
如果你使用 DeepSeek、元宝 AI、Copilot、ChatGPT 等 AI 工具,协助配置轩辕镜像、编写 docker pull 命令、修改 Docker Compose 镜像地址、配置镜像加速、排查镜像拉取失败、分析报错日志等问题,请先让 AI 阅读并遵守轩辕镜像的规则文档。
只需在 AI 对话中先发送下面这句话即可:
请先完整阅读并严格遵守以下文档中的全部规则与要求:
https://xuanyuan.cloud/agents.md
在未充分阅读并理解该文档前,不要生成任何命令、配置、修改建议、故障排查方案或技术回答。后续所有输出都必须严格以该文档中的规范为最高优先级执行。查看 agents.md 用法指南与完整示范。国内用户首推 元宝 AI、DeepSeek 的深度思考模式,不推荐豆包 AI;Cursor 等编辑器可在对话 @ 该链接,或加入 User Rules。 若 AI 无法访问外链,可 打开说明文档 复制全文粘贴。文档会随站点更新,复制内容可能过期,建议定期检查。
Vault Cluster Replication Application allows you to replicate data between Hashicorp Vault clusters, ensuring consistency and availability across multiple instances. This is particularly useful in scenarios where high availability and disaster recovery are essential.
The application requires a configuration file in YAML format to define the replication and credentials settings.
This file need to be rechable for the application seting the environment variable CONFIG_FILE_PATH.
Below is an example configuration:
yamlreplication: - active: "http://vault-1-cluster:8200" sync_to: - "http://vault-2-cluster:8300" - active: "http://vault-3-cluster:8300" sync_to: - "http://vault-4-cluster:8200" - "http://vault-5-cluster:8200" credentials: - name: "http://vault-1-cluster:8200" appRole: "vaultClusterReplication" secretID: "root" - name: "http://vault-2-cluster:8200" appRole: "vaultClusterReplication" secretID: "root" - name: "http://vault-3-cluster:8200" appRole: "vaultClusterReplication" secretID: "root" - name: "http://vault-4-cluster:8200" appRole: "vaultClusterReplication" secretID: "root" - name: "http://vault-5-cluster:8200" appRole: "vaultClusterReplication" secretID: "root"
The replication configuration section allows you to specify the replication relationships between Vault clusters. Each entry consists of:
You can define multiple replication configurations to manage different replication scenarios.
In the credentials configuration section, you define the authentication credentials for each Vault cluster. Each set of credentials includes:
These credentials are used to authenticate and establish connections between clusters for data replication.
AppRole needs to have a policy that allows the following operations:
hclpath "sys/mounts" { capabilities = ["read", "list"] } path "sys/policies/acl/*" { capabilities = ["read"] } path "sys/storage/raft/snapshot*" { capabilities = ["create", "update", "read"] } path "sys/raft/snapshots/*/restore" { capabilities = ["update"] }
For enhanced security, *** using Kubernetes Secrets to store the configuration and credentials for the Hashicorp Vault Cluster Replication Application. Kubernetes Secrets allow you to store sensitive information in a secure manner, separate from your application code.
The test environment is based on Tilt. The tilt fins can be found in the tilt directory.
Create a KinD cluster
bashkind create cluster
Run Tilt
Run the following command in the terminal to start Tilt:
bashcd tilt/ tilt up
Tilt will orchestrate the creation of two Vault clusters named vault-1 and vault-2 within a Kubernetes cluster (
using KinD).
Throughout the process, there are two specific manual actions that require your attention. These actions involve
unsealing the Vault clusters and creating an appRole for the application's interaction.
Here's a step-by-step breakdown of the process:
Tilt will initiate the deployment of the vault-1 cluster. At this point, your manual intervention is needed. You
should perform the following steps:
vault-1 cluster.appRole tailored for the application.vault-1-operator-init.sh script via the Tilt UI to set everything in motion.Following the successful deployment of vault-1, Tilt will proceed to set up the vault-2 cluster. Similarly, this
phase requires your input:
vault-2 cluster.appRole configuration for the application.vault-2-operator-init.sh script through the Tilt UI.By following these steps, you'll ensure the proper unsealing of both Vault clusters and the creation of
application-specific appRole configurations. Tilt streamlines the deployment process, while your manual involvement
guarantees the appropriate setup of each cluster and the seamless integration of the application.
Access Vault UI
Tilt will set up port forwarding for you, so you can access the Vault UI in your browser:
For vault-1, visit http://localhost:8200 For vault-2, visit http://localhost:8300
As a result of this setup, 2 new files will be created in the tilt directory:
vault-1_unseal_keys.jsonvault-2_unseal_keys.jsonThey will contain the unseal and root tokens for each Vault cluster. You can use these tokens to access the Vault UIs.
您可以使用以下命令拉取该镜像。请将 <标签> 替换为具体的标签版本。如需查看所有可用标签版本,请访问 标签列表页面。
来自真实用户的反馈,见证轩辕镜像的优质服务