No video
Read DockerHub Credentials from HashiCorp Vault Secrets in your Jenkins pipeline
Рет қаралды 7,664
4 жыл бұрынPre-Requisites:
#####################
Install Git
Install ApacheMaven
Install Java
Install docker
Install Jenkins
Hashicorp Vault
• Install Java,Apache Ma...
Hashicorp Vault:
####################
wget releases.hashicorp.com/vault/...
unzip vault_1.4.0_linux_amd64.zip
cp vault /usr/bin
mkdir /etc/vault
mkdir /opt/vault-data
mkdir -p /logs/vault
vi /etc/vault/config.json
{
"listener": [{
"tcp": {
"address" : "0.0.0.0:8200",
"tls_disable" : 1
}
}],
"api_addr": "34.235.163.240:8200",
"storage": {
"file": {
"path" : "/opt/vault-data"
}
},
"max_lease_ttl": "10h",
"default_lease_ttl": "10h",
"ui":true
}
vi /etc/systemd/system/vault.service
--------------------------------------------------------------
[Unit]
Description=vault service
Requires=network-online.target
After=network-online.target
ConditionFileNotEmpty=/etc/vault/config.json
[Service]
EnvironmentFile=-/etc/sysconfig/vault
Environment=GOMAXPROCS=2
Restart=on-failure
ExecStart=/usr/bin/vault server -config=/etc/vault/config.json
StandardOutput=/logs/vault/output.log
StandardError=/logs/vault/error.log
LimitMEMLOCK=infinity
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGTERM
[Install]
WantedBy=multi-user.target
----------------------------------------------------------------
systemctl start vault.service
systemctl status vault.service
systemctl enable vault.servicevi /etc/systemd/system/vault.service
--------------------------------------------------------------
[Unit]
Description=vault service
Requires=network-online.target
After=network-online.target
ConditionFileNotEmpty=/etc/vault/config.json
[Service]
EnvironmentFile=-/etc/sysconfig/vault
Environment=GOMAXPROCS=2
Restart=on-failure
ExecStart=/usr/bin/vault server -config=/etc/vault/config.json
StandardOutput=/logs/vault/output.log
StandardError=/logs/vault/error.log
LimitMEMLOCK=infinity
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGTERM
[Install]
WantedBy=multi-user.target
----------------------------------------------------------------
systemctl start vault.service
systemctl status vault.service
systemctl enable vault.service
Open vault in webUI:
ec2ipaddress:8200
node {
stage ('GIT CheckOut') {
git 'github.com/VamsiTechTuts/java...
}
stage ('Build Artifact') {
dir('demoweb') {
def MAVEN_HOME = tool name: 'maven3', type: 'maven'
def MAVEN_CMD = "${MAVEN_HOME}/bin/mvn"
sh "${MAVEN_CMD} clean package"
}
}
stage("Docker Build"){
dir('demoweb') {
sh 'docker build -t vamsitechtuts/demoweb .'
}
}
stage("Docker Push") {
withVault(configuration: [timeout: 60, vaultCredentialId: 'vault-token', vaultUrl: '34.235.163.240:8200'], vaultSecrets: [[path: 'secret/dockerhub', secretValues: [[vaultKey: 'username'], [vaultKey: 'password']]]]) {
sh 'docker login -u $username -p $password'
}
sh 'docker push vamsitechtuts/demoweb'
}
}
@aditytakumar2190 3 жыл бұрын
Great tutorial For better security, we define TTL for root Vault token Is there any automation, we need not manually update the root Vault token after TTL expire in Jenkins credentials
@Oswee 3 жыл бұрын
Root token should not be used there at all.
@palukurimadhu2292 4 жыл бұрын
Hai sir ... I have task in has corp vault .. I need your help am ready to pay amount for thta
@cloudtechmasters9985 4 жыл бұрын
Hi Madhu this channel is only for knowledge sharing. pls send your requirements to vamsitechtuts@gmail.com. If we get time we will do a video for your use case.
BalcevMMA_BOXING
Рет қаралды 14 МЛН
Jason Derulo
Рет қаралды 30 МЛН
Learn DevOps Easy (Wezva-Technologies)
Рет қаралды 1,9 М.
Akash Kumar
Рет қаралды 26 М.
Cloud Tech Masters
Рет қаралды 11 М.
Aareez Asif
Рет қаралды 291 М.