I successfully installed vault using this configuration:
config: |
ui = true
listener "tcp" {
address = "0.0.0.0:8200"
cluster_address = "0.0.0.0:8201"
tls_cert_file = "/vault/userconfig/vault-tls/vault.crt"
tls_key_file = "/vault/userconfig/vault-tls/vault.key"
tls_client_ca_file = "/vault/userconfig/vault-tls/vault.ca"
}
storage "raft" {
path = "/vault/data"
}
service_registration "kubernetes" {}
And i can see that the services are up and running
kubectl describe service -n vault-foo
Name: vault
Namespace: vault-foo
Labels: app.kubernetes.io/instance=vault
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=vault
helm.sh/chart=vault-0.9.0
Annotations: meta.helm.sh/release-name: vault
meta.helm.sh/release-namespace: vault-foo
Selector: app.kubernetes.io/instance=vault,app.kubernetes.io/name=vault,component=server
Type: ClusterIP
IP Families: <none>
IP: 166.xx.77.152
IPs: <none>
Port: https 8200/TCP
TargetPort: 8200/TCP
Endpoints: 10.101.0.105:8200,10.101.0.189:8200,10.101.1.40:8200
Port: https-internal 8201/TCP
TargetPort: 8201/TCP
Endpoints: 10.101.0.105:8201,10.101.0.189:8201,10.101.1.40:8201
Session Affinity: None
Events: <none>
Name: vault-active
Namespace: vault-foo
Labels: app.kubernetes.io/instance=vault
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=vault
helm.sh/chart=vault-0.9.0
Annotations: meta.helm.sh/release-name: vault
meta.helm.sh/release-namespace: vault-foo
Selector: app.kubernetes.io/instance=vault,app.kubernetes.io/name=vault,component=server,vault-active=true
Type: ClusterIP
IP Families: <none>
IP: 166.xx.110.42
IPs: <none>
Port: https 8200/TCP
TargetPort: 8200/TCP
Endpoints: 10.101.0.105:8200,10.101.0.189:8200,10.101.1.40:8200
Port: https-internal 8201/TCP
TargetPort: 8201/TCP
Endpoints: 10.101.0.105:8201,10.101.0.189:8201,10.101.1.40:8201
Session Affinity: None
Events: <none>
Name: vault-agent-injector-svc
Namespace: vault-foo
Labels: app.kubernetes.io/instance=vault
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=vault-agent-injector
Annotations: meta.helm.sh/release-name: vault
meta.helm.sh/release-namespace: vault-foo
Selector: app.kubernetes.io/instance=vault,app.kubernetes.io/name=vault-agent-injector,component=webhook
Type: ClusterIP
IP Families: <none>
IP: 166.xx.0.58
IPs: <none>
Port: <unset> 443/TCP
TargetPort: 8080/TCP
Endpoints: 10.101.0.15:8080
Session Affinity: None
Events: <none>
Name: vault-internal
Namespace: vault-foo
Labels: app.kubernetes.io/instance=vault
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=vault
helm.sh/chart=vault-0.9.0
Annotations: meta.helm.sh/release-name: vault
meta.helm.sh/release-namespace: vault-foo
Selector: app.kubernetes.io/instance=vault,app.kubernetes.io/name=vault,component=server
Type: ClusterIP
IP Families: <none>
IP: None
IPs: <none>
Port: https 8200/TCP
TargetPort: 8200/TCP
Endpoints: 10.101.0.105:8200,10.101.0.189:8200,10.101.1.40:8200
Port: https-internal 8201/TCP
TargetPort: 8201/TCP
Endpoints: 10.101.0.105:8201,10.101.0.189:8201,10.101.1.40:8201
Session Affinity: None
Events: <none>
Name: vault-standby
Namespace: vault-foo
Labels: app.kubernetes.io/instance=vault
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=vault
helm.sh/chart=vault-0.9.0
Annotations: meta.helm.sh/release-name: vault
meta.helm.sh/release-namespace: vault-foo
Selector: app.kubernetes.io/instance=vault,app.kubernetes.io/name=vault,component=server,vault-active=false
Type: ClusterIP
IP Families: <none>
IP: 166.xx.70.141
IPs: <none>
Port: https 8200/TCP
TargetPort: 8200/TCP
Endpoints: <none>
Port: https-internal 8201/TCP
TargetPort: 8201/TCP
Endpoints: <none>
Session Affinity: None
Events: <none>
but now I stack and can't find any simple info on how to connect the vault API via HTTPS using the vault.ca.
Can someone point me the right documentation? ( again using HTTPS )
Thanks.
question from:
https://stackoverflow.com/questions/65868346/how-to-connect-vault-installed-on-kubernetes-using-https-api 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
