-
Notifications
You must be signed in to change notification settings - Fork 0
/
setup-external-secret-operator.sh
executable file
·62 lines (56 loc) · 1.49 KB
/
setup-external-secret-operator.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/usr/bin/env bash
set -e
log(){
echo "---------------------------------------------------------------------------------------"
echo $1
echo "---------------------------------------------------------------------------------------"
}
log "External Secret Operator ..."
helm upgrade --install --wait --timeout 35m --atomic --namespace external-secrets --create-namespace \
--repo https://charts.external-secrets.io external-secrets external-secrets --set installCRDs=true
# Create Vault backend using vault-auth service account
cat << EOF | kubectl apply -f -
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: vault-backend
spec:
provider:
vault:
server: "http://vault.vault.svc:8200"
path: "secret"
version: "v2"
auth:
kubernetes:
mountPath: "kubernetes"
role: "eso"
serviceAccountRef:
name: "vault-auth"
namespace: "vault"
EOF
# Create ns for app
kubectl create namespace app || true
# Sync secret from Vault to kubernetes cluster
cat << EOF | kubectl apply -f -
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: app
namespace: app
spec:
refreshInterval: "15s"
secretStoreRef:
name: vault-backend
kind: ClusterSecretStore
target:
name: vault-secrets
data:
- secretKey: user
remoteRef:
key: config
property: username
- secretKey: password
remoteRef:
key: config
property: password
EOF