How to expose vault HTTPS API that installed in k8s to outside clients

1/24/2021

i have a problem finding explanations on how to expose HTTPS API to outside clients.
The Vault on Kubernetes Reference Architecture
page ends with a short explanation in the end of this page which leave with no more info on how to configure vault HTTPS API to be accessible to the outside world .
this tutorial using disable TLS
or this tutorial
which working on minicube , which act differently then real k8s and its also without TLS
the funny thing is that the main tutorial configuration the vault server cluster in k8s do use TLS

I just want to make curl API with TLS that will give me the password i set
How do i do this ?

-- user63898
client
hashicorp-vault
https
kubernetes
ssl

1 Answer

1/24/2021

Once you have port-forwarded the service/pod to your local machine, where you are using the CLI, you can use the VAULT_SKIP_VERIFY to skip certificate verification.

$ kubectl port-forward ... ...

// export your https url
$ export VAULT_ADDR=https://127.0.0.1:8200

// vault token
$ export VAULT_TOKEN= "****"

// set true 
$ export VAULT_SKIP_VERIFY=true

Now, you ready to use the vault CLI.

$ vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
... ... ... 
-- Kamol Hasan
Source: StackOverflow