fix: run vault k8s auth config with sh
This commit is contained in:
parent
b82195f2d7
commit
5a9ceeab24
@ -24,7 +24,7 @@ spec:
|
|||||||
image: hashicorp/vault:1.17.6
|
image: hashicorp/vault:1.17.6
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command:
|
command:
|
||||||
- bash
|
- sh
|
||||||
- /scripts/vault_k8s_auth_configure.sh
|
- /scripts/vault_k8s_auth_configure.sh
|
||||||
env:
|
env:
|
||||||
- name: VAULT_ADDR
|
- name: VAULT_ADDR
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env sh
|
||||||
set -euo pipefail
|
set -eu
|
||||||
|
|
||||||
log() { echo "[vault-k8s-auth] $*"; }
|
log() { echo "[vault-k8s-auth] $*"; }
|
||||||
|
|
||||||
@ -35,13 +35,13 @@ vault write auth/kubernetes/config \
|
|||||||
kubernetes_host="${k8s_host}" \
|
kubernetes_host="${k8s_host}" \
|
||||||
kubernetes_ca_cert="${k8s_ca}"
|
kubernetes_ca_cert="${k8s_ca}"
|
||||||
|
|
||||||
declare -A roles
|
for namespace in outline planka; do
|
||||||
roles[outline]=outline-vault
|
|
||||||
roles[planka]=planka-vault
|
|
||||||
|
|
||||||
for namespace in "${!roles[@]}"; do
|
|
||||||
policy_name="${namespace}"
|
policy_name="${namespace}"
|
||||||
service_account="${roles[$namespace]}"
|
case "${namespace}" in
|
||||||
|
outline) service_account="outline-vault" ;;
|
||||||
|
planka) service_account="planka-vault" ;;
|
||||||
|
*) log "unknown namespace ${namespace}"; exit 1 ;;
|
||||||
|
esac
|
||||||
|
|
||||||
log "writing policy ${policy_name}"
|
log "writing policy ${policy_name}"
|
||||||
vault policy write "${policy_name}" - <<EOF
|
vault policy write "${policy_name}" - <<EOF
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user