Skip to content
GitLab
Projects
Groups
Topics
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
OCF
capif
Compare revisions
fb23c3a7b90d38a3c4c15f4dae29fe0c261e3334...6e42ffe34180aafc45be2337e0b1b8172867e492
Commits (2)
vault job yaml file
· cd49bd18
Andres Anaya Amariels
authored
May 08, 2024
cd49bd18
Merge branch 'OCF41-vault-job-ocf' into 'staging'
· 6e42ffe3
Jorge Moratinos
authored
May 08, 2024
Draft: Resolve "Vault Job OCF" Closes
#41
See merge request
!24
6e42ffe3
Hide whitespace changes
Inline
Side-by-side
helm/vault-job/vault-job.yaml
View file @
6e42ffe3
...
...
@@ -3,7 +3,7 @@ apiVersion: v1
kind
:
ConfigMap
metadata
:
name
:
vault-prepare-certs
namespace
:
mon
namespace
:
ocf-vault
labels
:
io.kompose.service
:
api-invocation-logs
app
:
capif
...
...
@@ -25,8 +25,15 @@ data:
# to execute the next commands in vault
# otherwise, if use the vault as dev's mode. Just
# type the token's dev.
export VAULT_TOKEN="dev-only-token"
export DOMAIN1=capif.mobilesandbox.cloud
export VAULT_TOKEN="hvs.mn50Q8kpMuxsPUsCNlwQekCd"
export DOMAIN1=*.pre-prod.int
export DOMAIN2=*.staging.int
export DOMAIN3=*.developer.int
# local domains
# export DOMAIN4=*.pre-prod.svc.cluster.local
# export DOMAIN5=*.staging.svc.cluster.local
# export DOMAIN6=*.developer.svc.cluster.local
vault secrets enable pki
...
...
@@ -69,7 +76,7 @@ data:
vault write pki_int/intermediate/set-signed certificate=@capif_intermediate.cert.pem
#Crear rol en Vault
vault write pki_int/roles/my-ca use_csr_common_name=
fals
e require_cn=false allowed_domains="*" allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h
vault write pki_int/roles/my-ca use_csr_common_name=
tru
e require_cn=false allowed_domains="*" allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h
# Emitir un certificado firmado por la CA intermedia
# vault write -format=json pki_int/issue/my-ca \
...
...
@@ -119,8 +126,6 @@ data:
DNS.3 = \$ENV::DOMAIN3
EOF
export DOMAIN2=nginx.mon.svc.cluster.local
export DOMAIN3=nginx.mon-staging.svc.cluster.local
export COUNTRY=ES # 2 letter country-code
export STATE=Madrid # state or province name
export LOCALITY=Madrid # Locality Name (e.g. city)
...
...
@@ -222,7 +227,7 @@ apiVersion: batch/v1
kind
:
Job
metadata
:
name
:
vault-pki
namespace
:
mon
namespace
:
ocf-vault
labels
:
io.kompose.service
:
vault-pki
app
:
capif
...
...