reorder install to get vault setup properly

2022-12-31 03:00:11 +00:00 · 2022-12-31 03:00:11 +00:00 · 789e8f02a1
commit 789e8f02a1
parent fe4c4e8f4b
1 changed files with 12 additions and 12 deletions
--- a/helm/setup/003-cert-manager/install.sh
+++ b/helm/setup/003-cert-manager/install.sh
@ -7,6 +7,17 @@ VAULT_AUTH_NAMESPACE="k8s-teapot"
 kubectl create ns ${NAMESPACE}
 kubectl apply -n ${NAMESPACE} -f external-secrets.yaml
 HOST_IP=$(ip addr show eth0 | grep -Po 'inet \K[\d.]+')
 TOKEN="$(kubectl get secret serviceaccounttoken -n cert-manager -o go-template='{{ .data.token }}' | base64 -d)"
 vault write auth/${VAULT_AUTH_NAMESPACE}/role/cert-manager \
    bound_service_account_names=cert-manager \
    bound_service_account_namespaces=cert-manager \
    policies=cert-manager \
    ttl=24h
 vault write auth/${VAULT_AUTH_NAMESPACE}/login role=cert-manager jwt=${TOKEN} iss=https://${HOST_IP}:6443
 helm repo add jetstack https://charts.jetstack.io
 helm repo update
 helm upgrade --install \
@ -31,17 +42,6 @@ metadata:
 ...
 EOH
 HOST_IP=$(ip addr show eth0 | grep -Po 'inet \K[\d.]+')
 TOKEN="$(kubectl get secret serviceaccounttoken -n cert-manager -o go-template='{{ .data.token }}' | base64 -d)"
 vault write auth/${VAULT_AUTH_NAMESPACE}/role/cert-manager \
    bound_service_account_names=cert-manager \
    bound_service_account_namespaces=cert-manager \
    policies=cert-manager \
    ttl=24h
 vault write auth/${VAULT_AUTH_NAMESPACE}/login role=cert-manager jwt=${TOKEN} iss=https://${HOST_IP}:6443
 helm upgrade -install \
        cert-manager-csi-driver \
        jetstack/cert-manager-csi-driver \