bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

finance: fix vault seed job

Browse Source
This commit is contained in:
Brad Stein 2026-01-17 01:07:46 -03:00
parent a9351bc737
commit 8f990031f1
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
services/finance/finance-secrets-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: finance-secrets-ensure-1 name: finance-secrets-ensure-2
namespace: finance namespace: finance
spec: spec:
backoffLimit: 1 backoffLimit: 1
@ -32,7 +32,12 @@ spec:
containers: containers:
- name: ensure - name: ensure
image: alpine:3.20 image: alpine:3.20
command: ["/scripts/finance_secrets_ensure.sh"] command: ["/bin/sh", "-c"]
args:
- |
set -e
apk add --no-cache bash curl jq >/dev/null
exec bash /scripts/finance_secrets_ensure.sh
env: env:
- name: VAULT_ROLE - name: VAULT_ROLE
value: finance-secrets value: finance-secrets

2
services/finance/scripts/finance_secrets_ensure.sh
View File

@ -1,8 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
apk add --no-cache curl jq >/dev/null
vault_addr="${VAULT_ADDR:-http://vault.vault.svc.cluster.local:8200}" vault_addr="${VAULT_ADDR:-http://vault.vault.svc.cluster.local:8200}"
vault_role="${VAULT_ROLE:-finance-secrets}" vault_role="${VAULT_ROLE:-finance-secrets}"
jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"