vault-helper

command module
v0.0.0-...-5169047 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 26, 2019 License: Apache-2.0 Imports: 2 Imported by: 0

README

Vault Helper

This is tool is designed to automate PKI tasks for Tarmak using Hashicorp's Vault as a backend.

vault-helper is designed to first run setup. This will ensure all CA backends are mounted to the Vault server before applying roles and policies. This process is idempotent.

renew-token ensures that if an init token is present in file, a new token will be generated from that init token. This new token will be stored, deleting the init token. If a token has already been generated, this token will be renewed agaisnt the Vault server.

cert ensures that a private key has been generated and written to file. After which cert will verify stored certificates against Vault. If unsucessful, will issue a Certificate Signing Request to the Vault server using this private key. The responding signed certificate is then stored at the given path.

kubeconfig will apply cert before encoding the certificates and private key into a stored yaml file at the given path.

setup, cert, read and kubeconfig will all apply a renew-token with the given token before continuing if successful.

dev-server is used only to set up a local development evnironment for testing.

vault-helper Usage

Available Commands:
  cert        Create local key to generate a CSR. Call vault with CSR for specified cert role.
  dev-server  Run a vault server in development mode with kubernetes PKI created.
  help        Help about any command
  kubeconfig  Create local key to generate a CSR. Call vault with CSR for specified cert role. Write kubeconfig to yaml file.
  read        Read arbitrary vault path. If no output file specified, output to console.
  renew-token Renew token on vault server.
  setup       Setup kubernetes on a running vault server.
  version     Print the version number of vault-helper.

Flags:
  -h, --help            help for vault-helper
  -l, --log-level int   Set the log level of output. 0-Fatal 1-Info 2-Debug (default 1)

Use "vault-helper [command] --help" for more information about a command.

Vault Environment Variables

vault-helper requires the correct Vault environment variables to be set, for example:

$ export VAULT_ADDR=http://127.0.0.1:8200

Command Examples

setup
$ vault-helper setup cluster-name
renew-token
$ vault-helper renew-token --init_role=cluster-name-master
cert
$ vault-helper cert cluster-name/pki/k8s/sign/kube-apiserver k8s /etc/vault/name

Documentation

Overview

Copyright Jetstack Ltd. See LICENSE for details.

Directories

Path Synopsis
hack
pkg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL