This repo provides a demo non prodcution app that works with HashiCorp Vault
Deploy this follow these steps
Edit the Variables to suit your envrioment and account detail
- clone this repo
- Run Terrafom init
- Run Terraform apply
Once the apply is compelete connect to your Kubenetes envrioment via your cloud shell and verify the pods are up using kubectl get pods
Now
- clone this repo into your shell https://github.com/dawright22/app_stack.git
- change into this repo and run ./full_stack_deploy.sh
If you are new to TFC, complete this tutorial: https://learn.hashicorp.com/collections/terraform/cloud-get-started
- Fork this repo
- Set Up your TFC Account and Organization
- Create a new Workspace and select the "Version control workflow"
- Choose the repo you forked
- Update Variables
- Queue and Run the plan
- Once the apply is compelete connect to your Kubenetes envrioment via your cloud shell and verify the pods are up using kubectl get pods
Retrieve and update the Variables in TFC Review variables.tf
Create a Service Principal in Azure: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret
What you will require:
{
"appId": "00000000-0000-0000-0000-000000000000",
"displayName": "azure-cli-2017-06-05-10-41-15",
"name": "http://azure-cli-2017-06-05-10-41-15",
"password": "0000-0000-0000-0000-000000000000",
"tenant": "00000000-0000-0000-0000-000000000000"
}
Add Terraform Variables
appId : "<appId>"
password : "<password>"`
Add Environment Variables
ARM_SUBSCRIPTION_ID : "<subscription-id>"
ARM_TENANT_ID : "<tenant>"
ARM_CLIENT_SECRET : "<password>"
ARM_CLIENT_ID : "<appId>"
Connecting to Cloud K8s Environment
Navigate to Kubernetes services then select your newly created cluster and select the connect button and connect via the Cloud Shell
Note: If you do not know what is your cluster name, refer to TFC's workspace output
- Run
kubectl get pods
and see that Terraform has used helm to install Vault in the cluster - Clone this repo into your shell
git clone https://github.com/dawright22/app_stack.git
- cd into the app_stack directory and run
./full_stack_deploy.sh
- Running
kubectl get svc
will show the ip address to connect to for both the demo application and vault UI
A standalone vault instance that can be either OSS (default) or Enterprise to demonstrate dynamic user credentials and trasit data encryption as a service
You can connect to the Vault UI and see the secrets engines enabled using http://<EXTERNAL_IP:8200>
You will need to login in using the ROOT TOKEN from the init.json file located in app_stack/vault/init.json to authenticate
Steps to retrieve external IP:
- Run
kubectl get svc
in the Azure Cloud Shell - Connect to the Vault UI and see the secrets engines enabled using http://<EXTERNAL-IP:8200>
it should look like this:
Execute kubectl get svc transit-app
to see the ip address to connect too
You can connect to the app UI and add or change record using http://<EXTERNAL_IP:5000>
in the app_stack repo run the ./cleanup.sh
- Using the Azure Cloud Shell, in the app_stack repo run the ./cleanup.sh
- Using TFC, Settings > Destruction and Deletion > Queue destroy plan