Skip to content

gitrgoliveira/demostack-gke

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits

.github/workflows

.github/workflows

 
 

c1_manifests

c1_manifests

 
 

c2_manifests

c2_manifests

 
 

c3_manifests

c3_manifests

 
 

consul_config

consul_config

 
 

consul_demos

consul_demos

 
 

dns

dns

 
 

modules/gke

modules/gke

 
 

monitoring

monitoring

 
 

vault_demos

vault_demos

 
 

.gitignore

.gitignore

 
 

.terraform.lock.hcl

.terraform.lock.hcl

 
 

00_initial_setup.sh

00_initial_setup.sh

 
 

01_install_vault.sh

01_install_vault.sh

 
 

01_setup_vault_demos.sh

01_setup_vault_demos.sh

 
 

02_install_consul.sh

02_install_consul.sh

 
 

03_setup_consul_demos.sh

03_setup_consul_demos.sh

 
 

04_install_boundary.sh

04_install_boundary.sh

 
 

05_setup_boundary.sh

05_setup_boundary.sh

 
 

99_cleanup.sh

99_cleanup.sh

 
 

README.md

README.md

 
 

backend.tf

backend.tf

 
 

cross_tls.sh

cross_tls.sh

 
 

gke.tf

gke.tf

 
 

helper.sh

helper.sh

 
 

outputs.tf

outputs.tf

 
 

setup_external-counter.sh

setup_external-counter.sh

 
 

setup_external-svc.sh

setup_external-svc.sh

 
 

setup_kubeconfig.sh

setup_kubeconfig.sh

 
 

tls_vault.sh

tls_vault.sh

 
 

tls_vault.sh.tpl

tls_vault.sh.tpl

 
 

values1_consul.yaml

values1_consul.yaml

 
 

values1_vault.yaml

values1_vault.yaml

 
 

values2_consul.yaml

values2_consul.yaml

 
 

values2_vault.yaml

values2_vault.yaml

 
 

variables.tf

variables.tf

 
 

vpc.tf

vpc.tf

 
 

Repository files navigation

Vault and Consul Enterprise on GKE

This repo aims to allow testing of Vault and Consul Enterprise and OSS features, using k8s clusters managed by GCP (GKE).

It deploys 2 k8s clusters with Consul and Vault with the following setup:

  • Vault

    • Performance Replication with cluster 2.
    • LDAP auth backend
    • JWT auth backend
    • Identity secrets engine
    • KV secrets engine

  • Consul

    • Ingress, Terminating and Mesh gateways
    • SSO
    • Audit
    • JWT auth

Cloud Requirements

A GCP account, project and a DNS hosted zone. I've created my hosted zone using https://github.com/lhaig/dns-multicloud?ref=v1.1

Client Requirements

The following cli's must be installed:

  • gcloud
  • kubectl
  • helm3
  • consul (v1.9.1+)
  • vault (v1.6.1+)

Customisations

You'll need to change all the references to the hosted zone from ric.gcp.hashidemos.io to your own.

These can be found in:

Change the GOOGLE_PROJECT reference in

You will also need to ammend the places where a license is written:

  • 00_install_vault.sh (line 56)
  • 01_install_consul.sh (lines 60 and 61)

coming soon

Architecture

Demos

Vault Performance Replication

Without using the API port for unwrapping. Only cluster port is necessary to be exposed for the replication to happen.

Vault Control groups

Vault as a Service Identity broker (JWT)

Consul Service Mesh

Splitters

Canary

Gateways

About

Vault and Consul Enterprise deployments in GKE

Resources

Readme
Activity

Stars

5 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases 1

kind of works Latest
Jun 29, 2021

Packages

No packages published

Languages