bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vault: allow kubernetes auth login

Browse Source
This commit is contained in:
Brad Stein 2026-01-29 02:22:51 -03:00
parent a108590d7a
commit 91e6d5740d
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
services/vault/scripts/vault_k8s_auth_configure.sh
View File

@ -68,12 +68,28 @@ if ! vault_cmd auth list -format=json | grep -q '"kubernetes/"'; then
vault_cmd auth enable kubernetes
fi
ensure_default_policy_login() {
default_policy="$(vault_cmd policy read default)"
if printf '%s' "${default_policy}" | grep -q 'auth/kubernetes/login'; then
return
fi
log "updating default policy to allow kubernetes login"
default_policy="${default_policy}
path \"auth/kubernetes/login\" {
capabilities = [\"create\", \"update\"]
}
"
printf '%s\n' "${default_policy}" | vault_cmd policy write default -
}
log "configuring kubernetes auth"
vault_cmd write auth/kubernetes/config \
token_reviewer_jwt="${token_reviewer_jwt}" \
kubernetes_host="${k8s_host}" \
kubernetes_ca_cert="${k8s_ca}"
ensure_default_policy_login
write_raw_policy() {
name="$1"
body="$2"