Kubernetes.K3s.installLog/README.md at 1d0e465630e4d8682b2d1c25baf0f62fbf6f590e - Kubernetes.K3s.installLog - code.spamasaurus.com

1.1 KiB

Raw Blame History

1) HashiCorp Vault

Not currently in use (using bitnami sealed-secrets instead); left for reference

1.1) Create `persistentVolume` and `ingressRoute`

Requires specifying a uid & gid in the flexvolSMB-persistentVolume

kubectl create namespace vault
kubectl apply -f services/Vault/persistentVolume-Vault.yml
kubectl apply -f services/Vault/ingressRoute-Vault.yml

1.2) Install Helm Chart

REMOVED; left for reference See HashiCorp Vault:

helm repo add hashicorp https://helm.releases.hashicorp.com
helm repo update
helm install vault hashicorp/vault --namespace vault --values=services/Vault/chart-values.yml

Configure Vault for use;

~~Enable Kubernetes authentication (see https://www.vaultproject.io/api-docs/auth/kubernetes)~~- Store basic access policy template
Enable kv-engine

# kubectl exec -n vault -it vault-0 -- sh

# It might be necessary to first login with an existing token:
# vault login

cat <<EOF > /home/vault/app-policy.hcl
path "secret*" {
  capabilities = ["read"]
}
EOF

vault secrets enable -path=secret -version=2 kv