ghp/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
helm-charts/autovault/templates/configmap.yaml
ace ae6f9bb30b
add autovault helm chart
2025-04-10 00:21:01 +03:00

69 lines
2.3 KiB
YAML
Raw Blame History

---
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ include "autovault.fullname" . }}-scripts
labels:
{{- include "autovault.labels" . | nindent 4 }}
data:
autovault.sh: |
#!/bin/bash
HOME=/vault/data
while [[ "$(curl -L -s -o /dev/null -w ''%{http_code}'' {{ .Values.vaultUrl }})" != "200" ]]; do sleep 5; done
export VAULT_ADDR={{ .Values.vaultUrl }}
INITIALIZED=$(vault status -format=json | jq -r '.initialized')
SEALED=$(vault status -format=json | jq -r '.sealed')
if [[ "$INITIALIZED" == "false" ]] ; then
vault operator init -key-threshold=1 -key-shares=1 -format=json > /vault/data/keys.json
fi
if [[ "$SEALED" == "true" ]] ; then
KEY=$(cat /vault/data/keys.json | jq -r '.unseal_keys_b64[0]')
vault operator unseal $KEY
fi
export VAULT_TOKEN=$(cat /vault/data/keys.json | jq -r '.root_token')
KV_ENABLED=$(vault secrets list | grep -i kv)
if [[ -z "$KV_ENABLED" ]] ; then
vault secrets enable -version=2 kv
fi
USERPASS_ENABLED=$(vault auth list | grep -i userpass)
if [[ -z "$USERPASS_ENABLED" ]] ; then
vault auth enable userpass
fi
APPROLE_ENABLED=$(vault auth list | grep -i approle)
if [[ -z "$APPROLE_ENABLED" ]] ; then
vault auth enable approle
fi
echo
echo "----------------------------------------------------------------"
echo
echo "Vault root token: ${VAULT_TOKEN}"
echo
echo "----------------------------------------------------------------"
echo
for APPROLE in {{ join " " .Values.autovaultGenSecretsApps }}; do
APPROLE_CREATED=$(vault read auth/approle/role/"$APPROLE"/role-id)
if [[ -z "$APPROLE_CREATED" ]] ; then
vault write -f auth/approle/role/"$APPROLE"
fi
kubectl get secret vault-secret-"$APPROLE" || \
{ APPROLE_ROLE_ID=$(vault read auth/approle/role/"$APPROLE"/role-id | grep "role_id\s" | awk '{print $2}') ; \
APPROLE_SECRET_ID=$(vault write -f auth/approle/role/"$APPROLE"/secret-id | grep "secret_id\s" | awk '{print $2}') ; \
kubectl create secret generic vault-secret-"$APPROLE" --from-literal=rootToken="$VAULT_TOKEN" --from-literal=roleId="$APPROLE_ROLE_ID" --from-literal=secretId="$APPROLE_SECRET_ID" ;
echo "$APPROLE role-id = $APPROLE_ROLE_ID" ; }
done
vault auth list
Reference in New Issue View Git Blame Copy Permalink