Install a development Vault on Kubernetes
2 min read | by Jordi Prats
If you are using Vault for storing secrets, it is desirable to have a different Vault for testing, CI and development. Having to setup an alternate production-grade Vault can be just not worth it (specially for volatile environments)
For local environments it comes handy to use the dev server mode, for Kubernetes we can use the pet2cattle/helm-testvault to deploy it as an in-cluster service
To deploy the test vault we can use the following helm commands:
helm repo add testvault https://pet2cattle.github.io/helm-testvault/
helm install testvault testvault/testvault -n testvault --create-namespace
Once deployed, we'll be able to see how it's going to create a ClusterIP service:
$ kubectl get service -n testvault
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
testvault ClusterIP 10.108.186.52 <none> 80/TCP 67s
And deploy the Vault itself using a Deployment and a Pod that can be used to interact with the vault server:
$ kubectl get pods -n testvault
NAME READY STATUS RESTARTS AGE
testvault-7cf646bf95-rkznq 1/1 Running 0 14s
testvault-vaultcli 1/1 Running 0 14s
The vaultcli Pod points to http://testvault:80:
$ kubectl get pod testvault-vaultcli -n testvault -o yaml
apiVersion: v1
kind: Pod
(...)
spec:
containers:
- command:
- sleep
- 24h
env:
- name: VAULT_ADDR
value: http://testvault:80
image: vault
(...)
But if you need to access it from another namespace, you are gonna need to specify the namespace (or use the FQDN following the Kubernetes DNS naming schema):
http://testvault.testvault
The root access token is test, so you can use the following kubectl exec command to login to vault and create an initial secret:
kubectl exec -it testvault-vaultcli -n testvault -- sh -c "echo test | vault login -; vault kv put -mount=secret demo hello=world; vault kv get -mount=secret demo"
Posted on 22/09/2022