2ab297a24f
Also added a partial for the helm version note.
47 lines
1.5 KiB
Plaintext
47 lines
1.5 KiB
Plaintext
---
|
|
layout: 'docs'
|
|
page_title: 'Using Kubernetes Auth Method'
|
|
sidebar_current: 'docs-platform-k8s-examples-kubernetes-auth'
|
|
description: |-
|
|
Describes how to set up Kubernetes Auth method
|
|
---
|
|
|
|
# Bootstrapping Kubernetes Auth Method
|
|
|
|
@include 'helm/version.mdx'
|
|
|
|
In this example, we will walk through how to set up the [Kubernetes Auth Method](/docs/auth/kubernetes).
|
|
|
|
This assumes the following commands will be run inside a Vault pod running in Kubernetes.
|
|
|
|
You will optionally need the following variables:
|
|
|
|
```bash
|
|
# JWT is a service account token that has access to the Kubernetes TokenReview API
|
|
# You can retrieve this from inside a pod at: /var/run/secrets/kubernetes.io/serviceaccount/token
|
|
JWT=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
|
|
|
|
# Address of Kubernetes itself as viewed from inside a running pod
|
|
KUBERNETES_HOST=https://${KUBERNETES_PORT_443_TCP_ADDR}:443
|
|
|
|
# Kubernetes internal CA
|
|
KUBERNETES_CA_CERT=$(cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt)
|
|
```
|
|
|
|
Exec into the Vault pod:
|
|
|
|
```bash
|
|
kubectl exec -it vault-0 /bin/sh
|
|
```
|
|
|
|
Then run the following command to configure the Kubernetes Auth Method:
|
|
|
|
```bash
|
|
vault write auth/kubernetes/config \
|
|
token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
|
|
kubernetes_host=https://${KUBERNETES_PORT_443_TCP_ADDR}:443 \
|
|
kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
```
|
|
|
|
From here you can continue to configure Vault from the [Kubernetes Auth Method](/docs/auth/kubernetes) documentation.
|