unsealed-job.yaml

{{- $podValues := .Values.unsealedJob.pod -}}
{{- $jobValues := .Values.unsealedJob.job -}}
{{- $containerValues := .Values.unsealedJob.container -}}
apiVersion: batch/v1
kind: Job
metadata:
  name: vault-unsealed-{{ $jobValues.version }}
spec:
  template:
    spec:
      automountServiceAccountToken: true
      volumes:
      - name: unsealed-keys
        secret:
          secretName: vault-unsealed-keys
      - name: env-shared
        emptyDir: {}
      containers:
      - name: setup
        image: curlimages/curl:8.00.1
        command: ["/bin/sh", "-c"]
        args:
        - |
          nslookup {{ template "vault.fullname" . }}-internal.{{ .Release.Namespace }}.svc.cluster.local | grep "Address" | awk '{print $2}' | sed 1d | while read VAULT_ADDRESS
          do
            echo "--> unsealing vault $VAULT_ADDRESS"
            while IFS="" read -r KEY || [ -n "$KEY" ]
            do
              curl -sS --request POST --data "{\"key\" : \"$KEY\"}" http://$VAULT_ADDRESS:8200/v1/sys/unseal
            done < /usr/share/unsealed-keys/keys
            echo ""
          done
        volumeMounts:
        - name: unsealed-keys
          mountPath: /usr/share/unsealed-keys
      restartPolicy: Never