This is a modified version of Brian Kassouf's repo: vault-kubernetes-demo.
Updates in this fork:

• Using application specific namespaces
• Updated main.go application to read Environment variables
• Updated Vault CLI commands

Important: this is a demo. Please do not use this in production.

This is a demo on how to setup the Vault Kubernetes Auth method. The guide will provide steps to configure a Kubernetes Auth method, create service accounts in Kubernetes and run demo applications on Kubernetes that can successfully authenticate to Vault and retrieve a secret.

• Vault server (>0.9.0), and a root or administrative token. There are a few ways to deploy Vault, below are some options.
  • To deploy a Vault server on a VM please see the Vault getting started guide.
  • To deploy a Vault server on Kubernetes, pelase see k8s-vault/README.md.
  • The easiest way is to deploy it using a Docker command as below:

docker rm -f dev-vault
VAULT_VERSION=1.2.0 docker run -p 8200:8200 --cap-add=IPC_LOCK -e 'VAULT_DEV_ROOT_TOKEN_ID=devroottoken' -d --name=dev-vault "vault:${VAULT_VERSION}"
export VAULT_ADDR="http://localhost:8200"; export VAULT_TOKEN="devroottoken"
vault status

• Existing Kubernetes cluster. This guide has beek tested on GKE and OpenShift.
• Connectivity between Vault and K8S
• The ca.crt file from Kubernetes cluster creation

Example validation commands:

vault --version
# Ensure VAULT_ADDR and VAULT_TOKEN environment variables are exported correctly:
vault token lookup
kubectl cluster-info
kubectl get nodes

Git clone this repo using the command below and follow README guides:

git clone https://github.com/kawsark/vault-kubernetes-demo.git
cd vault-kubernetes-demo

This guide has a few parts:

1. Configure Kubernetes
2. Configure Vault server
3. Deploy the basic example
4. Deploy the sidecar example Note: pending updates
5. Deploy the AWS secrets engine example Note: pending updates