This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Set VAULT_SA_NAME to the service account you created earlier | |
| $ export VAULT_SA_NAME=$(kubectl get sa vault-auth -o jsonpath="{.secrets[*]['name']}") | |
| # Set SA_JWT_TOKEN value to the service account JWT used to access the TokenReview API | |
| $ export SA_JWT_TOKEN=$(kubectl get secret $VAULT_SA_NAME -o jsonpath="{.data.token}" | base64 --decode; echo) | |
| # Set SA_CA_CRT to the PEM encoded CA cert used to talk to Kubernetes API | |
| $ export SA_CA_CRT=$(kubectl get secret $VAULT_SA_NAME -o jsonpath="{.data['ca\.crt']}" | base64 --decode; echo) | |
| # Set K8S_HOST to minikube IP address |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Finally let's create our app and see if we can fetch secrets from Vault | |
| $ kubectl apply -f example-k8s-spec.yml | |
| # The init container log should look something like this if everything went well. | |
| $ kubectl logs vault-agent-example vault-agent-auth -f | |
| Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --privileged or --cap-add IPC_LOCK | |
| ==> Vault server started! Log data will stream in below: | |
| ==> Vault agent configuration: |
kainlite
/ vault-agent-example.yaml
Last active
April 28, 2019 22:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: vault-agent-example | |
| spec: | |
| serviceAccountName: vault-auth | |
| restartPolicy: Never |
kainlite
/ consul-template-config.hcl
Created
April 28, 2019 22:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vault { | |
| renew_token = false | |
| vault_agent_token_file = "/home/vault/.vault-token" | |
| retry { | |
| backoff = "1s" | |
| } | |
| } | |
| template { | |
| destination = "/etc/secrets/index.html" |
kainlite
/ vault-agent-config.hcl
Created
April 28, 2019 22:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Uncomment this to have Agent run once (e.g. when running as an initContainer) | |
| exit_after_auth = true | |
| pid_file = "/home/vault/pidfile" | |
| auto_auth { | |
| method "kubernetes" { | |
| mount_path = "auth/kubernetes" | |
| config = { | |
| role = "example" | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "log" | |
| "net" | |
| "net/http" | |
| "os" | |
| "strconv" | |
| ) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "net/http" | |
| "net/http/httptest" | |
| "testing" | |
| ) | |
| func TestHandler(t *testing.T) { | |
| req, err := http.NewRequest("GET", "/", nil) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM golang:1.12-alpine | |
| LABEL maintainer="[email protected]" | |
| # Set the Current Working Directory inside the container | |
| WORKDIR $GOPATH/src/github.com/kainlite/whatismyip-go | |
| COPY . . | |
| # Download all the dependencies | |
| # https://stackoverflow.com/questions/28031603/what-do-three-dots-mean-in-go-command-line-invocations |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| language: go | |
| services: | |
| - docker | |
| before_install: | |
| - docker build --no-cache -t ${TRAVIS_REPO_SLUG}:${TRAVIS_COMMIT} . | |
| - docker run ${TRAVIS_REPO_SLUG}:${TRAVIS_COMMIT} /go/src/github.com/kainlite/whatismyip-go/whatismyip-go.test | |
| - docker run -d -p 127.0.0.1:8000:8000 ${TRAVIS_REPO_SLUG}:${TRAVIS_COMMIT} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Configure the digitalocean provider with it's token | |
| variable "DO_TOKEN" {} | |
| provider "digitalocean" { | |
| token = "${var.DO_TOKEN}" | |
| } |