38 lines
1.3 KiB
YAML
38 lines
1.3 KiB
YAML
# services/crypto/wallet-monero-temp/secrets-ensure-job.yaml
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: wallet-monero-temp-secrets-ensure
|
|
namespace: crypto
|
|
spec:
|
|
backoffLimit: 1
|
|
template:
|
|
spec:
|
|
serviceAccountName: crypto-secrets-ensure
|
|
restartPolicy: OnFailure
|
|
containers:
|
|
- name: vault-write
|
|
image: hashicorp/vault:1.17.6
|
|
imagePullPolicy: IfNotPresent
|
|
command: ["/bin/sh", "-c"]
|
|
args:
|
|
- |
|
|
set -euo pipefail
|
|
export VAULT_ADDR=http://vault.vault.svc.cluster.local:8200
|
|
VAULT_TOKEN="$(vault write -field=token auth/kubernetes/login role=crypto-secrets jwt=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token))"
|
|
export VAULT_TOKEN
|
|
vault kv put kv/atlas/crypto/wallet-monero-temp-rpc-auth \
|
|
username="${RPC_USER}" \
|
|
password="${RPC_PASS}"
|
|
env:
|
|
- name: RPC_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: wallet-monero-temp-rpc-auth
|
|
key: username
|
|
- name: RPC_PASS
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: wallet-monero-temp-rpc-auth
|
|
key: password
|