Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

\uD83D\uDCD8 Instructions

  1. Install Vault:

  2. git clone https://github.com/hashicorp-education/learn-vault-secrets-operator.git

  3. cd learn-vault-secrets-operator

  4. helm repo add hashicorp https://helm.releases.hashicorp.com

  5. helm repo update hashicorp

  6. helm install vault hashicorp/vault -n vault --create-namespace --values vault/vault-values.yaml

  7. Convert the license and copy to the vault:

    cat hivemq.lic | base64 > hivemq.lic.b64
kubectl cp hivemq.lic.b64 vault-0:/tmp/hivemq.lic.b64

  8. Attach to the Vault:

  9. kubectl exec --stdin=true --tty=true vault-0 -n vault -- /bin/sh

  10. Run in the vault:

  11. Verify you have “root” token:

    vault token lookup
#Key                 Value
#---                 -----
#accessor            ma6KC5nhNdTmANzeco0Evtdm
#creation_time       1707226849
#creation_ttl        0s
#display_name        token
#entity_id           n/a
#expire_time         <nil>
#explicit_max_ttl    0s
#id                  root
#issue_time          2024-02-06T13:40:49.967795042Z
#meta                <nil>
#num_uses            0
#orphan              true
#path                auth/token/create
#policies            [root]
#renewable           false
#ttl                 0s
#type                service

  12. Enable secrets on the path:

    vault secrets enable -path=hivemq-mqtt/obc-poc/opt/hivemq/license kv-v2
#Success! Enabled the kv-v2 secrets engine at: hivemq-mqtt/obc-poc/opt/hivemq/license/

  13. Put the content of the base64 encoded file to the vault secret at the path:

    vault kv put hivemq-mqtt/obc-poc/opt/hivemq/license/hivemq.lic.b64 mydata="$(cat /tmp/hivemq.lic.b64)"
#======================= Secret Path =======================
#hivemq-mqtt/obc-poc/opt/hivemq/license/data/hivemq.lic.b64
#
#======= Metadata =======
#Key                Value
#---                -----
#created_time       2024-02-06T17:22:44.720536373Z
#custom_metadata    <nil>
#deletion_time      n/a
#destroyed          false
#version            2


vault kv list hivemq-mqtt/obc-poc/opt/hivemq/license/
#Keys
#----
#hivemq.lic.b64

  14. List vault secrets at the path:

    vault kv list hivemq-mqtt/obc-poc/opt/hivemq/license/
#Keys
#----
#hivemq.lic.b64

  15. Exit from the vault container exit

  16. Consult-template.hcl file:

  17. Edit the hivemq-operator/values.yaml and add the sidecar:

    hivemq:
  # Custom container spec to add to the HiveMQ Pod
  sidecars:
    - name: consul-template-container
      image: hashicorp/consul-template:latest
      command: [ "consul-template",  "-config", "/hivemq-data/conf/consul-template.hcl" ]
      #command: [ "consul-template",  "-version" ]
      env:
        - name: TARGET_ENV
          value: hivemq-mqtt/obc-poc
      volumeMounts:
        - name: consul-template-files
          mountPath: /hivemq-data/conf
  # Custom init container specs to add to the HiveMQ Pod. This is an extension of the initialization field. In comparison, this field does not have any defaults but allows for more granular configuration using the full K8s Container API
  initContainers: []

  18. Edit the hivemq-operator/values.yaml and add the volume with consul-template.hcl

    hivemq:
  # Additional volumes to add to the HiveMQ Pod
  additionalVolumes:
    - name: consul-template-files
      configMap:
        name: consul-template-files

  19. Create the configMap with consul-template-files

    kubectl create configmap consul-template-files -n hivemq --from-file consul-template.hcl

  20. Install hivemq helm upgrade hivemq --install hivemq/hivemq-operator -n hivemq -f hivemq-operator/values.yam

  21. TODO: continue


🐈

Filter by label

There are no items with the selected labels at this time.

  • No labels