k8s/scripts/longhorn.sh

20 lines
655 B
Bash
Executable file

#!/bin/bash
VAULT_AUTH_NAMESPACE="k8s-teapot"
cat << EOH > longhorn.hcl
path "kv/data/longhorn" {
capabilities = ["read"]
}
EOH
vault policy write longhorn longhorn.hcl
rm longhorn.hcl
HOST_IP=$(ip addr show eth0 | grep -Po 'inet \K[\d.]+')
TOKEN="$(kubectl get secret serviceaccounttoken -n longhorn-system -o go-template='{{ .data.token }}' | base64 -d)"
vault write auth/${VAULT_AUTH_NAMESPACE}/role/longhorn \
bound_service_account_names=longhorn \
bound_service_account_namespaces=longhorn-system \
policies=longhorn \
ttl=24h
vault write auth/${VAULT_AUTH_NAMESPACE}/login role=longhorn jwt=${TOKEN} iss=https://${HOST_IP}:6443