From 32cd1065c01bc5e58232b3276197f050724a65a3 Mon Sep 17 00:00:00 2001
From: Tom Morelly <tom-morelly@gmx.de>
Date: Fri, 2 Feb 2024 16:37:30 +0100
Subject: [PATCH] feat(docs): add more docs

---
 TODOS.md                         |  3 ++-
 nohup.out                        | 34 ++++++++++++++++++++++++++++++++
 scripts/vault-kubernetes-kms.yml | 13 ++++++++----
 3 files changed, 45 insertions(+), 5 deletions(-)

diff --git a/TODOS.md b/TODOS.md
index 94d0410..edbeb0c 100644
--- a/TODOS.md
+++ b/TODOS.md
@@ -8,4 +8,5 @@
 * [x] k8s auth
 * [ ] e2e
 * [ ] health check
-* [ ] better docker image
\ No newline at end of file
+* [ ] better docker image
+* [ ] simple arch image
\ No newline at end of file
diff --git a/nohup.out b/nohup.out
index 36002b5..5e8649b 100644
--- a/nohup.out
+++ b/nohup.out
@@ -591,3 +591,37 @@ Root Token: root
 
 Development mode should NOT be used in production installations!
 
+==> Vault server configuration:
+
+Administrative Namespace: 
+             Api Address: http://0.0.0.0:8200
+                     Cgo: disabled
+         Cluster Address: https://0.0.0.0:8201
+   Environment Variables: CHROME_DESKTOP, CLUTTER_IM_MODULE, COLORTERM, DBUS_SESSION_BUS_ADDRESS, DEFAULTS_PATH, DESKTOP_SESSION, DIRENV_DIFF, DIRENV_DIR, DIRENV_WATCHES, DISPLAY, EDITOR, GDK_BACKEND, GDMSESSION, GIT_ASKPASS, GODEBUG, GPG_AGENT_INFO, GTK_IM_MODULE, GTK_MODULES, GVM_PATH_BACKUP, GVM_ROOT, GVM_VERSION, HOME, LANG, LC_ADDRESS, LC_ALL, LC_IDENTIFICATION, LC_MEASUREMENT, LC_MONETARY, LC_NAME, LC_NUMERIC, LC_PAPER, LC_TELEPHONE, LC_TIME, LESS, LESS_TERMCAP_mb, LESS_TERMCAP_md, LESS_TERMCAP_me, LESS_TERMCAP_se, LESS_TERMCAP_so, LESS_TERMCAP_ue, LESS_TERMCAP_us, LOGNAME, LSCOLORS, LS_COLORS, MAKEFLAGS, MAKELEVEL, MAKE_TERMERR, MAKE_TERMOUT, MANDATORY_PATH, MFLAGS, NO_AT_BRIDGE, NVM_BIN, NVM_CD_FLAGS, NVM_DIR, NVM_INC, OLDPWD, ORIGINAL_XDG_CURRENT_DESKTOP, PAGER, PATH, PWD, QT_ACCESSIBILITY, QT_IM_MODULE, SHELL, SHLVL, SPACESHIP_ROOT, SPACESHIP_VERSION, SYSTEMD_EXEC_PID, TERM, TERM_PROGRAM, TERM_PROGRAM_VERSION, USER, USERNAME, USER_ZDOTDIR, VAULT_ADDR, VAULT_SKIP_VERIFY, VAULT_TOKEN, VISUAL, VSCODE_GIT_ASKPASS_EXTRA_ARGS, VSCODE_GIT_ASKPASS_MAIN, VSCODE_GIT_ASKPASS_NODE, VSCODE_GIT_IPC_HANDLE, VSCODE_INJECTION, WINDOWPATH, XAUTHORITY, XDG_CONFIG_DIRS, XDG_DATA_DIRS, XDG_RUNTIME_DIR, XDG_SEAT, XDG_SESSION_CLASS, XDG_SESSION_DESKTOP, XDG_SESSION_ID, XDG_SESSION_TYPE, XDG_VTNR, XMODIFIERS, ZDOTDIR, _
+              Go Version: go1.21.1
+              Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
+               Log Level: 
+                   Mlock: supported: true, enabled: false
+           Recovery Mode: false
+                 Storage: inmem
+                 Version: Vault v1.15.0, built 2023-09-22T16:53:10Z
+             Version Sha: b4d07277a6c5318bb50d3b94bbd6135dccb4c601
+
+==> Vault server started! Log data will stream in below:
+
+WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
+and starts unsealed with a single unseal key. The root token is already
+authenticated to the CLI, so you can immediately begin using Vault.
+
+You may need to set the following environment variables:
+
+    $ export VAULT_ADDR='http://0.0.0.0:8200'
+
+The unseal key and root token are displayed below in case you want to
+seal/unseal the Vault or re-authenticate.
+
+Unseal Key: Ozs9CHmhx6Ta/+Jm5h1uoaKt/aiCz1Fatqgd2FYbvr8=
+Root Token: root
+
+Development mode should NOT be used in production installations!
+
diff --git a/scripts/vault-kubernetes-kms.yml b/scripts/vault-kubernetes-kms.yml
index 53896e0..5d2735b 100644
--- a/scripts/vault-kubernetes-kms.yml
+++ b/scripts/vault-kubernetes-kms.yml
@@ -4,17 +4,22 @@ metadata:
   name: vault-kubernetes-kms
   namespace: kube-system
 spec:
+  imagePullSecrets: 
+    - name: regcred
   containers:
     - name: vault-kubernetes-kms
-      image: vault-kubernetes-kms
-      imagePullPolicy: Never
+      # minikube
+      #image: vault-kubernetes-kms
+      # official image
+      image: ghcr.io/falcosuessgott/vault-kubernetes-kms:latest
+      #imagePullPolicy: Never
       command:
         - vault-kubernetes-kms
         - --vault-address=http://host.minikube.internal:8200
-        # token auth
-        #- --vault-token=root
         # k8s auth
         - --vault-k8s-role=kms
+        # token auth
+        # - --vault-token=root
       volumeMounts:
         - name: socket
           mountPath: /opt