27 lines
571 B
Bash
27 lines
571 B
Bash
kubectl create serviceaccount issuer
|
|
|
|
kubectl get secrets
|
|
|
|
ISSUER_SECRET_REF=$(kubectl get serviceaccount issuer -o json | jq -r ".secrets[].name")
|
|
|
|
cat > vault-issuer.yaml <<EOF
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Issuer
|
|
metadata:
|
|
name: vault-issuer
|
|
namespace: default
|
|
spec:
|
|
vault:
|
|
server: http://vault.default
|
|
path: pki/sign/dev-dot-localhost
|
|
auth:
|
|
kubernetes:
|
|
mountPath: /v1/auth/kubernetes
|
|
role: issuer
|
|
secretRef:
|
|
name: $ISSUER_SECRET_REF
|
|
key: token
|
|
EOF
|
|
|
|
kubectl apply --filename vault-issuer.yaml
|