-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathgke-vault-notes.txt
61 lines (34 loc) · 2.38 KB
/
gke-vault-notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
gcloud container clusters create example-cluster \
--zone europe-west2-a \
--node-locations europe-west2-a,europe-west2-b,europe-west2-c \
--num-nodes 2 --enable-autoscaling --min-nodes 1 --max-nodes 3
gcloud container clusters create example-cluster \
--zone europe-west2-a \
--node-locations europe-west2-a,europe-west2-b,europe-west2-c \
--num-nodes 1
helm install vault hashicorp/vault --set "injector.enabled=false"
helm install vault hashicorp/vault \
--set "server.ha.enabled=true" \
--set "server.ha.raft.enabled=true" \
--set "server.ha.raft.setNodeId=true" \
--set "server.ha.replicas=5" \
--set "injector.enabled=false"
helm install vault hashicorp/vault
helm install vault hashicorp/vault -f helm-vault-overrides.yaml
kubectl create secret generic tls-secret --from-file=tls.crt=./tf-tls/vault_cert.pem --from-file=tls.key=./tf-tls/vault_private_key.pem --from-file=ca.crt=./tf-tls/vault_ca_cert.pem
kind create cluster --config kind-example-config.yaml
kubectl exec --stdin=true --tty=true vault-0 -- vault operator init
kubectl exec --stdin=true --tty=true vault-0 -- vault operator unseal
vault operator init -key-shares=1 -key-threshold=1
vault operator unseal
vault operator raft list-peers
kubectl exec vault-1 -- vault operator raft join http://vault-0.vault-internal:8200
kubectl exec vault-2 -- vault operator raft join http://vault-0.vault-internal:8200
kubectl exec vault-3 -- vault operator raft join http://vault-0.vault-internal:8200
kubectl exec vault-4 -- vault operator raft join http://vault-0.vault-internal:8200
vault operator raft join -leader-ca-cert="$(cat /vault/userconfig/tls-secret/ca.crt)" --address "https://vault-1.vault-internal:8200" "https://vault-0.vault-internal:8200"
vault operator raft join -leader-ca-cert="$(cat /vault/userconfig/tls-secret/ca.crt)" --address "https://vault-2.vault-internal:8200" "https://vault-0.vault-internal:8200"
vault operator raft join -leader-ca-cert="$(cat /vault/userconfig/tls-secret/ca.crt)" --address "https://vault-3.vault-internal:8200" "https://vault-0.vault-internal:8200"
vault operator raft join -leader-ca-cert="$(cat /vault/userconfig/tls-secret/ca.crt)" --address "https://vault-4.vault-internal:8200" "https://vault-0.vault-internal:8200"
Terraform created GKE
gcloud container clusters get-credentials $(terraform output -raw kubernetes_cluster_name) --region $(terraform output -raw region)