Giter Club home page Giter Club logo

hashitalks-2021's Introduction

hashitalks-2021

This is the project that I used for HashiTalks 2021 on Spring Cloud and Vault.

This project includes a demo on how to consume Vault Dynamic MySQL database credentials in a Spring App using annotations. The deployment uses Waypoint to deploy to Docker for Mac as well as Docker for Mac Kubernetes.

Demo Steps

  1. Start Vault, MySQL, Waypoint, and Kubernetes
cd ./scripts/vault/
./start-vault.sh
cd ../mysql/
./start-mysql.sh
cd ../waypoint/
./start-waypoint.sh
cd ../
  1. Configure Vault
cd ./vault/
./configure-vault.sh
cd ../../

Vault Token Authentication with Docker

  1. Get the root token from the output file
cat /tmp/vault-output.txt | grep "Root Token"

Copy the root token to the spring.cloud.vault.token value in ./src/main/resources/bootstrap.yml file.

  1. Initialize Waypoint
waypoint init
  1. Run the build/deploy
waypoint up

Open the deployment URL and view the page.

Vault Kubernetes Authentication with Kubernetes

  1. Reconfigure bootstrap.yml to use Kubernetes authentication
...
    # authentication: TOKEN
    # token: s.D6Zb5rPAYXcvuze6FR2I0GZL

    authentication: KUBERNETES
    kubernetes:
      role: app
      kubernetes-path: kubernetes
...
  1. Reconfigure waypoint.hcl to deploy and release to Kubernetes
...
  deploy {
    /*use "docker" {
      service_port = 8080
    }*/
    use "kubernetes" {
      service_port = 8080
      service_account = "vault-auth"
    }
  }

  release {
    use "kubernetes" {
      load_balancer = true
    }
  }
...
  1. Run the build/deploy
waypoint up

Open the release URL (should be http://localhost) and view the page.

Endpoints

There are a few endpoints you can use to see the credentials, database data, and restart.

  1. /getdbcredentials

Will output the dynamically generated database user. This demonstrates that the dynamic user is generated using the Vault configurations in bootstrap.yml in conjunction with the Autowired DataSource.

  1. /getdbdata

Will output data entered into the database during the MySQL start above. This demonstrates that the dynamically generated database credentials can be used to successfully pull data from the database and map to a Spring Model.

  1. /restart

Will restart the application and create a new dynamic database credential.

Cleanup

  1. Cleanup the deployment by running cd ./scripts; ./cleanup.sh

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.