hyperfocus1337/hashicorp-kind-playground

This HashiCorp playground demonstrates capabilities of Vault, Consul and Boundary.

Kind

Let’s first create a Kind environment

kind create cluster --config=kind/cluster.yaml

Set the kubectl configuration to point to kind

kubectl cluster-info --context kind-kind

Now we have a kind cluster!

Let’s also install the metrics-server, so we can observe any potential memory issues

helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/

Update the repo so we can install the metrics-server

helm repo update

Install the metrics-server with compatibility options for kind

helm upgrade --install --set args={--kubelet-insecure-tls} metrics-server metrics-server/metrics-server --namespace kube-system

Now we can observe the memory usage of the cluster using kubectl top nodes

Time to configure our cluster to do something…

Homebrew

We assume you also use a Mac with homebrew.

First, we need to add the homebrew-tap, which contains all the HashiCorp software

brew tap hashicorp/tap

Consul

There’s a special CLI available to deploy the Consul helm chart.

Let’s install it!

brew install hashicorp/tap/consul-k8s

Check the installed version

consul-k8s version

Let’s now install the Consul Helm chart

consul-k8s install -config-file=consul/override-values.yaml

Watch Consul being deployed

watch kubectl get pods -n consul

Port forward to see the cluster

kubectl port-forward svc/consul-ui --namespace consul 8501:443

Afterwards you can navigate to the cluster: https://localhost:8501/ui/dc1/services

Vault

We need to install helm before we can install the Vault helm chart

brew install helm

And let’s create the Vault namespace

kubectl create namespace vault

We need to add the HashiCorp helm chart repository

helm repo add hashicorp https://helm.releases.hashicorp.com

Update the helm repo

helm repo update

Let’s now install the Vault Helm chart

helm install vault hashicorp/vault -f vault/override-values.yaml -n vault

Watch Vault being deployed

watch kubectl get pods -n vault

After the pods have started, we can initialize the Vault and add the keys to the cluster-keys.json file

kubectl exec -n vault vault-0 -- vault operator init -key-shares=1 -key-threshold=1 -format=json > cluster-keys.json

Port forward the Vault port to localhost

kubectl port-forward service/vault --namespace vault 8200:8200

Afterwards you can navigate to the cluster: https://localhost:8200

Boundary

Tearing down

Show the kind cluster

kind get clusters

Delete the cluster

kind delete cluster