Initial upload

This commit is contained in:
Stephan Lo 2025-05-21 15:56:16 +02:00
parent 0c3f9a7072
commit 4b92302600
51 changed files with 348 additions and 220 deletions

View file

@ -1,9 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: vault-token-role
namespace: openbao
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["secrets"]
verbs: ["create"]

View file

@ -1,13 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: vault-token-rolebinding
namespace: openbao
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: vault-token-role
subjects:
- kind: ServiceAccount
name: openbao
namespace: openbao

View file

@ -3,8 +3,6 @@ server:
- sh
- -c
- |
echo --- unseal workaround
sleep 10
bao operator init >> /tmp/init.txt
cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {}
@ -15,20 +13,5 @@ server:
echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
rm /tmp/init.txt
echo --- provide OpenBAO secret to ESO
if [[ "$(uname -m)" == "x86_64" ]]; then
wget "https://dl.k8s.io/release/$(wget https://dl.k8s.io/release/stable.txt -q -O -)/bin/linux/amd64/kubectl" -O /tmp/kubectl_eso
else
wget "https://dl.k8s.io/release/$(wget https://dl.k8s.io/release/stable.txt -q -O -)/bin/linux/arm64/kubectl" -O /tmp/kubectl_eso
fi
chmod +x /tmp/kubectl_eso
/tmp/kubectl_eso create secret generic vault-token --from-literal=token="$(cat /openbao/data/initial_token.txt)" -n openbao
rm /tmp/kubectl_eso
ui:
enabled: true