Skip to content
GitLab
Commits (2)
Hide whitespace changes
Inline Side-by-side
helm/vault-job/vault-job.yaml
View file @ 6e42ffe3
......@@ -3,7 +3,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: vault-prepare-certs
namespace: mon
namespace: ocf-vault
labels:
io.kompose.service: api-invocation-logs
app: capif
......@@ -25,8 +25,15 @@ data:
# to execute the next commands in vault
# otherwise, if use the vault as dev's mode. Just
# type the token's dev.
export VAULT_TOKEN="dev-only-token"
export DOMAIN1=capif.mobilesandbox.cloud
export VAULT_TOKEN="hvs.mn50Q8kpMuxsPUsCNlwQekCd"
export DOMAIN1=*.pre-prod.int
export DOMAIN2=*.staging.int
export DOMAIN3=*.developer.int
# local domains
# export DOMAIN4=*.pre-prod.svc.cluster.local
# export DOMAIN5=*.staging.svc.cluster.local
# export DOMAIN6=*.developer.svc.cluster.local
vault secrets enable pki
......@@ -69,7 +76,7 @@ data:
vault write pki_int/intermediate/set-signed certificate=@capif_intermediate.cert.pem
#Crear rol en Vault
vault write pki_int/roles/my-ca use_csr_common_name=false require_cn=false allowed_domains="*" allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h
vault write pki_int/roles/my-ca use_csr_common_name=true require_cn=false allowed_domains="*" allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h
# Emitir un certificado firmado por la CA intermedia
# vault write -format=json pki_int/issue/my-ca \
......@@ -119,8 +126,6 @@ data:
DNS.3 = \$ENV::DOMAIN3
EOF
export DOMAIN2=nginx.mon.svc.cluster.local
export DOMAIN3=nginx.mon-staging.svc.cluster.local
export COUNTRY=ES # 2 letter country-code
export STATE=Madrid # state or province name
export LOCALITY=Madrid # Locality Name (e.g. city)
......@@ -222,7 +227,7 @@ apiVersion: batch/v1
kind: Job
metadata:
name: vault-pki
namespace: mon
namespace: ocf-vault
labels:
io.kompose.service: vault-pki
app: capif
......