Skip to content

Instantly share code, notes, and snippets.

@innovia

innovia/setup-vault-reviewer.sh

Created October 21, 2018 19:49
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save innovia/5ae5d2f336a62cf7c5e40b73af360778 to your computer and use it in GitHub Desktop.
Save innovia/5ae5d2f336a62cf7c5e40b73af360778 to your computer and use it in GitHub Desktop.
Download ZIP
setup vault reviewer token
Raw
setup-vault-reviewer.sh
#!/bin/bash
echo "Openning vault in backgournd via kubectl port forwarding."
kubectl port-forward deployment/vault 8200:8200 &
vault_connection_pid=$!
echo "Re-auth kubernetes with vault"
VAULT_SA_TOKEN_NAME=$(kubectl get sa vault-reviewer -o jsonpath="{.secrets[*]['name']}")
SA_JWT_TOKEN=$(kubectl get secret "$VAULT_SA_TOKEN_NAME" -o jsonpath="{.data.token}" | base64 --decode; echo)
SA_CA_CRT=$(kubectl get secret "$VAULT_SA_TOKEN_NAME" -o jsonpath="{.data['ca\.crt']}" | base64 --decode; echo)
vault write auth/kubernetes/config \
token_reviewer_jwt="$SA_JWT_TOKEN" \
kubernetes_host=https://kubernetes.default \
kubernetes_ca_cert="$SA_CA_CRT"
echo "Closing connection to vault."
kill -9 "$vault_connection_pid"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment