Goal of this Setup is to test configuration for an productive instance.
- to use the image in a productive way the
server
command shall be called followed by the arguments provided to the vault server executable /vault/logs
, to use for writing persistent audit logs. By default nothing is written here; thefile
audit backend must be enabled with a path under this directory./vault/file
, to use for writing persistent storage data when using the file data storage plugin. By default nothing is written here (a dev server uses an in-memory data store); thefile
data storage backend must be enabled in Vault's configuration before the container is started.
Enable JWT.
vault auth enable jwt
Configure JWT
vault write auth/jwt/config jwks_url="https://grumpel.fritz.box:8443/-/jwks" bound_issuer="https://grumpel.fritz.box:8443" jwks_ca_pem=@certs\gitlab-cert.pem
Note: The external_url
also reconfigures the nginx port if not overridden. You should be especially aware of this if you try to remap default ports with ports to your convenience and provide the external port in external_url
.
Download the image from Docker Hub.
docker pull hashicorp/vault
docker-compose -f <file> up
This is my first and currently discarded attempt.
docker run --name gitlab-runner --rm -e "CA_CERTIFICATES_PATH=/certs/ca-cert.pem" -v .\certs\ca-cert.pem:/certs/ca-cert.pem:ro -v .\gitlab-runner-home:/home/gitlab-runner -v .\gitlab-runner-config:/etc/gitlab-runner gitlab/gitlab-runner:latest
Latest attempt is to run an Ubuntu VM providing Docker.