80 lines
2.6 KiB
YAML
80 lines
2.6 KiB
YAML
server:
|
|
shareProcessNamespace: true
|
|
extraContainers:
|
|
- name: logrotate
|
|
image: skymatic/logrotate:latest # MIT License
|
|
securityContext:
|
|
runAsUser: 100
|
|
env:
|
|
- name: CRON_SCHEDULE
|
|
value: "* * * * *"
|
|
- name: TINI_SUBREAPER
|
|
value:
|
|
volumeMounts:
|
|
- name: host-log-storage
|
|
mountPath: /openbao/logs
|
|
- name: logrotate-config-volume
|
|
mountPath: /etc/logrotate.conf
|
|
subPath: logrotate.conf
|
|
readOnly: true
|
|
- name: status
|
|
mountPath: /var/lib
|
|
- name: passwd-volume
|
|
mountPath: /etc/passwd
|
|
subPath: passwd
|
|
- name: logrotate2
|
|
image: alpine:latest
|
|
command: ["/bin/sh", "-c", "sleep infinity"]
|
|
securityContext:
|
|
runAsUser: 100
|
|
ports:
|
|
- containerPort: 8080
|
|
volumeMounts:
|
|
- name: passwd-volume
|
|
mountPath: /etc/passwd
|
|
subPath: passwd
|
|
- name: sidecar-script
|
|
mountPath: /tmp
|
|
volumes:
|
|
- name: logrotate-config-volume
|
|
configMap:
|
|
name: logrotate-config
|
|
- name: passwd-volume
|
|
configMap:
|
|
name: passwd-user-configmap
|
|
- name: status
|
|
emptyDir: {}
|
|
- name: host-log-storage
|
|
hostPath:
|
|
path: /var/log
|
|
type: Directory
|
|
- name: sidecar-script
|
|
configMap:
|
|
name: signal-sidecar-script
|
|
defaultMode: 0755
|
|
|
|
volumeMounts:
|
|
- mountPath: /openbao/logs
|
|
name: host-log-storage
|
|
readOnly: false
|
|
|
|
postStart:
|
|
- sh
|
|
- -c
|
|
- |
|
|
sleep 10
|
|
rm -rf /openbao/data/*
|
|
bao operator init >> /tmp/init.txt
|
|
cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {}
|
|
echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt
|
|
echo $(grep "Unseal Key 1:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key1.txt
|
|
echo $(grep "Unseal Key 2:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key2.txt
|
|
echo $(grep "Unseal Key 3:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key3.txt
|
|
echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
|
|
echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
|
|
bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')
|
|
rm /tmp/init.txt
|
|
# bao audit enable file file_path=stdout
|
|
bao audit enable -path="file" file file_path=/openbao/logs/openbao/openbao.log
|
|
ui:
|
|
enabled: true
|