在开发模式下安装 helm chart 后如何登录到 vault UI
How to login to vault UI after installing helm chart in dev mode
我已经按照指南在 kubernetes 中安装了 vault:
https://learn.hashicorp.com/vault/kubernetes/sidecar
helm repo add hashicorp https://helm.releases.hashicorp.com
helm install vault hashicorp/vault --set "server.dev.enabled=true"
这份文件表明我应该使用 root 访问令牌:https://learn.hashicorp.com/vault/getting-started/ui
但是,如果安装和自动解包是在 k8s 内部完成的,我该如何获取 root 访问令牌?
似乎没有创建任何秘密来存储此凭据。我想 hashicorp 团队会将其标记为不安全。
但是如何获得根令牌呢?
当您 运行 保管库处于开发模式时,保管库会自动初始化和解封。您可以通过 运行ning
查看日志
$ kubectl logs -f vault-0
==> Vault server configuration:
Api Address: http://172.18.0.9:8200
Cgo: disabled
Cluster Address: https://vault-0.vault-internal:8201
Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Log Level: info
Mlock: supported: true, enabled: false
Recovery Mode: false
Storage: inmem
Version: Vault v1.4.2
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.
You may need to set the following environment variable:
$ export VAULT_ADDR='http://0.0.0.0:8200'
The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: NINZtDfRBIogOqHQx1hRNhTXTzhAVf9ZqKxNcEKiMyo=
Root Token: root <-- this is the root token
我已经按照指南在 kubernetes 中安装了 vault: https://learn.hashicorp.com/vault/kubernetes/sidecar
helm repo add hashicorp https://helm.releases.hashicorp.com
helm install vault hashicorp/vault --set "server.dev.enabled=true"
这份文件表明我应该使用 root 访问令牌:https://learn.hashicorp.com/vault/getting-started/ui
但是,如果安装和自动解包是在 k8s 内部完成的,我该如何获取 root 访问令牌?
似乎没有创建任何秘密来存储此凭据。我想 hashicorp 团队会将其标记为不安全。
但是如何获得根令牌呢?
当您 运行 保管库处于开发模式时,保管库会自动初始化和解封。您可以通过 运行ning
查看日志$ kubectl logs -f vault-0
==> Vault server configuration:
Api Address: http://172.18.0.9:8200
Cgo: disabled
Cluster Address: https://vault-0.vault-internal:8201
Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Log Level: info
Mlock: supported: true, enabled: false
Recovery Mode: false
Storage: inmem
Version: Vault v1.4.2
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.
You may need to set the following environment variable:
$ export VAULT_ADDR='http://0.0.0.0:8200'
The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: NINZtDfRBIogOqHQx1hRNhTXTzhAVf9ZqKxNcEKiMyo=
Root Token: root <-- this is the root token