linux安裝工具指令
curl -s -L -o /bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
curl -s -L -o /bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
curl -s -L -o /bin/cfssl-certinfo https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x /bin/cfssl*
sudo yum install -y wget unzip
export VER="1.8.0"
wget https://releases.hashicorp.com/consul/${VER}/consul_${VER}_linux_amd64.zip
unzip consul_${VER}_linux_amd64.zip
sudo mv consul /usr/local/bin/
wget https://releases.hashicorp.com/vault/1.5.3/vault_1.5.3_linux_amd64.zip
unzip vault_1.5.3_linux_amd64.zip
mv vault /usr/bin
vault
mac安裝工具指令
brew install cfssl brew install consul brew install vault
下載vault建置的相關檔案
git clone https://github.com/testdrivenio/vault-consul-kubernetes.git
產生TLS key
cfssl gencert -initca certs/config/ca-csr.json | cfssljson -bare certs/ca
建立consul及vault的key
$ cfssl gencert \ -ca=certs/ca.pem \ -ca-key=certs/ca-key.pem \ -config=certs/config/ca-config.json \ -profile=default \ certs/config/consul-csr.json | cfssljson -bare certs/consul $ cfssl gencert \ -ca=certs/ca.pem \ -ca-key=certs/ca-key.pem \ -config=certs/config/ca-config.json \ -profile=default \ certs/config/vault-csr.json | cfssljson -bare certs/vault
建立保險箱
sh create.sh
開啟本地https://127.0.0.1:8200
5把key至少要2把才能開
下載key(要保存好)然後繼續
輸入兩次兩把不同的key(使用base64加密的)
輸入root_token key
登入後台
登入看狀態
$ export VAULT_ADDR=https://127.0.0.1:8200
$ export VAULT_CACERT="certs/ca.pem"
$ kubectl get pods
$ vault status
參考文章