16 lines
576 B
Bash
16 lines
576 B
Bash
#kubectl exec --stdin=true --tty=true vault-0 -- /bin/sh
|
|
vault auth enable kubernetes
|
|
|
|
vault write auth/kubernetes/config \
|
|
kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443" \
|
|
token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
|
|
kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
|
|
issuer="https://kubernetes.default.svc.cluster.local"
|
|
|
|
vault write auth/kubernetes/role/issuer \
|
|
bound_service_account_names=issuer \
|
|
bound_service_account_namespaces=default \
|
|
policies=pki \
|
|
ttl=20m
|
|
|