## override-values.yaml 내용 확인
#
```
# user_vault의 access_key, secret_key를 입력.
# vault-auto-unseal key id를 입력.
   seal "awskms" {
     region     = "ap-northeast-2"
     access_key = user_vault의 access_key
     secret_key = user_vault의 secret_key
     kms_key_id = aws kms vault-auto-unseal key id
   }

```
## vault server 설치
```
helm install vault-server -n dsk-middle -f override-values.yaml .
```

## vault server 생성 확인
```
kubectl get pods -n dsk-middle
```

## vault server 초기화
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault operator init
```
위 명령어로 나온 key 값들은 반드시 파일로 저장 후 반드시 보관 필요\
vault server 봉인 해제, ui 접속 등에 필요

## vault server 봉인 해제. unseal key 5 개 중, 아무거나 3 개 필요
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault operator unseal
```
### unseal key 입력
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault operator unseal
```
### unseal key 입력
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault operator unseal
```
### unseal key 입력

## vault server login
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault login
```
### Initial Root Token 입력

## vault secret engine 활성화. 사용 엔진 kv (key value)
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault secrets enable -version=2 -path=tls kv
```
## secret engine 활성화 확인
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault secrets list
```

## approle 활성화
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault auth enable approle
```
## approle 활성화 확인
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault auth list
```

## policy 생성. (secret에 접근하는 권한 설정)
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault policy write datasaker -<<EOF
path "tls/data/client" {
  capabilities = [ "read", "list" ]
}

path "tls/data/server" {
  capabilities = [ "read", "list" ]
}
EOF
```

## policy 확인
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault policy list
```
## policy 세부 사항 확인
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault policy read datasaker
```

## role 생성
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault write auth/approle/role/datasaker token_policies="datasaker" token_ttl=12h token_max_ttl=24h
```
## role 생성 확인
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault list auth/approle/role
```
## role 세부사항 확인
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault read auth/approle/role/datasaker
```

## role의 role-id 획득
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault read auth/approle/role/datasaker/role-id
```
## role의 secret-id 획득
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault write -force auth/approle/role/datasaker/secret-id
```

## role-id와 secret-id는 vault agent가 참고하는 volume에 저장
#### vault agent가 token 획득하는데 사용됨

## tls 키 생성
```
/tls/generator.sh 실행
```

## 생성된 tls data 확인
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault kv get -mount=tls client
```
```
kubectl exec -it -n dsk-middle vault-server-0 -- vault kv get -mount=tls server
```