Vault setup & initial manual configuration

Vault
1

I am new to Vault and kubernetes and have a requirement to deploy vault on microk8s kubernetes cluster.
I’ve gone through the documentation to inject secret to application pod via Vault Agent sidecar.

There are couple of initialisations steps to be performed manually, like enabling authentication, secret engine, storing secret, polices and roles configuration. How can we deploy vault w/o any manual steps involved ?.

2

I would suggest using the Terraform Vault provider

or a configuration management solution like Ansible or Puppet.

Or, the old fashioned way, by bash scripting a wrapper around it.

3

Thank You!!

I was planing to configure auto unsealing and configuration via rest api from vault client.

Also, planning to use kubernetes service account authentication as I will be running vault in single node cluster (on-prem)

However, I am getting below error during authentication.

{“errors”:[“missing client token”]}

API request - curl --request POST --data @payload.json http://127.0.0.1:8200/v1/auth/kubernetes/login

json payload -

{
“role”: “dev-role”,
“jwt”: “eyJhbGciOiJSUzI1NiIsImtpZCI6ImJkZVdyRnM1MkNyWHdIekhXeWxsZ3IwN3FsN1p4aUZIeWFHZVd0M3FJZGMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6InRlc3RzYS10b2tlbi1objU2NiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJ0ZXN0c2EiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI0ZGZjYjY3NC1hY2NjLTRiZmQtOTkyYi00MzhiMzc0ZmI1NWMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDp0ZXN0c2EifQ.XO-Uy2Mg9Avr1a2_7Edh_h0KH8eHvTO-ga-cLUKhkd8a1-SnYRTxBBb-iWh7_neeghHD7jqW0WOy6RPvTfYLm7eJ7ubDdpkMpRfXK3I6KGm_-3UozKvZHqFR7hMaBSATmjB31PyOsRY2RbtDAqRT8PwiGHpzTw2a9lsNVDhgjIHon6jkfO9rxeOQ08hxDbgj9f2VjHasXWdsbx8kY7I1VHmhXMbKqi8iXVy8Nv6rsrqT3Pb2OWn_zgosWdQ8IlZTULyfuQAWmfmuMIdiaAoN-f0ZAKskrqUCqe9_y5vjeYC5pnVtrzO7WvpO3f54KwP-SrM5hxNzdeK6FEFVryaqrg”
}

Am I missing something here ?

4

As the error message is mentioning, your curl command is missing the relevant token.

curl \
    --header "X-Vault-Token: $VAULT_TOKEN" \
    --request POST \
    --data @payload.json \ 
    http://127.0.0.1:8200/v1/auth/kubernetes/login
5

But I will be getting token in response to login request right ?

Also, as per documentation, login request should be as per below.

{
“role”: “dev-role”,
“jwt”: “eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9…”
}

$ curl
–request POST
–data @payload.json
http://127.0.0.1:8200/v1/auth/kubernetes/login

6

My fault. Ignore my post.