DevFW-CICD/stacks-instances
16
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial upload

Browse source
This commit is contained in:
Bot 2025-04-28 09:44:33 +02:00
parent 4b3aa31790
commit f1a5b4f599
5 changed files with 42 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
rire/factory.c-one-infra.de/stacks/core/argocd.yaml
View file

@ -28,3 +28,6 @@ spec:
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "rire/factory.c-one-infra.de/stacks/core/argocd/manifests"

3
rire/factory.c-one-infra.de/stacks/ref-implementation/openbao.yaml
View file

@ -27,6 +27,9 @@ spec:
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "rire/factory.c-one-infra.de/stacks/ref-implementation/openbao/manifests"
ignoreDifferences:
- group: admissionregistration.k8s.io
kind: MutatingWebhookConfiguration

9
rire/factory.c-one-infra.de/stacks/ref-implementation/openbao/manifests/role.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: vault-token-role
namespace: openbao
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["secrets"]
verbs: ["create"]

13
rire/factory.c-one-infra.de/stacks/ref-implementation/openbao/manifests/rolebinding.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: vault-token-rolebinding
namespace: openbao
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: vault-token-role
subjects:
- kind: ServiceAccount
name: openbao
namespace: openbao

14
rire/factory.c-one-infra.de/stacks/ref-implementation/openbao/values.yaml
View file

@ -3,6 +3,8 @@ server:
- sh
- -c
- |
set -e
sleep 10
bao operator init >> /tmp/init.txt
cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {}
@ -13,5 +15,17 @@ server:
echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
rm /tmp/init.txt
if [[ "$(uname -m)" == "x86_64" ]]; then
wget "https://dl.k8s.io/release/$(wget https://dl.k8s.io/release/stable.txt -q -O -)/bin/linux/amd64/kubectl" -O /tmp/kubectl_eso
else
wget "https://dl.k8s.io/release/$(wget https://dl.k8s.io/release/stable.txt -q -O -)/bin/linux/arm64/kubectl" -O /tmp/kubectl_eso
fi
chmod +x /tmp/kubectl_eso
kubectl create secret generic vault-token --from-literal=token="$(cat /openbao/data/initial_token.txt)" -n openbao
rm /tmp/kubectl_eso
ui:
enabled: true