incitatus 联合开发网

Pudn.com > 下载中心 > 微服务 > incitatus

incitatus

所属分类：微服务
开发工具：HCL
文件大小：12KB
下载次数：0
上传日期：2017-01-15 12:35:15
上传者：sh-1993

说明： Hasicorp Vault、Vault控制器和Caligula部署的K8s清单
(K8s Manifests for Hasicorp Vault, Vault-Controller and Caligula Deployment)

文件列表:

LICENSE (11357, 2017-01-15)
demo-apache (0, 2017-01-15)
demo-apache\templates (0, 2017-01-15)
demo-apache\templates\apache-configmap.yaml (3902, 2017-01-15)
demo-apache\templates\apache-deployment.yaml (4946, 2017-01-15)
demo-apache\templates\apache-service.yaml (175, 2017-01-15)
demo-client (0, 2017-01-15)
demo-client\templates (0, 2017-01-15)
demo-client\templates\client.yaml (3804, 2017-01-15)
policy.hcl (377, 2017-01-15)
vault-controller (0, 2017-01-15)
vault-controller\templates (0, 2017-01-15)
vault-controller\templates\vault-controller-deployment.yaml (897, 2017-01-15)
vault-controller\templates\vault-controller-service.yaml (203, 2017-01-15)
vault (0, 2017-01-15)
vault\templates (0, 2017-01-15)
vault\templates\vault-deployment.yaml (407, 2017-01-15)
vault\templates\vault-service.yaml (174, 2017-01-15)

# Quickstart ``` kubectl create namespace incitatus ``` ## Deploy Vault ``` kubectl --namespace incitatus create -R -f vault ``` ## Deploy Vault Controller ``` kubectl -n incitatus \ create secret generic vault-controller \ --from-literal "vault_token=3e4a5ba1-kube-422b-d1db-844979cab0***" kubectl --namespace incitatus create -R -f vault-controller ``` ## Setup CA ``` kubectl -n incitatus port-forward \ $(kubectl -n incitatus \ get pods -l app=vault \ -o jsonpath='{.items[0].metadata.name}') \ 8201:8200 & export VAULT_ADDR="http://127.0.0.1:8201" export VAULT_TOKEN="3e4a5ba1-kube-422b-d1db-844979cab0***" vault status vault mount pki #Generate a root certificate: vault mount-tune -max-lease-ttl=87600h pki vault write pki/root/generate/internal common_name=cluster.local ttl=87600h vault write pki/config/urls issuing_certificates="http://vault.incitatus.svc.cluster.local:8200/v1/pki/ca" vault write pki/config/urls issuing_certificates="http://vault.incitatus.svc.cluster.local:8200/v1/pki/ca" \ crl_distribution_points="http://vault.incitatus.svc.cluster.local:8200/v1/pki/crl" #Create the client PKI role: vault write pki/roles/client \ allowed_domains="cluster.local" \ allow_subdomains="true" \ client_flag="true" \ max_ttl="72h" \ server_flag="false" #Create the server PKI role: vault write pki/roles/server \ allow_any_name="true" \ allowed_domains="cluster.local" \ allow_subdomains="true" \ client_flag="false" \ max_ttl="72h" \ enforce_hostnames="false" \ server_flag="true" # Create a Vault Policy vault policy-write microservice ./policy.hcl ``` ## Deploy the Server Service ``` kubectl --namespace incitatus create -R -f demo-apache ``` ## Deploy the client ``` kubectl --namespace incitatus create -R -f demo-client ```

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：