vault: allow kubernetes auth login
This commit is contained in:
parent
a108590d7a
commit
91e6d5740d
@ -68,12 +68,28 @@ if ! vault_cmd auth list -format=json | grep -q '"kubernetes/"'; then
|
|||||||
vault_cmd auth enable kubernetes
|
vault_cmd auth enable kubernetes
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
ensure_default_policy_login() {
|
||||||
|
default_policy="$(vault_cmd policy read default)"
|
||||||
|
if printf '%s' "${default_policy}" | grep -q 'auth/kubernetes/login'; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
log "updating default policy to allow kubernetes login"
|
||||||
|
default_policy="${default_policy}
|
||||||
|
path \"auth/kubernetes/login\" {
|
||||||
|
capabilities = [\"create\", \"update\"]
|
||||||
|
}
|
||||||
|
"
|
||||||
|
printf '%s\n' "${default_policy}" | vault_cmd policy write default -
|
||||||
|
}
|
||||||
|
|
||||||
log "configuring kubernetes auth"
|
log "configuring kubernetes auth"
|
||||||
vault_cmd write auth/kubernetes/config \
|
vault_cmd write auth/kubernetes/config \
|
||||||
token_reviewer_jwt="${token_reviewer_jwt}" \
|
token_reviewer_jwt="${token_reviewer_jwt}" \
|
||||||
kubernetes_host="${k8s_host}" \
|
kubernetes_host="${k8s_host}" \
|
||||||
kubernetes_ca_cert="${k8s_ca}"
|
kubernetes_ca_cert="${k8s_ca}"
|
||||||
|
|
||||||
|
ensure_default_policy_login
|
||||||
|
|
||||||
write_raw_policy() {
|
write_raw_policy() {
|
||||||
name="$1"
|
name="$1"
|
||||||
body="$2"
|
body="$2"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user