kubernetes
automation
101
argocd

Repository

kubectl create namespace base
helm repo add hashicorp https://helm.releases.hashicorp.com
helm -n base install base hashicorp/vault --values base/values.yaml
kubectl -n base exec -it base-vault-0 -- vault operator init

Unseal Key 1: ZjDlOfzThT71UjrYA9ejErGLeonZdKk9vdkNv4fHjflw
Unseal Key 2: 8zobbnPtHO1bVnmJXR8zRG2KKligspAJ2K1xaCPgqu60
Unseal Key 3: KI+o1Me0+yrLu6fK1gnKL832CWllOXQt1RIYG+d+wTxD
Unseal Key 4: /dXaFmxZ0KQ1b1VOkklpASlLhVEEHBOtkLp8u2w0s5tO
Unseal Key 5: 9CsMANN+ciPklMQTEYdDN/KbgijLV6D6mHNKUkaYgdnF

Initial Root Token: hvs.9UK61YKVNppyA127pfkQWsUU

Vault initialized with 5 key shares and a key threshold of 3. Please securely
distribute the key shares printed above. When the Vault is re-sealed,
restarted, or stopped, you must supply at least 3 of these keys to unseal it
before it can start servicing requests.

Vault does not store the generated root key. Without at least 3 keys to
reconstruct the root key, Vault will remain permanently sealed!

It is possible to generate new unseal keys, provided you have a quorum of
existing unseal keys shares. See "vault operator rekey" for more information.
kubectl -n base exec -ti base-vault-0 -- vault operator unseal <key-1>
kubectl -n base exec -ti base-vault-0 -- vault operator unseal <key-2>
kubectl -n base exec -ti base-vault-0 -- vault operator unseal <key-3>
kubectl -n base exec -it base-vault-0 -- sh
/ $ vault login token=<initial root token>
/ $ vault token create
Key                  Value
---                  -----
token                hvs.302Sazfzp1U8FGp93KKYdSsC
/ $ vault secrets enable -version=2 kv
/ $ vault kv put kv/test-secret foo=bar
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: argocd-vault-plugin-credentials
  namespace: argocd
type: Opaque
stringData:
  AVP_TYPE: vault
  AVP_AUTH_TYPE: token
  VAULT_ADDR: "http://$(kubectl -n base get service -o jsonpath='{.items[?(@.metadata.name == "base-vault")].spec.clusterIP}'):8200"
  VAULT_TOKEN: "hvs.302Sazfzp1U8FGp93KKYdSsC"
EOF
helm repo add argocd https://argoproj.github.io/argo-helm
helm -n argocd install argocd argocd
kubectl -n base exec -ti base-vault-0 -- sh
/ $ vault kv put kv/services/myservice/mysecret foo=bar
/ $ vault kv patch kv/services/myservice/mysecret foo2=bar2
/ $ vault kv get kv/services/myservice/mysecret
<path:kv/data/services/myservice/mysecret#foo>
kubectl config set-context --current --namespace=argocd
argocd app create -f main.yaml