Created
July 7, 2019 14:49
-
-
Save nehrman/6934c0303b800b044b880d7a458361a3 to your computer and use it in GitHub Desktop.
description
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [[snippets]] | |
| description = "Consul - List all known datacenters from the catalog" | |
| command = "consul catalog datacenters" | |
| tag = ["consul"] | |
| output = "dc1\n" | |
| [[snippets]] | |
| description = "Consul - List all known members of a Consul Cluster" | |
| command = "consul members" | |
| tag = ["consul"] | |
| output = "Node Address Status Type Build Protocol DC Segment\nraspnomad01 192.168.1.60:8301 alive server 1.4.2+ent 2 dc1 <all>\n" | |
| [[snippets]] | |
| description = "300 - Demo Hashiconf Step 3 - Create vault Service Account on K8s" | |
| command = "kubectl create sa fruits-catalog-vault" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "301 - Demo Hashiconf Step 3 - Create Cluster Role Binding for vault Service Account on K8s" | |
| command = "kubectl create -f fruits-catalog-vault-service-account.yaml -n fruits-catalog" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "302 - Demo Hashiconf Step 3 - Retrieve User secret for MongoDB" | |
| command = "MONGODB_USER=$(kubectl get secret/mongodb -o jsonpath=\"{.data.database-user}\" | base64 -D)" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "303 - Demo Hashiconf Step 3 - Retrieve Password secret for MongoDB" | |
| command = "MONGODB_PWD=$(kubectl get secret/mongodb -o jsonpath=\"{.data.database-password}\" | base64 -D)" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "304 - Demo Hashiconf Step 3 - Add User & Password secret to KV Store" | |
| command = "vault write kv/fruits-catalog-mongodb user=${MONGODB_USER} password=${MONGODB_PWD}" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "305 - Demo Hashiconf Step 3 - Enable K8s auth method on Vault" | |
| command = "vault enable auth kubernetes" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "306 - Demo Hashiconf Step 3 - Configure K8s auth method" | |
| command = "vault write auth/kubertes/config token_reviewer_jwt=token " | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "307 - Demo Hashiconf Step 3 - Configure K8s Roles" | |
| command = "vault write auth/kubertes/roles/fruits-catalog bound_service_account_names=vault_auth bound_service_account_namespaces=fruits-catalog policies=fruits-catalog-static ttl=24h" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "308 - Demo Hashiconf Step 3 - Create policy for fruits-catalog-mongodb" | |
| command = "vault policy write fruits-catalog-static fruits-catalog-static.hcl" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "400 - Demo Hashiconf Step 4 - Retrieve Mongodb Admin Password" | |
| command = "kubectl get secret/mongodb -o jsonpath=\"{.data.database-admin-password}\" | base64 -D" | |
| tag = ["hashiconf-step4"] | |
| output = "" | |
| [[snippets]] | |
| description = "401 - Demo Hashiconf Step 4 - Reconfiguring Fruits Minikube Role" | |
| command = "vault write auth/minikube/role/fruits-catalog bound_service_account_names=vault-auth bound_service_account_namespaces=fruits-catalog policies=fruits-catalog-static,fruits-catalog-dynamic ttl=24h" | |
| tag = ["hashiconf-step4"] | |
| output = "" | |
| [[snippets]] | |
| description = "100 - Demo Hashiconf Step 1# - Start Minikube with VMware driver" | |
| command = "minikube start --vm-driver vmware --memory 8096 --cpus 4 --disk-size 50GB" | |
| tag = ["hashiconf-step1"] | |
| output = "" | |
| [[snippets]] | |
| description = "101 - Demo Hashiconf Step 1# - Create Tiller Service Account" | |
| command = "kubectl create sa tiller -n kube-system" | |
| tag = ["hashiconf-step1"] | |
| output = "" | |
| [[snippets]] | |
| description = "102 - Demo Hashiconf Step 1# - Create ClusterRoleBinding for Tiller Service Account" | |
| command = "kubectl create clusterrolebinding tiller-admin --serviceaccount=kube-system:tiller --clusterrole=cluster-admin" | |
| tag = ["hashiconf-step1"] | |
| output = "" | |
| [[snippets]] | |
| description = "103 - Demo Hashiconf Step 1# - Initialize helm with tiller service account" | |
| command = "helm init --service-account=tiller" | |
| tag = ["hashiconf-step1"] | |
| output = "" | |
| [[snippets]] | |
| description = "200 - Demo Hashiconf Step 2 - Setn KEYCLOAK_URL Env variable for Deploy/fruits-catalog" | |
| command = "kubectl set env deploy/fruits-catalog KEYCLOAK_URL=https://keycloak.testlab.local/auth -n fruits-catalog" | |
| tag = ["hashiconf-step2"] | |
| output = "" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment