File tree Expand file tree Collapse file tree 5 files changed +76
-0
lines changed Expand file tree Collapse file tree 5 files changed +76
-0
lines changed Original file line number Diff line number Diff line change 1+ #! /bin/bash
2+ trap ' echo "${BASH_SOURCE[0]}: line ${LINENO}: status ${?}: user ${USER}: func ${FUNCNAME[0]}"'
3+ set -o errexit
4+ set -o errtrace
5+
6+ export VAULT_ADDR=" https://vault.example.com"
7+ export VAULT_TOKEN=" $( cat ${HOME} /.vault/root_token.txt) "
8+ export VAULT_CACERT=" ${HOME} /.vault/ca.crt"
9+
10+ cd helm
11+ ./helm-install-gitea.sh
12+ cd ..
13+
14+ kubectl apply --filename gitea-namespace.yaml
15+
16+ cd istio
17+ kubectl apply --filename gitea-traffic-management.yaml
18+ cd ..
19+
20+ cd vault
21+ bash ./create-kubernetes-role.sh
22+ bash ./create-pki-role.sh
23+ kubectl apply --filename issuer-serviceaccount.yaml
24+ bash ./create-issuer.sh
25+ kubectl apply --filename gitea-certificate.yaml
26+ cd ..
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : v1
3+ kind : Namespace
4+ metadata :
5+ name : gitea
6+ labels :
7+ istio-injection : enabled
Original file line number Diff line number Diff line change 1+ #! /bin/bash
2+ trap ' echo "${BASH_SOURCE[0]}: line ${LINENO}: status ${?}: user ${USER}: func ${FUNCNAME[0]}"'
3+ set -o errexit
4+ set -o errtrace
5+
6+ NAMESPACE=" gitea"
7+
8+ export GITEA_ISSUER_SECRET_REF=" $( kubectl get secrets --namespace ${NAMESPACE} --output=json | jq -r ' .items[].metadata | select(.name|startswith("gitea-issuer-secret")).name' ) "
9+ export BASE64_ENCODED_CABUNDLE=" $( kubectl get secrets vault-ha-tls --namespace vault --output jsonpath=' {.data.kubernetes-ca\.crt}' ) "
10+
11+ envsubst < ./issuer.yaml > ./issuer-temp.yaml
12+ kubectl apply --namespace ${NAMESPACE} --filename ./issuer-temp.yaml
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : v1
3+ kind : ServiceAccount
4+ metadata :
5+ name : gitea-issuer
6+ namespace : gitea
7+ ---
8+ apiVersion : v1
9+ kind : Secret
10+ metadata :
11+ name : gitea-issuer-secret
12+ namespace : gitea
13+ annotations :
14+ kubernetes.io/service-account.name : gitea-issuer
15+ type : kubernetes.io/service-account-token
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : cert-manager.io/v1
3+ kind : Issuer
4+ metadata :
5+ name : gitea-issuer
6+ spec :
7+ vault :
8+ server : http://my-vault.vault.svc.cluster.local:8200
9+ path : pki/sign/gitea
10+ auth :
11+ kubernetes :
12+ mountPath : /v1/auth/kubernetes
13+ role : gitea-issuer
14+ secretRef :
15+ name : ${GITEA_ISSUER_SECRET_REF}
16+ key : token
You can’t perform that action at this time.
0 commit comments