From 789e8f02a198f48ac84626bc48f32a5a66a682b2 Mon Sep 17 00:00:00 2001 From: Amarpreet Minhas Date: Sat, 31 Dec 2022 03:00:11 +0000 Subject: [PATCH] reorder install to get vault setup properly --- helm/setup/003-cert-manager/install.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/helm/setup/003-cert-manager/install.sh b/helm/setup/003-cert-manager/install.sh index f7285a5..b36094d 100755 --- a/helm/setup/003-cert-manager/install.sh +++ b/helm/setup/003-cert-manager/install.sh @@ -7,6 +7,17 @@ VAULT_AUTH_NAMESPACE="k8s-teapot" kubectl create ns ${NAMESPACE} kubectl apply -n ${NAMESPACE} -f external-secrets.yaml +HOST_IP=$(ip addr show eth0 | grep -Po 'inet \K[\d.]+') +TOKEN="$(kubectl get secret serviceaccounttoken -n cert-manager -o go-template='{{ .data.token }}' | base64 -d)" + +vault write auth/${VAULT_AUTH_NAMESPACE}/role/cert-manager \ + bound_service_account_names=cert-manager \ + bound_service_account_namespaces=cert-manager \ + policies=cert-manager \ + ttl=24h + +vault write auth/${VAULT_AUTH_NAMESPACE}/login role=cert-manager jwt=${TOKEN} iss=https://${HOST_IP}:6443 + helm repo add jetstack https://charts.jetstack.io helm repo update helm upgrade --install \ @@ -25,23 +36,12 @@ kind: Secret type: kubernetes.io/service-account-token metadata: name: serviceaccounttoken - namespace: cert-manager + namespace: cert-manager annotations: kubernetes.io/service-account.name: "cert-manager" ... EOH -HOST_IP=$(ip addr show eth0 | grep -Po 'inet \K[\d.]+') -TOKEN="$(kubectl get secret serviceaccounttoken -n cert-manager -o go-template='{{ .data.token }}' | base64 -d)" - -vault write auth/${VAULT_AUTH_NAMESPACE}/role/cert-manager \ - bound_service_account_names=cert-manager \ - bound_service_account_namespaces=cert-manager \ - policies=cert-manager \ - ttl=24h - -vault write auth/${VAULT_AUTH_NAMESPACE}/login role=cert-manager jwt=${TOKEN} iss=https://${HOST_IP}:6443 - helm upgrade -install \ cert-manager-csi-driver \ jetstack/cert-manager-csi-driver \