Scenario 2 - Running Vault inside the mesh
To run Vault inside the mesh, complete the following steps.
Note: These instructions assume that you have Scenario 1 up and running, and modifying it to run Vault inside the mesh.
Turn off Istio in the
appnamespace by removing the
kubectl label namespace app istio-injection- kubectl label namespace vault istio-injection=enabled
Delete the Vault pods in the
vaultnamespace, so they will get recreated with the
kubectl delete pods --all -n vault
Check that they both come back with an extra container (4/4 and 2/2 now):
kubectl get pods -n vault
NAME READY STATUS RESTARTS AGE vault-0 4/4 Running 0 1m vault-configurer-6d9b98c856-l4flc 2/2 Running 0 1m
Delete the application pods in the
appnamespace, so they will get recreated without the
kubectl delete pods --all -n app
The app pod got recreated with only the
app container (1/1) and Vault access still works:
kubectl get pods -n app
NAME READY STATUS RESTARTS AGE app-5df5686c4-4n6r7 1/1 Running 0 71s
kubectl logs -f -n app deployment/app
time="2020-02-18T14:41:20Z" level=info msg="Received new Vault token" time="2020-02-18T14:41:20Z" level=info msg="Initial Vault token arrived" s3cr3t going to sleep...