I am new to Vault and kubernetes and have a requirement to deploy vault on microk8s kubernetes cluster.
I’ve gone through the documentation to inject secret to application pod via Vault Agent sidecar.
There are couple of initialisations steps to be performed manually, like enabling authentication, secret engine, storing secret, polices and roles configuration. How can we deploy vault w/o any manual steps involved ?.
I would suggest using the Terraform Vault provider
or a configuration management solution like Ansible or Puppet.
Or, the old fashioned way, by bash scripting a wrapper around it.
Thank You!!
I was planing to configure auto unsealing and configuration via rest api from vault client.
Also, planning to use kubernetes service account authentication as I will be running vault in single node cluster (on-prem)
However, I am getting below error during authentication.
{“errors”:[“missing client token”]}
API request - curl --request POST --data @payload.json http://127.0.0.1:8200/v1/auth/kubernetes/login
json payload -
{
“role”: “dev-role”,
“jwt”: “eyJhbGciOiJSUzI1NiIsImtpZCI6ImJkZVdyRnM1MkNyWHdIekhXeWxsZ3IwN3FsN1p4aUZIeWFHZVd0M3FJZGMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6InRlc3RzYS10b2tlbi1objU2NiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJ0ZXN0c2EiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI0ZGZjYjY3NC1hY2NjLTRiZmQtOTkyYi00MzhiMzc0ZmI1NWMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDp0ZXN0c2EifQ.XO-Uy2Mg9Avr1a2_7Edh_h0KH8eHvTO-ga-cLUKhkd8a1-SnYRTxBBb-iWh7_neeghHD7jqW0WOy6RPvTfYLm7eJ7ubDdpkMpRfXK3I6KGm_-3UozKvZHqFR7hMaBSATmjB31PyOsRY2RbtDAqRT8PwiGHpzTw2a9lsNVDhgjIHon6jkfO9rxeOQ08hxDbgj9f2VjHasXWdsbx8kY7I1VHmhXMbKqi8iXVy8Nv6rsrqT3Pb2OWn_zgosWdQ8IlZTULyfuQAWmfmuMIdiaAoN-f0ZAKskrqUCqe9_y5vjeYC5pnVtrzO7WvpO3f54KwP-SrM5hxNzdeK6FEFVryaqrg”
}
Am I missing something here ?
As the error message is mentioning, your curl command is missing the relevant token.
curl \
--header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/auth/kubernetes/login
But I will be getting token in response to login request right ?
Also, as per documentation, login request should be as per below.
{
“role”: “dev-role”,
“jwt”: “eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9…”
}
$ curl
–request POST
–data @payload.json
http://127.0.0.1:8200/v1/auth/kubernetes/login
My fault. Ignore my post.