21 lines
655 B
Bash
Executable file
21 lines
655 B
Bash
Executable file
#!/bin/bash
|
|
VAULT_AUTH_NAMESPACE="k8s-teapot"
|
|
cat << EOH > longhorn.hcl
|
|
path "kv/data/longhorn" {
|
|
capabilities = ["read"]
|
|
}
|
|
EOH
|
|
vault policy write longhorn longhorn.hcl
|
|
rm longhorn.hcl
|
|
HOST_IP=$(ip addr show eth0 | grep -Po 'inet \K[\d.]+')
|
|
TOKEN="$(kubectl get secret serviceaccounttoken -n longhorn-system -o go-template='{{ .data.token }}' | base64 -d)"
|
|
|
|
vault write auth/${VAULT_AUTH_NAMESPACE}/role/longhorn \
|
|
bound_service_account_names=longhorn \
|
|
bound_service_account_namespaces=longhorn-system \
|
|
policies=longhorn \
|
|
ttl=24h
|
|
|
|
vault write auth/${VAULT_AUTH_NAMESPACE}/login role=longhorn jwt=${TOKEN} iss=https://${HOST_IP}:6443
|
|
|