Loading helm/vault-job/vault-job.yaml +9 −9 Original line number Original line Diff line number Diff line Loading @@ -16,7 +16,7 @@ data: echo "install dependencies" echo "install dependencies" apk add --no-cache jq openssl apk add --no-cache jq openssl # Establecer las variables de entorno de Vault # Set Vault environment variables export VAULT_ADDR='http://vault-internal:8200' export VAULT_ADDR='http://vault-internal:8200' Loading @@ -37,7 +37,7 @@ data: vault secrets enable pki vault secrets enable pki echo "# Generar una CA en Vault #" echo "# Generate a CA in Vault #" vault secrets tune -max-lease-ttl=87600h pki vault secrets tune -max-lease-ttl=87600h pki vault write -field=certificate pki/root/generate/internal \ vault write -field=certificate pki/root/generate/internal \ Loading @@ -52,7 +52,7 @@ data: issuing_certificates="$VAULT_ADDR/v1/pki/ca" \ issuing_certificates="$VAULT_ADDR/v1/pki/ca" \ crl_distribution_points="$VAULT_ADDR/v1/pki/crl" crl_distribution_points="$VAULT_ADDR/v1/pki/crl" # # Generar una CA intermedia en Vault # # Generate an intermediate CA in Vault vault secrets enable -path=pki_int pki vault secrets enable -path=pki_int pki vault secrets tune -max-lease-ttl=43800h pki_int vault secrets tune -max-lease-ttl=43800h pki_int Loading @@ -65,20 +65,20 @@ data: echo "### content pki_intermediate.csr ###" echo "### content pki_intermediate.csr ###" cat pki_intermediate.csr cat pki_intermediate.csr # Firmar la CA intermedia con la CA raíz # Sign the intermediate CA with the root CA vault write -format=json pki/root/sign-intermediate \ vault write -format=json pki/root/sign-intermediate \ issuer_ref="root-2026" \ issuer_ref="root-2026" \ csr=@pki_intermediate.csr \ csr=@pki_intermediate.csr \ format=pem_bundle ttl="43800h" \ format=pem_bundle ttl="43800h" \ | jq -r '.data.certificate' > capif_intermediate.cert.pem | jq -r '.data.certificate' > capif_intermediate.cert.pem # Configurar la CA intermedia en Vault # Configure the intermediate AC in Vault vault write pki_int/intermediate/set-signed certificate=@capif_intermediate.cert.pem vault write pki_int/intermediate/set-signed certificate=@capif_intermediate.cert.pem #Crear rol en Vault # Create a role in Vault vault write pki_int/roles/my-ca use_csr_common_name=false require_cn=false allowed_domains="*" allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h vault write pki_int/roles/my-ca use_csr_common_name=false require_cn=false allowed_domains="*" allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h # Emitir un certificado firmado por la CA intermedia # Issue a certificate signed by the intermediary CA # vault write -format=json pki_int/issue/my-ca \ # vault write -format=json pki_int/issue/my-ca \ # common_name="nginx.mon.svc.cluster.local" \ # common_name="nginx.mon.svc.cluster.local" \ # format=pem_bundle ttl="438h" \ # format=pem_bundle ttl="438h" \ Loading Loading @@ -109,14 +109,14 @@ data: #POLICY_FILE="my-policy.hcl" #POLICY_FILE="my-policy.hcl" #TOKEN_ID="read-ca-token" #TOKEN_ID="read-ca-token" # Crear la política en Vault # Create the policy in Vault #echo "path \"secret/data/ca\" { #echo "path \"secret/data/ca\" { # capabilities = [\"read\"] # capabilities = [\"read\"] #}" > "$POLICY_FILE" #}" > "$POLICY_FILE" #vault policy write "$POLICY_NAME" "$POLICY_FILE" #vault policy write "$POLICY_NAME" "$POLICY_FILE" # Generar un nuevo token y asignar la política # Generate a new token and assign the policy #TOKEN=$(vault token create -id="$TOKEN_ID" -policy="$POLICY_NAME" -format=json | jq -r '.auth.client_token') #TOKEN=$(vault token create -id="$TOKEN_ID" -policy="$POLICY_NAME" -format=json | jq -r '.auth.client_token') #echo "Token generado:" #echo "Token generado:" Loading Loading
