🎉 initial commit

2022-04-06 15:33:57 +02:00
commit 968716ec76
29 changed files with 846 additions and 0 deletions
--- a/enabled-kube-authent.sh
+++ b/enabled-kube-authent.sh
@@ -0,0 +1,15 @@
+#kubectl exec --stdin=true --tty=true vault-0 -- /bin/sh
+vault auth enable kubernetes
+
+vault write auth/kubernetes/config \
+    kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443" \
+    token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
+    kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
+    issuer="https://kubernetes.default.svc.cluster.local"
+
+vault write auth/kubernetes/role/issuer \
+    bound_service_account_names=issuer \
+    bound_service_account_namespaces=default \
+    policies=pki \
+    ttl=20m
+