helm search repo hashicorp/vault
NAME CHART VERSION APP VERSION DESCRIPTION
hashicorp/vault 0.28.1 1.17.2 Official HashiCorp Vault Chart
hashicorp/vault-secrets-operator 0.9.0 0.9.0 Official Vault Secrets Operator Chart
kubectl exec vault-0 -- vault login $VAULT_ROOT_TOKENSuccess! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"again. Future Vault requests will automatically use this token.
Key Value
--- -----
token hvs.tLsjfeZiePgde8f5fwAVsCtO
token_accessor OESG7tyqJ9jxm4gQp9TK3vKd
token_duration ∞
token_renewable falsetoken_policies ["root"]identity_policies []policies ["root"]
kubectl exec vault-0 -- vault write int-in-k8s/intermediate/set-signed certificate=@/tmp/int-in-k8s.cert.pem
Key Value
--- -----
existing_issuers <nil>
existing_keys <nil>
imported_issuers [79ab0305-cd2d-cfa7-be78-dcde40a4eeb0 a463f347-7710-aeba-6ee3-cd0ececfb631]imported_keys <nil>
mapping map[79ab0305-cd2d-cfa7-be78-dcde40a4eeb0:a6a18e58-859b-d058-a770-b0681974852b a463f347-7710-aeba-6ee3-cd0ececfb631:]WARNING! The following warnings were returned from Vault:
* This mount hasn't configured any authority information access (AIA) fields; this may make it harder for systems to find missing certificates
in the chain or to validate revocation status of certificates. Consider
updating /config/urls or the newly generated issuer with this information.
kubectl get secrets
NAME TYPE DATA AGE
issuer-token-abcde kubernetes.io/service-account-token 3 13s
sh.helm.release.v1.vault.v1 helm.sh/release.v1 1761 17h
kubectl get certificate
NAME READY SECRET AGE
hellok8s-miyunda-com True hellok8s-miyunda-com-tls 5m43s
hellonerd-int-in-k8s-tls True hellonerd-int-in-k8s-tls 9s
kubectl describe certificate hellonerd-int-in-k8s-tls
Name: hellonerd-int-in-k8s-tls
Namespace: default
Labels: <none>
Annotations: <none>
API Version: cert-manager.io/v1
Kind: Certificate
Metadata:
Creation Timestamp: 2024-10-20T14:39:14Z
Generation: 1 Owner References:
API Version: networking.k8s.io/v1
Block Owner Deletion: true Controller: true Kind: Ingress
Name: kuard
UID: 31432297-7621-4b16-bcec-0c81044bb3d5
Resource Version: 5562 UID: b4eb5088-d60f-4739-9393-e64d7e1f1856
Spec:
Common Name: hellonerd.miyunda.com
Dns Names:
hellonerd.miyunda.com
Issuer Ref:
Group: cert-manager.io
Kind: Issuer
Name: int-in-k8s-issuer
Secret Name: hellonerd-int-in-k8s-tls
Usages:
digital signature
key encipherment
Status:
Conditions:
Last Transition Time: 2024-10-20T14:39:14Z
Message: Certificate is up to date and has not expired
Observed Generation: 1 Reason: Ready
Status: True
Type: Ready
Not After: 2024-10-23T14:39:14Z
Not Before: 2024-10-20T14:38:44Z
Renewal Time: 2024-10-22T14:39:04Z
Revision: 1Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Issuing 74s cert-manager-certificates-trigger Issuing certificate as Secret does not exist
Normal Generated 74s cert-manager-certificates-key-manager Stored new private key in temporary Secret resource "hellonerd-int-in-k8s-tls-ljkzh" Normal Requested 74s cert-manager-certificates-request-manager Created new CertificateRequest resource "hellonerd-int-in-k8s-tls-1" Normal Issuing 74s cert-manager-certificates-issuing The certificate has been successfully issued