stacks-instances/otc/observability.think-ahead.cloud/stacks/ref-implementation/openbao/values.yaml

server:
  postStart:
    - sh
    - -c
    - |
      echo --- unseal workaround

      sleep 10
      bao operator init >> /tmp/init.txt
      cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {}
      echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt
      echo $(grep "Unseal Key 1:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key1.txt
      echo $(grep "Unseal Key 2:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key2.txt
      echo $(grep "Unseal Key 3:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key3.txt
      echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
      echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
      rm /tmp/init.txt
      

      echo --- provide OpenBAO secret to ESO

      if [[ "$(uname -m)" == "x86_64" ]]; then
        wget "https://dl.k8s.io/release/$(wget https://dl.k8s.io/release/stable.txt -q -O -)/bin/linux/amd64/kubectl" -O /tmp/kubectl_eso
      else
        wget "https://dl.k8s.io/release/$(wget https://dl.k8s.io/release/stable.txt -q -O -)/bin/linux/arm64/kubectl" -O /tmp/kubectl_eso
      fi
      chmod +x /tmp/kubectl_eso

      /tmp/kubectl_eso create secret generic vault-token --from-literal=token="$(cat /openbao/data/initial_token.txt)" -n openbao

      rm /tmp/kubectl_eso

ui:
  enabled: true
Initial upload 2025-06-02 08:43:35 +00:00			`server:`
			`postStart:`
			`- sh`
			`- -c`
			`- \|`
			`echo --- unseal workaround`

			`sleep 10`
			`bao operator init >> /tmp/init.txt`
			`cat /tmp/init.txt \| grep "Key " \| awk '{print $NF}' \| xargs -I{} bao operator unseal {}`
			`echo $(grep "Initial Root Token:" /tmp/init.txt \| awk '{print $NF}')\| cat > /openbao/data/initial_token.txt`
			`echo $(grep "Unseal Key 1:" /tmp/init.txt \| awk '{print $NF}')\| cat > /openbao/data/unseal_key1.txt`
			`echo $(grep "Unseal Key 2:" /tmp/init.txt \| awk '{print $NF}')\| cat > /openbao/data/unseal_key2.txt`
			`echo $(grep "Unseal Key 3:" /tmp/init.txt \| awk '{print $NF}')\| cat > /openbao/data/unseal_key3.txt`
			`echo $(grep "Unseal Key 4:" /tmp/init.txt \| awk '{print $NF}')\| cat > /openbao/data/unseal_key4.txt`
			`echo $(grep "Unseal Key 5:" /tmp/init.txt \| awk '{print $NF}')\| cat > /openbao/data/unseal_key5.txt`
			`rm /tmp/init.txt`


			`echo --- provide OpenBAO secret to ESO`

			`if [[ "$(uname -m)" == "x86_64" ]]; then`
			`wget "https://dl.k8s.io/release/$(wget https://dl.k8s.io/release/stable.txt -q -O -)/bin/linux/amd64/kubectl" -O /tmp/kubectl_eso`
			`else`
			`wget "https://dl.k8s.io/release/$(wget https://dl.k8s.io/release/stable.txt -q -O -)/bin/linux/arm64/kubectl" -O /tmp/kubectl_eso`
			`fi`
			`chmod +x /tmp/kubectl_eso`

			`/tmp/kubectl_eso create secret generic vault-token --from-literal=token="$(cat /openbao/data/initial_token.txt)" -n openbao`

			`rm /tmp/kubectl_eso`

			`ui:`
			`enabled: true`