6811280b92
image: nginx:latest
ports:
- containerPort: 8080
volumeMounts:
- name: idecar-script
mountPath: /etc/nginx
subPath: nginx.conf
subPathExpr: 'nginx.conf'
- name: idecar-script
mountPath: /tmp/sidecar.sh
subPath: sidecar.sh
mode: 0755
- name: passwd-volume
mountPath: /etc/passwd
subPath: passwd
95 lines
3 KiB
YAML
95 lines
3 KiB
YAML
server:
|
|
shareProcessNamespace: true
|
|
extraContainers:
|
|
- name: logrotate
|
|
image: skymatic/logrotate:latest # MIT License
|
|
securityContext:
|
|
runAsUser: 100
|
|
env:
|
|
- name: CRON_SCHEDULE
|
|
value: "* * * * *"
|
|
- name: TINI_SUBREAPER
|
|
value:
|
|
volumeMounts:
|
|
- name: host-log-storage
|
|
mountPath: /openbao/logs
|
|
- name: logrotate-config-volume
|
|
mountPath: /etc/logrotate.conf
|
|
subPath: logrotate.conf
|
|
readOnly: true
|
|
- name: status
|
|
mountPath: /var/lib
|
|
- name: passwd-volume
|
|
mountPath: /etc/passwd
|
|
subPath: passwd
|
|
- name: logrotate2
|
|
image: alpine:latest
|
|
command: ["/bin/sh", "-c", "/tmp/sidecar.sh"]
|
|
securityContext:
|
|
runAsUser: 100
|
|
ports:
|
|
- containerPort: 8081
|
|
volumeMounts:
|
|
- name: passwd-volume
|
|
mountPath: /etc/passwd
|
|
subPath: passwd
|
|
- name: sidecar-script
|
|
mountPath: /tmp
|
|
- name: sidecar-nginx
|
|
image: nginx:latest
|
|
ports:
|
|
- containerPort: 8080
|
|
volumeMounts:
|
|
- name: idecar-script
|
|
mountPath: /etc/nginx
|
|
subPath: nginx.conf
|
|
subPathExpr: 'nginx.conf'
|
|
- name: idecar-script
|
|
mountPath: /tmp/sidecar.sh
|
|
subPath: sidecar.sh
|
|
mode: 0755
|
|
- name: passwd-volume
|
|
mountPath: /etc/passwd
|
|
subPath: passwd
|
|
volumes:
|
|
- name: logrotate-config-volume
|
|
configMap:
|
|
name: logrotate-config
|
|
- name: passwd-volume
|
|
configMap:
|
|
name: passwd-user-configmap
|
|
- name: status
|
|
emptyDir: {}
|
|
- name: host-log-storage
|
|
hostPath:
|
|
path: /var/log
|
|
type: Directory
|
|
- name: sidecar-script
|
|
configMap:
|
|
name: signal-sidecar-script
|
|
defaultMode: 0755
|
|
|
|
volumeMounts:
|
|
- mountPath: /openbao/logs
|
|
name: host-log-storage
|
|
readOnly: false
|
|
|
|
postStart:
|
|
- sh
|
|
- -c
|
|
- |
|
|
sleep 10
|
|
rm -rf /openbao/data/*
|
|
bao operator init >> /tmp/init.txt
|
|
cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {}
|
|
echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt
|
|
echo $(grep "Unseal Key 1:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key1.txt
|
|
echo $(grep "Unseal Key 2:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key2.txt
|
|
echo $(grep "Unseal Key 3:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key3.txt
|
|
echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
|
|
echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
|
|
bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')
|
|
rm /tmp/init.txt
|
|
bao audit enable -path="file" file file_path=/openbao/logs/openbao/openbao.log
|
|
ui:
|
|
enabled: true
|