Created
July 6, 2019 15:58
-
-
Save nehrman/a6291184cdc8f19d0e71feea954d73db to your computer and use it in GitHub Desktop.
description
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [[snippets]] | |
| description = "Consul - List all known datacenters from the catalog" | |
| command = "consul catalog datacenters" | |
| tag = ["consul"] | |
| output = "dc1\n" | |
| [[snippets]] | |
| description = "Consul - List all known members of a Consul Cluster" | |
| command = "consul members" | |
| tag = ["consul"] | |
| output = "Node Address Status Type Build Protocol DC Segment\nraspnomad01 192.168.1.60:8301 alive server 1.4.2+ent 2 dc1 <all>\n" | |
| [[snippets]] | |
| description = "300 - Demo Hashiconf Step 3 - Create vault Service Account on K8s" | |
| command = "kubectl create sa fruits-catalog-vault" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "301 - Demo Hashiconf Step 3 - Create Cluster Role Binding for vault Service Account on K8s" | |
| command = "kubectl create -f fruits-catalog-vault-service-account.yaml -n fruits-catalog" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "302 - Demo Hashiconf Step 3 - Retrieve User secret for MongoDB" | |
| command = "kubectl get secret/mongodb -o jsonpath=\"{.data.database-user}\" | base64 -D" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "303 - Demo Hashiconf Step 3 - Retrieve User secret for MongoDB" | |
| command = "kubectl get secret/mongodb -o jsonpath=\"{.data.database-user}\" | base64 -D" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "304 - Demo Hashiconf Step 3 - Retrieve Password secret for MongoDB" | |
| command = "kubectl get secret/mongodb -o jsonpath=\"{.data.database-password}\" | base64 -D" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "305 - Demo Hashiconf Step 3 - Add User secret to KV Store" | |
| command = "vault kv put kv/fruit-catatlog-mongodb user=${MONGODB_USER}" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "306 - Demo Hashiconf Step 3 - Add Password secret to KV Store" | |
| command = "vault kv put kv/fruit-catatlog-mongodb password=${MONGODB_PWD}" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "307 - Demo Hashiconf Step 3 - Enable K8s auth method on Vault" | |
| command = "vault enable auth kubernetes" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "308 - Demo Hashiconf Step 3 - Configure K8s auth method" | |
| command = "vault write auth/kubertes/config token_reviewer_jwt=token " | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "309 - Demo Hashiconf Step 3 - Configure K8s Roles" | |
| command = "vault write auth/kubertes/roles/fruits-catalog bound_service_account_names=vault_auth bound_service_account_namespaces=fruits-catalog policies=fruits-catalog-static ttl=24h" | |
| tag = ["hashiconf-step3"] | |
| output = "" | |
| [[snippets]] | |
| description = "310 - Demo Hashiconf Step 3 - Create policy for fruits-catalog-mongodb" | |
| command = "vault policy write fruits-catalog-static fruits-catalog-static.hcl" | |
| tag = ["hashiconf-step3"] | |
| output = "" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment