Skip to content

Commit 61f8de6

Browse files
MichaelCadeMichaelCade
committed
adding day 39 - secrets management
1 parent 80f91f9 commit 61f8de6

2 files changed

Lines changed: 34 additions & 5 deletions

File tree

2023/day39.md

Lines changed: 25 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -179,7 +179,7 @@ With the following command we will create a kubernetes authentication role
179179
```
180180
vault write auth/kubernetes/role/webapp \
181181
bound_service_account_names=vault \
182-
bound_service_account_namespaces=default \
182+
bound_service_account_namespaces=webapp \
183183
policies=webapp \
184184
ttl=24h
185185
```
@@ -194,6 +194,12 @@ We will create a deployment yaml that looks like the following.
194194

195195
```
196196
---
197+
apiVersion: v1
198+
kind: ServiceAccount
199+
metadata:
200+
name: vault
201+
EOF
202+
---
197203
apiVersion: apps/v1
198204
kind: Deployment
199205
metadata:
@@ -217,7 +223,7 @@ spec:
217223
imagePullPolicy: Always
218224
env:
219225
- name: VAULT_ADDR
220-
value: 'http://vault.vault:8200'
226+
value: 'http://vault.vault.svc.cluster.local:8200/'
221227
- name: JWT_PATH
222228
value: '/var/run/secrets/kubernetes.io/serviceaccount/token'
223229
- name: SERVICE_PORT
@@ -226,4 +232,20 @@ spec:
226232

227233
Create the webapp namespace
228234

229-
`kubectl create ns webapp`
235+
`kubectl create ns webapp`
236+
237+
Our YAML consists of our simple web app and the service account.
238+
239+
`kubectl create -f deployment-01-webapp.yml -n webapp`
240+
241+
I also want to note that the helm chart for vault will deploy
242+
243+
You can check that the authentication has worked by checking pods in the webapp namespace, if they are not in a running state or not there at all then something is not right as this is communicating with vault to make sure that this service is running.
244+
245+
Once the pod is running, we need to port forward our webapp
246+
Find the pod name and then port forward that.
247+
```
248+
kubectl get pods -n webapp
249+
kubectl port-forward <PODNAME> -n webapp 8080:8080
250+
```
251+

2023/day39/deployment-01-webapp.yml

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,15 @@
11
---
2+
apiVersion: v1
3+
kind: ServiceAccount
4+
metadata:
5+
name: vault
6+
namespace: webapp
7+
---
28
apiVersion: apps/v1
39
kind: Deployment
410
metadata:
511
name: webapp
12+
namespace: webapp
613
labels:
714
app: webapp
815
spec:
@@ -22,8 +29,8 @@ spec:
2229
imagePullPolicy: Always
2330
env:
2431
- name: VAULT_ADDR
25-
value: 'http://127.0.0.1:8200'
32+
value: 'http://vault.vault.svc.cluster.local:8200/'
2633
- name: JWT_PATH
2734
value: '/var/run/secrets/kubernetes.io/serviceaccount/token'
2835
- name: SERVICE_PORT
29-
value: '8080'
36+
value: '8080'

0 commit comments

Comments
 (0)