From 5a9ceeab24567d5d55272edb534acf11edbf84cd Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Wed, 14 Jan 2026 01:35:06 -0300 Subject: [PATCH] fix: run vault k8s auth config with sh --- services/vault/k8s-auth-config-cronjob.yaml | 2 +- .../vault/scripts/vault_k8s_auth_configure.sh | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/services/vault/k8s-auth-config-cronjob.yaml b/services/vault/k8s-auth-config-cronjob.yaml index d974f6b..3b74932 100644 --- a/services/vault/k8s-auth-config-cronjob.yaml +++ b/services/vault/k8s-auth-config-cronjob.yaml @@ -24,7 +24,7 @@ spec: image: hashicorp/vault:1.17.6 imagePullPolicy: IfNotPresent command: - - bash + - sh - /scripts/vault_k8s_auth_configure.sh env: - name: VAULT_ADDR diff --git a/services/vault/scripts/vault_k8s_auth_configure.sh b/services/vault/scripts/vault_k8s_auth_configure.sh index 15973e6..9e2f674 100644 --- a/services/vault/scripts/vault_k8s_auth_configure.sh +++ b/services/vault/scripts/vault_k8s_auth_configure.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env bash -set -euo pipefail +#!/usr/bin/env sh +set -eu log() { echo "[vault-k8s-auth] $*"; } @@ -35,13 +35,13 @@ vault write auth/kubernetes/config \ kubernetes_host="${k8s_host}" \ kubernetes_ca_cert="${k8s_ca}" -declare -A roles -roles[outline]=outline-vault -roles[planka]=planka-vault - -for namespace in "${!roles[@]}"; do +for namespace in outline planka; do policy_name="${namespace}" - service_account="${roles[$namespace]}" + case "${namespace}" in + outline) service_account="outline-vault" ;; + planka) service_account="planka-vault" ;; + *) log "unknown namespace ${namespace}"; exit 1 ;; + esac log "writing policy ${policy_name}" vault policy write "${policy_name}" - <