helm/vault-job/vault-job.yaml +9 −9 Original line number Original line Diff line number Diff line Loading @@ -16,7 +16,7 @@ data: echo "install dependencies" echo "install dependencies" apk add --no-cache jq openssl apk add --no-cache jq openssl # Establecer las variables de entorno de Vault # Set Vault environment variables export VAULT_ADDR='http://vault-internal:8200' export VAULT_ADDR='http://vault-internal:8200' Loading @@ -37,7 +37,7 @@ data: vault secrets enable pki vault secrets enable pki echo "# Generar una CA en Vault #" echo "# Generate a CA in Vault #" vault secrets tune -max-lease-ttl=87600h pki vault secrets tune -max-lease-ttl=87600h pki vault write -field=certificate pki/root/generate/internal \ vault write -field=certificate pki/root/generate/internal \ Loading @@ -52,7 +52,7 @@ data: issuing_certificates="$VAULT_ADDR/v1/pki/ca" \ issuing_certificates="$VAULT_ADDR/v1/pki/ca" \ crl_distribution_points="$VAULT_ADDR/v1/pki/crl" crl_distribution_points="$VAULT_ADDR/v1/pki/crl" # # Generar una CA intermedia en Vault # # Generate an intermediate CA in Vault vault secrets enable -path=pki_int pki vault secrets enable -path=pki_int pki vault secrets tune -max-lease-ttl=43800h pki_int vault secrets tune -max-lease-ttl=43800h pki_int Loading @@ -65,20 +65,20 @@ data: echo "### content pki_intermediate.csr ###" echo "### content pki_intermediate.csr ###" cat pki_intermediate.csr cat pki_intermediate.csr # Firmar la CA intermedia con la CA raíz # Sign the intermediate CA with the root CA vault write -format=json pki/root/sign-intermediate \ vault write -format=json pki/root/sign-intermediate \ issuer_ref="root-2026" \ issuer_ref="root-2026" \ csr=@pki_intermediate.csr \ csr=@pki_intermediate.csr \ format=pem_bundle ttl="43800h" \ format=pem_bundle ttl="43800h" \ | jq -r '.data.certificate' > capif_intermediate.cert.pem | jq -r '.data.certificate' > capif_intermediate.cert.pem # Configurar la CA intermedia en Vault # Configure the intermediate AC in Vault vault write pki_int/intermediate/set-signed certificate=@capif_intermediate.cert.pem vault write pki_int/intermediate/set-signed certificate=@capif_intermediate.cert.pem #Crear rol en Vault # Create a role in Vault vault write pki_int/roles/my-ca use_csr_common_name=false require_cn=false allowed_domains="*" allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h vault write pki_int/roles/my-ca use_csr_common_name=false require_cn=false allowed_domains="*" allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h # Emitir un certificado firmado por la CA intermedia # Issue a certificate signed by the intermediary CA # vault write -format=json pki_int/issue/my-ca \ # vault write -format=json pki_int/issue/my-ca \ # common_name="nginx.mon.svc.cluster.local" \ # common_name="nginx.mon.svc.cluster.local" \ # format=pem_bundle ttl="438h" \ # format=pem_bundle ttl="438h" \ Loading Loading @@ -109,14 +109,14 @@ data: #POLICY_FILE="my-policy.hcl" #POLICY_FILE="my-policy.hcl" #TOKEN_ID="read-ca-token" #TOKEN_ID="read-ca-token" # Crear la política en Vault # Create the policy in Vault #echo "path \"secret/data/ca\" { #echo "path \"secret/data/ca\" { # capabilities = [\"read\"] # capabilities = [\"read\"] #}" > "$POLICY_FILE" #}" > "$POLICY_FILE" #vault policy write "$POLICY_NAME" "$POLICY_FILE" #vault policy write "$POLICY_NAME" "$POLICY_FILE" # Generar un nuevo token y asignar la política # Generate a new token and assign the policy #TOKEN=$(vault token create -id="$TOKEN_ID" -policy="$POLICY_NAME" -format=json | jq -r '.auth.client_token') #TOKEN=$(vault token create -id="$TOKEN_ID" -policy="$POLICY_NAME" -format=json | jq -r '.auth.client_token') #echo "Token generado:" #echo "Token generado:" Loading
