Initial upload

stl/factory.c-one-infra.de/stacks/ref-implementation/openbao/manifests/role.yaml

@@ -1,9 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: vault-token-role
-  namespace: openbao
-rules:
-  - apiGroups: [""] # "" indicates the core API group
-    resources: ["secrets"]
-    verbs: ["create"]

stl/factory.c-one-infra.de/stacks/ref-implementation/openbao/manifests/rolebinding.yaml

@@ -1,13 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: vault-token-rolebinding
-  namespace: openbao
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: vault-token-role
-subjects:
-  - kind: ServiceAccount
-    name: openbao
-    namespace: openbao

stl/factory.c-one-infra.de/stacks/ref-implementation/openbao/values.yaml

@@ -3,8 +3,6 @@ server:
     - sh
     - -c
     - |
-      echo --- unseal workaround
-
       sleep 10
       bao operator init >> /tmp/init.txt
       cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {}
@@ -15,20 +13,5 @@ server:
       echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
       echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
       rm /tmp/init.txt
-      
-
-      echo --- provide OpenBAO secret to ESO
-
-      if [[ "$(uname -m)" == "x86_64" ]]; then
-        wget "https://dl.k8s.io/release/$(wget https://dl.k8s.io/release/stable.txt -q -O -)/bin/linux/amd64/kubectl" -O /tmp/kubectl_eso
-      else
-        wget "https://dl.k8s.io/release/$(wget https://dl.k8s.io/release/stable.txt -q -O -)/bin/linux/arm64/kubectl" -O /tmp/kubectl_eso
-      fi
-      chmod +x /tmp/kubectl_eso
-
-      /tmp/kubectl_eso create secret generic vault-token --from-literal=token="$(cat /openbao/data/initial_token.txt)" -n openbao
-
-      rm /tmp/kubectl_eso
-
 ui:
   enabled: true