Bootstrapping kubernetes auth method
Important Note: This chart is not compatible with Helm 2. Please use Helm 3.6+ with this chart.
In this example, we will walk through how to set up the Kubernetes Auth Method.
This assumes the following commands will be run inside a Vault pod running in Kubernetes.
You will optionally need the following variables:
# JWT is a service account token that has access to the kubernetes TokenReview API# You can retrieve this from inside a pod at: /var/run/secrets/kubernetes.io/serviceaccount/tokenJWT=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) # Address of kubernetes itself as viewed from inside a running podKUBERNETES_HOST=https://${KUBERNETES_PORT_443_TCP_ADDR}:443 # Kubernetes internal CAKUBERNETES_CA_CERT=$(cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt)
Exec into the Vault pod:
kubectl exec -it vault-0 /bin/sh
Then run the following command to configure the Kubernetes Auth Method:
vault write auth/kubernetes/config \ token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ kubernetes_host=https://${KUBERNETES_PORT_443_TCP_ADDR}:443 \ kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
From here you can continue to configure Vault from the Kubernetes Auth Method documentation.