Add barebones for lemmy

This commit is contained in:
Amarpreet Minhas 2023-07-13 22:59:48 +00:00
parent 9a97e03b57
commit a651a6fd4a
2 changed files with 26 additions and 5 deletions

View file

@ -60,8 +60,8 @@ helmApps:
repoURL: https://k8s-at-home.com/charts/ repoURL: https://k8s-at-home.com/charts/
chart: wallabag chart: wallabag
revision: 7.1.2 revision: 7.1.2
- app: lemmy # - app: lemmy
namespace: lemmy # namespace: lemmy
repoURL: https://ananace.gitlab.io/charts # repoURL: https://ananace.gitlab.io/charts
chart: lemmy # chart: lemmy
revision: 0.4.1 # revision: 0.4.1

21
scripts/lemmy-vault.sh Executable file
View file

@ -0,0 +1,21 @@
#!/bin/bash
VAULT_AUTH_NAMESPACE=k8s-teapot
cat << EOH > lemmy.hcl
path "kv/data/lemmy" {
capabilities = ["read"]
}
EOH
vault policy write lemmy lemmy.hcl
rm lemmy.hcl
HOST_IP=$(ip addr show eth0 | grep -Po 'inet \K[\d.]+')
TOKEN="$(kubectl get secret serviceaccounttoken -n lemmy -o go-template='{{ .data.token }}' | base64 -d)"
vault write auth/${VAULT_AUTH_NAMESPACE}/role/lemmy \
bound_service_account_names=lemmy \
bound_service_account_namespaces=lemmy \
policies=lemmy \
ttl=24h
vault write auth/${VAULT_AUTH_NAMESPACE}/login role=lemmy jwt=${TOKEN} iss=https://${HOST_IP}:6443