Bootstrapping kubernetes auth method
Important Note: This chart is not compatible with Helm 2. Please use Helm 3.6+ with this chart.
In this example, we will walk through how to set up the Kubernetes Auth Method.
This assumes the following commands will be run inside a Vault pod running in Kubernetes.
You will optionally need the following variables:
# JWT is a service account token that has access to the kubernetes TokenReview API# You can retrieve this from inside a pod at: /var/run/secrets/kubernetes.io/serviceaccount/tokenJWT=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) # Address of kubernetes itself as viewed from inside a running podKUBERNETES_HOST=https://${KUBERNETES_PORT_443_TCP_ADDR}:443 # Kubernetes internal CAKUBERNETES_CA_CERT=$(cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt)Exec into the Vault pod:
kubectl exec -it vault-0 -- /bin/shIf you didn't set server.dev.enabled=true, you'll need to log in to Vault first using vault login.
Then run the following commands to configure the Kubernetes Auth Method:
vault auth enable kubernetesvault write auth/kubernetes/config \ kubernetes_host=https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORTFrom here you can continue to configure Vault from the Kubernetes Auth Method documentation.