329Z [INFO] auth.handler: authenticating | |
| 2019-04-28T20:37:46.334Z [INFO] sink.server: starting sink server | |
| 2019-04-28T20:37:46.456Z [INFO] auth.handler: authentication successful, sending token to sinks | |
| 2019-04-28T20:37:46.456Z [INFO] auth.handler: starting renewal process | |
| 2019-04-28T20:37:46.456Z [INFO] sink.file: token written: path=/home/vault/.vault-token | |
| 2019-04-28T20:37:46.456Z [INFO] sink.server: sink server stopped | |
| 2019-04-28T20:37:46.456Z [INFO] sinks finished, exiting | |
| # Then we use a port-forward to test if the template created the files with our secrets correctly | |
| $ kubectl port-forward pod/vault-agent-example 8080:80 | |
| # As we can see here we were able to fetch our secrets | |
| $ curl -v localhost:8080 | |
| * Trying 127.0.0.1... | |
| * TCP_NODELAY set | |
| * Connected to localhost (127.0.0.1) port 8080 (#0) | |
| > GET / HTTP/1.1 | |
| > Host: localhost:8080 | |
| > User-Agent: curl/7.64.1 | |
| > Accept: */* | |
| > | |
| < HTTP/1.1 200 OK | |
| < Server: nginx/1.15.12 | |
| < Date: Sun, 28 Apr 2019 20:47:02 GMT | |
| < Content-Type: text/html | |
| < Content-Length: 166 | |
| < Last-Modified: Sun, 28 Apr 2019 20:37:53 GMT | |
| < Connection: keep-alive | |
| < ETag: "5cc60f21-a6" | |
| < Accept-Ranges: bytes | |
| < | |
| <html> | |
| <body> | |
| <p>Some secrets:</p> | |
| <ul> | |
| <li><pre>username: appuser</pre></li> | |
| <li><pre>password: suP3rsec(et!</pre></li> | |
| </ul> | |
| </body> | |
| </html> | |
| * Connection #0 to host localhost left intact | |
| * Closing connection 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment