■ ■ ■ ■ ■ ■
k8s-vault-minkube-start.sh
| skipped 35 lines |
36 | 36 | | helm repo add hashicorp https://helm.releases.hashicorp.com |
37 | 37 | | fi |
38 | 38 | | kubectl create ns vault |
39 | | - | helm upgrade --install vault hashicorp/vault --version 0.23.0 --namespace vault --values k8s/helm-vault-values.yml |
40 | | - | |
41 | | - | isvaultrunning=$(kubectl get pods -n vault --field-selector=status.phase=Running) |
42 | | - | while [[ $isvaultrunning != *"vault-0"* ]]; do echo "waiting for Vault1" && sleep 2 && isvaultrunning=$(kubectl get pods -n vault --field-selector=status.phase=Running); done |
43 | | - | while [[ $isvaultrunning != *"vault-1"* ]]; do echo "waiting for Vault2" && sleep 2 && isvaultrunning=$(kubectl get pods -n vault --field-selector=status.phase=Running); done |
44 | | - | while [[ $isvaultrunning != *"vault-2"* ]]; do echo "waiting for Vault3" && sleep 2 && isvaultrunning=$(kubectl get pods -n vault --field-selector=status.phase=Running); done |
| 39 | + | helm install vault hashicorp/vault \ |
| 40 | + | --set='server.ha.enabled=true' \ |
| 41 | + | --set='server.ha.raft.enabled=true' \ |
| 42 | + | --namespace vault |
| 43 | + | isvaultpending=$(kubectl get pods -n vault --field-selector=status.phase=Running) |
| 44 | + | while [[ $isvaultrunning != *"vault-0"* ]]; do echo "waiting for Vault1" && sleep 2 && isvaultrunning=$(kubectl get pods -n vault --field-selector=status.phase=Pending); done |
| 45 | + | while [[ $isvaultrunning != *"vault-1"* ]]; do echo "waiting for Vault2" && sleep 2 && isvaultrunning=$(kubectl get pods -n vault --field-selector=status.phase=Pending); done |
| 46 | + | while [[ $isvaultrunning != *"vault-2"* ]]; do echo "waiting for Vault3" && sleep 2 && isvaultrunning=$(kubectl get pods -n vault --field-selector=status.phase=Pending); done |
45 | 47 | | echo "Setting up port forwarding" |
46 | 48 | | kubectl port-forward vault-0 8200:8200 -n vault & |
47 | 49 | | echo "Unsealing Vault" |
| skipped 5 lines |
53 | 55 | | echo "PLEASE COPY PASTE THE FOLLOWING VALUE: ${VAULT_UNSEAL_KEY} , you will be asked for it 3 times to unseal the vaults" |
54 | 56 | | |
55 | 57 | | kubectl exec -it vault-0 -n vault -- vault operator unseal $VAULT_UNSEAL_KEY |
| 58 | + | kubectl exec -ti vault-1 -- vault operator raft join http://vault-0.vault:8200 |
56 | 59 | | kubectl exec -it vault-1 -n vault -- vault operator unseal $VAULT_UNSEAL_KEY |
| 60 | + | kubectl exec -ti vault-2 -- vault operator raft join http://vault-0.vault:8200 |
57 | 61 | | kubectl exec -it vault-2 -n vault -- vault operator unseal $VAULT_UNSEAL_KEY |
58 | 62 | | |
59 | 63 | | |
| skipped 61 lines |