nomad
/
democratic_csi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adapt for new vault templates

This commit is contained in:
Daniel Berteaud 2024-01-31 13:38:19 +01:00
parent cf17654ae0
commit dcc2e1aa87
5 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
controller.nomad.hcl
View File

@ -58,7 +58,7 @@ _EOF
# Load vault root CA into the trust store
template {
data = <<-EOF
{{ with secret "[[ $.consul.suffix ]]pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
{{ with secret "[[ $.vault.pki.issuer ]]/cert/ca" }}{{ .Data.certificate }}{{ end }}
EOF
destination = "local/ca.crt"
}

8
example/controller.nomad.hcl
View File

@ -66,7 +66,7 @@ httpConnection:
protocol: https
host: truenas.example.org:443
port: 443
apiKey: {{ with secret "kv/service/democratic-csi" }}{{ .Data.data.truenas_api_key }}{{ end }}
apiKey: {{ with secret "/kv/service/democratic-csi" }}{{ .Data.data.truenas_api_key }}{{ end }}
allowInsecure: false
apiVersion: 2
@ -106,7 +106,7 @@ _EOF
# Load vault root CA into the trust store
template {
data = <<-EOF
{{ with secret "pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
{{ with secret "/pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
EOF
destination = "local/ca.crt"
}
@ -188,7 +188,7 @@ httpConnection:
protocol: https
host: truenas.example.org:443
port: 443
apiKey: {{ with secret "kv/service/democratic-csi" }}{{ .Data.data.truenas_api_key }}{{ end }}
apiKey: {{ with secret "/kv/service/democratic-csi" }}{{ .Data.data.truenas_api_key }}{{ end }}
allowInsecure: false
apiVersion: 2
@ -219,7 +219,7 @@ _EOF
# Load vault root CA into the trust store
template {
data = <<-EOF
{{ with secret "pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
{{ with secret "/pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
EOF
destination = "local/ca.crt"
}

8
example/vault/policies/democratic-csi.hcl
View File

@ -1,6 +1,12 @@
# Access the vault KV (v2) store
path "kv/data/service/democratic-csi" {
path "/kv/data/service/democratic-csi" {
capabilities = ["read"]
}
path "/kv/metadata/service/democratic-csi/*" {
capabilities = ["read", "list"]
}
path "/kv/data/service/democratic-csi/*" {
capabilities = ["read"]
}

2
templates/iscsi/controller.yml.tpl
View File

@ -7,7 +7,7 @@ httpConnection:
protocol: [[ $url.Scheme ]]
host: [[ $url.Host ]]
port: [[ $url.Port ]]
apiKey: {{ with secret "[[ .vault.kv.path ]]" }}{{ .Data.data.truenas_api_key }}{{ end }}
apiKey: {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.truenas_api_key }}{{ end }}
allowInsecure: [[ .democratic_csi.controller.truenas.api.insecure | ternary "true" "false" ]]
apiVersion: 2

2
templates/nfs/controller.yml.tpl
View File

@ -7,7 +7,7 @@ httpConnection:
protocol: [[ $url.Scheme ]]
host: [[ $url.Host ]]
port: [[ $url.Port ]]
apiKey: {{ with secret "[[ .vault.kv.path ]]" }}{{ .Data.data.truenas_api_key }}{{ end }}
apiKey: {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.truenas_api_key }}{{ end }}
allowInsecure: [[ .democratic_csi.controller.truenas.api.insecure | ternary "true" "false" ]]
apiVersion: 2