the purpose of this repo is to act as a pre-provisioned lab environment for experimentation with certificates and PKI infrastructure with Vault and Consul.
this document guides you through setting up your own local Vault cluster to use as lab environment. We have prepared two versions for you :
-
VM backed lab environment : this environment brings up a production grade 3 node Vault cluster with HA Raft storage backed.
-
docker-compose environment : docker-compose environment brings up 3 containers: one Consul node in Dev mode, One Vault Node in Dev mode and an alpine container, provisioned with the needed tools.
Refer to the following supplementary documentation to learn more about the technologies used in this repo.
- lxd : notes on LXD and a bunch of common commands to make working with LXD easier
- vscode : notes on Visual Studio Code setup
- pki engine lab : This lab shows how to enable pki secret engine and use it for generation and delivery of short-lived self signed certificates.
- pki-k8s lab : the purpose of this lab is to build a workflow that allows creation and lifecycle management of TLS Certificates in a kubernetes environement for all Applications that are exposed to the outside world.
vagrant
is used to provision the VM. Current Vagrantfile supports Virtualbox, HyperV and Libvirt providers which means anyone, running on any OS can bring up this environment.
- 4 GB free ram on their machine to dedicate to the . They can use 2 GB but that may cause the Lab cluster to be unstable.
- install Vagrant from official site ( not through any package managers )
- Have vt-x and nested virtualization enabled in their bios.
- Windows Users :
- Most common backend is microsoft Hyper-V
- They must have Windows 10 Pro/ Enterprise to Enable HyperV. Windows 10 Home does not support Hyper-V
- the following snippet can be used to enable HyperV
# Open Powershell As Administrator
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
# Restart after completion
-
Windows users can also use VirtualBox, only if they have not enabled HyperV on their system. HyperV is a type 1 hypervisor and doesn't play nice with other hypervisors, meaning if you enable hyper-v, no other hypervisor can run on windows.
-
Mac/Linux Users : install VirtualBox
- Users on Debian based distros can use this script
contrib/scripts/installer/virtualbox
, i.e
- Users on Debian based distros can use this script
bash contrib/scripts/installer/virtualbox
- Bring up the VM with desired Hypervisor ( e.g
virtualbox
)
vagrant up --provider=virtualbox
- Get inside the VM
vagrant ssh
- go to lab repository root
cd ~/vault-training
- Bring Up LXD containers that host Vault nodes
make -j$(nproc) vault-containers
- provision containers and install and setup vault
make vault
At this point, you have a complete lab environment. You can checkout cluster IP addresses by running lxc ls
or you can access a node in the cluster , lets say vault-1
with ssh : ssh vault-1
This is more of a light-weight lab, used for showcasing Vault features in Dev mode.
- docker engine and docker compose must be installed on your machine
- bring up the containers
docker-compose -f .devcontainer/docker-compose.devcontainer.yml up -d
- get a shell into the lab container
docker-compose -f .devcontainer/docker-compose.devcontainer.yml exec vault-training bash
- The docker-compose environment works with Visual Studio Code Remote developer Extension Pack for a seem-less experience
- Install
Microsoft Visual Studio Code
- Install
Remote Development Extension Pack
on VSCode - Open the repository root in Visual studio code. you will see the following prompt in bottom right half of the screen. accept it and wait for the build/dev environment setup.
- Install
Folder contains a Dev Container configuration file. Reopen folder to develop in a container (learn more).
- in case you didn't see the prompt, press
ctrl+shift+p
and search for and runremote-containers: rebuild and reopen in container
.