Integrate k8s with cert-maanger and vault (by quqi99)

作者：张华 发表于：2020-05-21
版权声明：可以任意转载，转载时请务必以超链接形式标明文章原始出处和作者信息及本版权声明

#install vault
#https://ubuntu.com/kubernetes/docs/using-vault
#https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/app-certificate-management.html
#https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/app-vault.html
#./generate-bundle.sh -s bionic --create-model --name k8s --run
wget https://raw.githubusercontent.com/charmed-kubernetes/bundle/master/overlays/vault-pki-overlay.yaml
./generate-bundle.sh -s bionic --name k8s
juju add-model k8s && juju deploy ... --overlay ./vault-pki-overlay.yaml ...
juju status vault-ca
$ cat vault-pki-overlay.yaml 
applications:
  easyrsa: null
  vault:
    charm: cs:~openstack-charmers-next/vault
    num_units: 1
    options:
      auto-generate-root-ca-cert: true
  percona-cluster:
    charm: cs:percona-cluster
    num_units: 1
relations:
- - kubernetes-master:certificates
  - vault:certifi