Sebastien Braun planetrobbie

I hereby claim:

To claim this, I am signing this object:

Vault Kubernetes - sidecar integration step by step guide

git clone https://github.com/hashicorp/vault-guides.git

	$ Terraform AWS workshop

	# Demo Prep

	source ~/in/aws/auth.sh
	aws ec2 describe-instances

	If failure auth to AWS Console

	https://eu-west-3.signin.aws.amazon.com

	$ Vault k8s sidecar

	- [article](https://learn.hashicorp.com/vault/identity-access-management/vault-agent-k8s)
	- [code](https://github.com/hashicorp/vault-guides/tree/master/identity/vault-agent-k8s-demo)
	- [RFC vault agent template](https://docs.google.com/document/d/1TBE5TuzgXpTBq2gGaJLd9gjWd1KW1MfXm2AUEIvFJtY/edit)
	- [RFC Vault Kubernetes Admissions Webhook](https://docs.google.com/document/d/1nEaJiH_WO3SaHU178-zHRvz1Ic4m5q6ofbJJYxOV0X4/edit) mutate pod specs to add sidecar which will auth/auto renew and write secrets to a shared in-memory volume. Will live in a new binary named vault-k8s similar to consul-k8s.
	- Above is using [Kubernetes Admission Webhooks available in 1.9](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) configured using annotations.

	# Example Scripting

	$ Vault ssh

	OpenSSH 5.4 (March 2010), an SSH signed certificate contains a public key and metadata: Validity, Principals and Extensions

	# Client Signing

	## Create a key for user

	ssh-keygen -t rsa -C "[email protected]"

	Terraform Enterprise instalation

	# Docs
	https://www.terraform.io/docs/enterprise/install/installer.html
	https://www.terraform.io/docs/enterprise/before-installing/rhel-requirements.html
	https://www.terraform.io/docs/enterprise/before-installing/rhel-requirements.html

	# Check docker version

	docker -v

	{
	"info": {
	"_postman_id": "2255e3f0-2da2-4530-aff9-9673d1e5fdb9",
	"name": "HashiCorp Vault TFE Onboard",
	"description": "Onboarding a Project team on Vault",
	"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
	},
	"item": [
	{
	"name": "namespace",