-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathinstall-vault.sh
executable file
·45 lines (37 loc) · 1.44 KB
/
install-vault.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/bin/bash
set -eux -o pipefail
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
START_DIR=$(pwd)
MIN_REQUIRED_HELM_VERSION=3.6
# Do work in a temporary directory
TEMP_DIR=$(mktemp -d)
cd ${TEMP_DIR}
# Check for Helm
echo "Checking for Helm CLI version ${MIN_REQUIRED_HELM_VERSION} or greater"
set +e
HELM_VERSION_TEXT=$(helm version)
HELM_VERSION_RETURN_CODE=$?
set -e
if [ ${HELM_VERSION_RETURN_CODE} != 0 ]; then
echo "SCRIPT FAILED! - You must have helm cli version ${MIN_REQUIRED_HELM_VERSION} or greater installed to run this script"
exit 1
fi
# Maybe someday check actual Helm version number
# Add the Helm repo for Vault
helm repo add hashicorp https://helm.releases.hashicorp.com
helm repo update
# Install Vault
helm install vault hashicorp/vault \
--create-namespace \
--wait \
-f ${SCRIPT_DIR}/vault-values.yaml
# Configure Kubernetes authentication
oc exec -it vault-0 -- vault auth enable kubernetes
# Evaluate KUBERNETES_PORT_443_TCP_ADDR within the Pod
JWT=$(oc exec -it vault-0 -- cat /var/run/secrets/kubernetes.io/serviceaccount/token)
oc exec -it vault-0 -- vault write auth/kubernetes/config \
token_reviewer_jwt=${JWT} \
kubernetes_host="https://openshift.default.svc.cluster.local:443" \
kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
# Clean up the temporary directory
cd ${START_DIR}