Adapt for new vault templates
This commit is contained in:
parent
cf17654ae0
commit
dcc2e1aa87
|
@ -58,7 +58,7 @@ _EOF
|
|||
# Load vault root CA into the trust store
|
||||
template {
|
||||
data = <<-EOF
|
||||
{{ with secret "[[ $.consul.suffix ]]pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
||||
{{ with secret "[[ $.vault.pki.issuer ]]/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
||||
EOF
|
||||
destination = "local/ca.crt"
|
||||
}
|
||||
|
|
|
@ -66,7 +66,7 @@ httpConnection:
|
|||
protocol: https
|
||||
host: truenas.example.org:443
|
||||
port: 443
|
||||
apiKey: {{ with secret "kv/service/democratic-csi" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
||||
apiKey: {{ with secret "/kv/service/democratic-csi" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
||||
allowInsecure: false
|
||||
apiVersion: 2
|
||||
|
||||
|
@ -106,7 +106,7 @@ _EOF
|
|||
# Load vault root CA into the trust store
|
||||
template {
|
||||
data = <<-EOF
|
||||
{{ with secret "pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
||||
{{ with secret "/pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
||||
EOF
|
||||
destination = "local/ca.crt"
|
||||
}
|
||||
|
@ -188,7 +188,7 @@ httpConnection:
|
|||
protocol: https
|
||||
host: truenas.example.org:443
|
||||
port: 443
|
||||
apiKey: {{ with secret "kv/service/democratic-csi" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
||||
apiKey: {{ with secret "/kv/service/democratic-csi" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
||||
allowInsecure: false
|
||||
apiVersion: 2
|
||||
|
||||
|
@ -219,7 +219,7 @@ _EOF
|
|||
# Load vault root CA into the trust store
|
||||
template {
|
||||
data = <<-EOF
|
||||
{{ with secret "pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
||||
{{ with secret "/pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
||||
EOF
|
||||
destination = "local/ca.crt"
|
||||
}
|
||||
|
|
|
@ -1,6 +1,12 @@
|
|||
|
||||
# Access the vault KV (v2) store
|
||||
path "kv/data/service/democratic-csi" {
|
||||
path "/kv/data/service/democratic-csi" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
path "/kv/metadata/service/democratic-csi/*" {
|
||||
capabilities = ["read", "list"]
|
||||
}
|
||||
path "/kv/data/service/democratic-csi/*" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ httpConnection:
|
|||
protocol: [[ $url.Scheme ]]
|
||||
host: [[ $url.Host ]]
|
||||
port: [[ $url.Port ]]
|
||||
apiKey: {{ with secret "[[ .vault.kv.path ]]" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
||||
apiKey: {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
||||
allowInsecure: [[ .democratic_csi.controller.truenas.api.insecure | ternary "true" "false" ]]
|
||||
apiVersion: 2
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ httpConnection:
|
|||
protocol: [[ $url.Scheme ]]
|
||||
host: [[ $url.Host ]]
|
||||
port: [[ $url.Port ]]
|
||||
apiKey: {{ with secret "[[ .vault.kv.path ]]" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
||||
apiKey: {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
||||
allowInsecure: [[ .democratic_csi.controller.truenas.api.insecure | ternary "true" "false" ]]
|
||||
apiVersion: 2
|
||||
|
||||
|
|
Loading…
Reference in New Issue