fix: run vault k8s auth config with sh

2026-01-14 01:35:06 -03:00 · 2026-01-14 01:35:06 -03:00 · 5a9ceeab24
commit 5a9ceeab24
parent b82195f2d7
2 changed files with 9 additions and 9 deletions
--- a/services/vault/k8s-auth-config-cronjob.yaml
+++ b/services/vault/k8s-auth-config-cronjob.yaml
@ -24,7 +24,7 @@ spec:
              image: hashicorp/vault:1.17.6
              imagePullPolicy: IfNotPresent
              command:
-                - bash
+                - sh
                - /scripts/vault_k8s_auth_configure.sh
              env:
                - name: VAULT_ADDR
--- a/services/vault/scripts/vault_k8s_auth_configure.sh
+++ b/services/vault/scripts/vault_k8s_auth_configure.sh
@ -1,5 +1,5 @@
-#!/usr/bin/env bash
-set -euo pipefail
+#!/usr/bin/env sh
+set -eu

 log() { echo "[vault-k8s-auth] $*"; }

@ -35,13 +35,13 @@ vault write auth/kubernetes/config \
  kubernetes_host="${k8s_host}" \
  kubernetes_ca_cert="${k8s_ca}"

-declare -A roles
-roles[outline]=outline-vault
-roles[planka]=planka-vault
-
-for namespace in "${!roles[@]}"; do
+for namespace in outline planka; do
  policy_name="${namespace}"
-  service_account="${roles[$namespace]}"
+  case "${namespace}" in
+    outline) service_account="outline-vault" ;;
+    planka) service_account="planka-vault" ;;
+    *) log "unknown namespace ${namespace}"; exit 1 ;;
+  esac

  log "writing policy ${policy_name}"
  vault policy write "${policy_name}" - <<EOF