update

2025-03-03 05:15:06 -06:00 · 2025-03-03 05:14:30 -06:00 · 2025-03-03 05:10:30 -06:00
3 changed files with 34 additions and 16 deletions
--- a/4
+++ b/4
@@ -0,0 +1,4 @@
+VAULT_HELM_SECRET_NAME=$(kubectl get secrets -n vault --output=json | jq -r '.items[].metadata | select(.name|startswith("vault-token-")).name')
+TOKEN_REVIEW_JWT=$(kubectl get secret $VAULT_HELM_SECRET_NAME -n vault --output='go-template={{ .data.token }}' | base64 --decode)
+KUBE_CA_CERT=$(kubectl config view --raw --minify --flatten --output='jsonpath={.clusters[].cluster.certificate-authority-data}' | base64 --decode)
+KUBE_HOST=$(kubectl config view --raw --minify --flatten --output='jsonpath={.clusters[].cluster.server}')
--- a/dmz/cert-manager/templates/letsencrypt.yaml
+++ b/dmz/cert-manager/templates/letsencrypt.yaml
--- a/dmz/vault/templates/secrets.yaml
+++ b/dmz/vault/templates/secrets.yaml
@@ -5,3 +5,17 @@ metadata:
  annotations:
    kubernetes.io/service-account.name: vault-dmz
 type: kubernetes.io/service-account-token
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+   name: role-tokenreview-binding
+   namespace: vault
+roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: vault-auth
+  namespace: vault
Author	SHA1	Message	Date
DeveloperDurp	b6b17c5ced	update	2025-03-03 05:15:06 -06:00
DeveloperDurp	733b933a00	update	2025-03-03 05:14:30 -06:00
DeveloperDurp	933cc9dadd	update	2025-03-03 05:10:30 -06:00