2. More commands

k -n vault get po


helm uninstall vault -n vault

k -n vault delete  pvc data-vault-0 && k -n vault delete  pvc data-vault-1 && k -n vault delete  pvc data-vault-2

kubectl -n vault exec -it vault-0 -- sh

vault status

vault operator init

Recovery Key 1: HNIklRd8qUTjYWc2Z5Nb6j0pf/gWs1cHZ5EdvM8HiJxV
Recovery Key 2: 39GW0D2kGyyYzjo/DJQo6bLBFdl2byjB6sOqJrZycSbh
Recovery Key 3: UWWm7sfv0gp40vN45bgn3RGq46nwgSA7HjY5zqknCutr
Recovery Key 4: PPdY8hXrPu6ivH/fajou5KlwCV/kdGhq4zlehepGILDi
Recovery Key 5: UGM09jkX1BkjOY5AkaPMlFLoKv6vej5qQKEx1SsWD9ST

Initial Root Token: s.dyvqvmZeWgddY8Tdxk2G19Sy

export VAULT_TOKEN=s.mg25giPe5EscxCzJkmHUrixi

vault operator raft list-peers

vault operator raft join -leader-ca-cert="$(cat /vault/userconfig/vault-tls/vault_ca)" --address "https://vault-1.vault-internal:8200" "https://vault-0.vault-internal:8200"

vault operator raft join -leader-ca-cert="$(cat /vault/userconfig/vault-tls/vault_ca)" --address "https://vault-2.vault-internal:8200" "https://vault-0.vault-internal:8200" && vault operator raft list-peers

kubectl -n vault port-forward svc/vault 8200

vault operator init -recovery-shares=1 -recovery-threshold=1 -recovery-pgp-keys=/tmp/denis.asc

Initial Root Token: s.mg25giPe5EscxCzJkmHUrixi

ci_version: 1.11.0


vault kv list kv

./medusa import kv encrypted-vault-secrets --address="https://127.0.0.1:8200" --token="s.G8VkrnwCTJOBBqb7FadjieC8" --insecure --decrypt="true" --private-key="private-key.pem"

export VAULT_TOKEN=s.G8VkrnwCTJOBBqb7FadjieC8

uid: dbfe719a-fb47-43bc-9c46-00277bbbe425

2021-11-12T13:27:53.404Z [WARN]  service_registration.kubernetes: unable to set initial state due to PATCH https://10.209.8.1:443/api/v1/namespaces/vault/pods/vault-0 giving up after 1 attempt(s): bad status code: req method: PATCH, req url: https://10.209.8.1:443/api/v1/namespaces/vault/pods/vault-0, resp statuscode: 403, will retry

k apply -f ~/Altenar/HashicorpVault/lab/busybox.yaml

euwe1c0-gke002
10.209.8.0/22


kubectl create rolebinding vault-baseline-binding \
    --clusterrole=baseline-psp \
    --serviceaccount=vault:vault \
    --namespace=vault


cat <<EOF | kubectl apply -f -
#This role binding was created to resolve the problem with forbidden patch request from pods to the contol plane
#Details can be found in DOPS-3925
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: vault-baseline-binding
  namespace: vault
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: baseline-psp
subjects:
- kind: ServiceAccount
  name: vault
  namespace: vault
EOF
Previous1. Commands NextAuto-unseal
Last updated 3 years ago
Was this helpful?