This is a docker-compose stack that contains:
- a vault in dev mode
- a vault agent that connects to the vault using kubernetes auth
- an ansible runner to configure the vault
Run the docker-compose stack using docker-compose up
To simulate the service account token mounted in /var/run/secrets/kubernetes.io/serviceaccount/token
we manually create the token using the step cli command unsing a JWK created for the demo (see the crypto
folder).
The token and certificates are then mounted in the containers at the same path they would appear in kubernetes.