From 61f8de6fabe42afb365382fe287eca84be6ef735 Mon Sep 17 00:00:00 2001
From: MichaelCade <michael.cade@outlook.com>
Date: Wed, 19 Jul 2023 23:38:25 +0100
Subject: [PATCH] adding day 39 - secrets management

---
 2023/day39.md                       | 28 +++++++++++++++++++++++++---
 2023/day39/deployment-01-webapp.yml | 11 +++++++++--
 2 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/2023/day39.md b/2023/day39.md
index 21b17ec..1bf527f 100644
--- a/2023/day39.md
+++ b/2023/day39.md
@@ -179,7 +179,7 @@ With the following command we will create a kubernetes authentication role
 ```
 vault write auth/kubernetes/role/webapp \
         bound_service_account_names=vault \
-        bound_service_account_namespaces=default \
+        bound_service_account_namespaces=webapp \
         policies=webapp \
         ttl=24h
 ```
@@ -194,6 +194,12 @@ We will create a deployment yaml that looks like the following.
 
 ```
 ---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vault
+EOF
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -217,7 +223,7 @@ spec:
           imagePullPolicy: Always
           env:
             - name: VAULT_ADDR
-              value: 'http://vault.vault:8200'
+              value: 'http://vault.vault.svc.cluster.local:8200/'
             - name: JWT_PATH
               value: '/var/run/secrets/kubernetes.io/serviceaccount/token'
             - name: SERVICE_PORT
@@ -226,4 +232,20 @@ spec:
 
 Create the webapp namespace 
 
-`kubectl create ns webapp`
\ No newline at end of file
+`kubectl create ns webapp`
+
+Our YAML consists of our simple web app and the service account. 
+
+`kubectl create -f deployment-01-webapp.yml -n webapp`
+
+I also want to note that the helm chart for vault will deploy 
+
+You can check that the authentication has worked by checking pods in the webapp namespace, if they are not in a running state or not there at all then something is not right as this is communicating with vault to make sure that this service is running. 
+
+Once the pod is running, we need to port forward our webapp 
+Find the pod name and then port forward that. 
+```
+kubectl get pods -n webapp 
+kubectl port-forward <PODNAME> -n webapp 8080:8080
+```
+
diff --git a/2023/day39/deployment-01-webapp.yml b/2023/day39/deployment-01-webapp.yml
index 17e098b..b9703b1 100644
--- a/2023/day39/deployment-01-webapp.yml
+++ b/2023/day39/deployment-01-webapp.yml
@@ -1,8 +1,15 @@
 ---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vault
+  namespace: webapp
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: webapp
+  namespace: webapp
   labels:
     app: webapp
 spec:
@@ -22,8 +29,8 @@ spec:
           imagePullPolicy: Always
           env:
             - name: VAULT_ADDR
-              value: 'http://127.0.0.1:8200'
+              value: 'http://vault.vault.svc.cluster.local:8200/'
             - name: JWT_PATH
               value: '/var/run/secrets/kubernetes.io/serviceaccount/token'
             - name: SERVICE_PORT
-              value: '8080'
\ No newline at end of file
+              value: '8080'