Vault

How to use an on premise kubernetes cluster with vault

NOTE that in the following instructions it is left to the user to manage, backup and restore the vault installation once it has been installed.

For production workloads we recommend you use a cloud provider secret store or Vault as a service. Managing on premise vault instances is undifferentiated heavy lifting that should be outsourced to a cloud provider if you can.

Prerequisites

The prerequisites are the same as regular on premise kubernetes around having a kubernetes cluster with ingress and storage

The difference is for vault:

cd infra
helmfile sync
sleep 20
jx secret vault port-forward&
jx secret vault wait
  • if that succeeds you should have a vault instance running in the jx-vault namespace

  • find out what your ingress domain is for your cluster then modify the jx-requirements.yml file and modify the ingress.domain section…

cluster:
...
ingress:
  domain: mydomain.com
...
  • verify your cluster does not already have an nginx installation. If it does then please remove the nginx line from your helmfile.yaml file and remove the helmfiles/nginx files. If you are using a custom nginx installation then you will need to figure out your domain by hand and won’t be able to let Jenkins X detect the load balancer IP from its included nginx installation.

  • git add, commit and push your changes:

git add *
git commit -a -m "fix: added domain"
git push origin master
  • ensure you are connected to your cluster so you can run the following kubectl commands
kubectl get ns
kubectl get node      
jx ns jx