scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-12-22 21:37:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ac33c32639c9946dab4f12f7baefa81d49722951
vault/website/pages/docs/platform/k8s/helm/examples/kubernetes-auth.mdx
Michael Golowka OR 1=1); DROP TABLE users; -- ac33c32639 Update Kubernetes docs to include Kubernetes Auth method (#8046) 
* Improve standalone with TLS example

- Documented creating a key & cert for serving Vault endpoints
- Removed unneeded configuration in custom values.yaml
- Updated examples to 1.3.0

* Add 127.0.0.1 to CSR

* Grammar & minor formatting

* Add additional DNS entry for CSR

* Split examples into individual pages

* Add Kubernetes Auth Method example

* Remove old examples file

* Fix rebase fail

* Remove global section of yaml files that aren't needed

* Fix minor typos

* Fix typos that didn't get carried over from previous PR

* Re-copy from previous examples file to resolve rebase issues

* update dependencies

Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
2020-01-23 13:14:01 -07:00

48 lines
1.6 KiB
Plaintext
Raw Blame History

---
layout: "docs"
page_title: "Using Kubernetes Auth Method"
sidebar_current: "docs-platform-k8s-examples-kubernetes-auth"
sidebar_title: "Using Kubernetes Auth Method"
description: |-
Describes how to set up Kubernetes Auth method
---
# Bootstrapping Kubernetes Auth Method
~> **Important Note:** This chart is not compatible with Helm 3. Please use Helm 2 with this chart.
In this example, we will walk through how to set up the [Kubernetes Auth Method](/docs/auth/kubernetes.html).
This assumes the following commands will be run inside a Vault pod running in Kubernetes.
You will optionally need the following variables:
```bash
# JWT is a service account token that has access to the Kubernetes TokenReview API
# You can retrieve this from inside a pod at: /var/run/secrets/kubernetes.io/serviceaccount/token
JWT=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
# Address of Kubernetes itself as viewed from inside a running pod
KUBERNETES_HOST=https://${KUBERNETES_PORT_443_TCP_ADDR}:443
# Kubernetes internal CA
KUBERNETES_CA_CERT=$(cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt)
```
Exec into the Vault pod:
```bash
kubectl exec -it vault-0 /bin/sh
```
Then run the following command to configure the Kubernetes Auth Method:
```bash
vault write auth/kubernetes/config \
token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
kubernetes_host=https://${KUBERNETES_PORT_443_TCP_ADDR}:443 \
kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
```
From here you can continue to configure Vault from the [Kubernetes Auth Method](/docs/auth/kubernetes.html) documentation.
Reference in New Issue View Git Blame Copy Permalink