Adapt for new vault templates
This commit is contained in:
parent
cf17654ae0
commit
dcc2e1aa87
|
@ -58,7 +58,7 @@ _EOF
|
||||||
# Load vault root CA into the trust store
|
# Load vault root CA into the trust store
|
||||||
template {
|
template {
|
||||||
data = <<-EOF
|
data = <<-EOF
|
||||||
{{ with secret "[[ $.consul.suffix ]]pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
{{ with secret "[[ $.vault.pki.issuer ]]/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
||||||
EOF
|
EOF
|
||||||
destination = "local/ca.crt"
|
destination = "local/ca.crt"
|
||||||
}
|
}
|
||||||
|
|
|
@ -66,7 +66,7 @@ httpConnection:
|
||||||
protocol: https
|
protocol: https
|
||||||
host: truenas.example.org:443
|
host: truenas.example.org:443
|
||||||
port: 443
|
port: 443
|
||||||
apiKey: {{ with secret "kv/service/democratic-csi" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
apiKey: {{ with secret "/kv/service/democratic-csi" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
||||||
allowInsecure: false
|
allowInsecure: false
|
||||||
apiVersion: 2
|
apiVersion: 2
|
||||||
|
|
||||||
|
@ -106,7 +106,7 @@ _EOF
|
||||||
# Load vault root CA into the trust store
|
# Load vault root CA into the trust store
|
||||||
template {
|
template {
|
||||||
data = <<-EOF
|
data = <<-EOF
|
||||||
{{ with secret "pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
{{ with secret "/pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
||||||
EOF
|
EOF
|
||||||
destination = "local/ca.crt"
|
destination = "local/ca.crt"
|
||||||
}
|
}
|
||||||
|
@ -188,7 +188,7 @@ httpConnection:
|
||||||
protocol: https
|
protocol: https
|
||||||
host: truenas.example.org:443
|
host: truenas.example.org:443
|
||||||
port: 443
|
port: 443
|
||||||
apiKey: {{ with secret "kv/service/democratic-csi" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
apiKey: {{ with secret "/kv/service/democratic-csi" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
||||||
allowInsecure: false
|
allowInsecure: false
|
||||||
apiVersion: 2
|
apiVersion: 2
|
||||||
|
|
||||||
|
@ -219,7 +219,7 @@ _EOF
|
||||||
# Load vault root CA into the trust store
|
# Load vault root CA into the trust store
|
||||||
template {
|
template {
|
||||||
data = <<-EOF
|
data = <<-EOF
|
||||||
{{ with secret "pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
{{ with secret "/pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
||||||
EOF
|
EOF
|
||||||
destination = "local/ca.crt"
|
destination = "local/ca.crt"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,12 @@
|
||||||
|
|
||||||
# Access the vault KV (v2) store
|
# Access the vault KV (v2) store
|
||||||
path "kv/data/service/democratic-csi" {
|
path "/kv/data/service/democratic-csi" {
|
||||||
|
capabilities = ["read"]
|
||||||
|
}
|
||||||
|
path "/kv/metadata/service/democratic-csi/*" {
|
||||||
|
capabilities = ["read", "list"]
|
||||||
|
}
|
||||||
|
path "/kv/data/service/democratic-csi/*" {
|
||||||
capabilities = ["read"]
|
capabilities = ["read"]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,7 @@ httpConnection:
|
||||||
protocol: [[ $url.Scheme ]]
|
protocol: [[ $url.Scheme ]]
|
||||||
host: [[ $url.Host ]]
|
host: [[ $url.Host ]]
|
||||||
port: [[ $url.Port ]]
|
port: [[ $url.Port ]]
|
||||||
apiKey: {{ with secret "[[ .vault.kv.path ]]" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
apiKey: {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
||||||
allowInsecure: [[ .democratic_csi.controller.truenas.api.insecure | ternary "true" "false" ]]
|
allowInsecure: [[ .democratic_csi.controller.truenas.api.insecure | ternary "true" "false" ]]
|
||||||
apiVersion: 2
|
apiVersion: 2
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,7 @@ httpConnection:
|
||||||
protocol: [[ $url.Scheme ]]
|
protocol: [[ $url.Scheme ]]
|
||||||
host: [[ $url.Host ]]
|
host: [[ $url.Host ]]
|
||||||
port: [[ $url.Port ]]
|
port: [[ $url.Port ]]
|
||||||
apiKey: {{ with secret "[[ .vault.kv.path ]]" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
apiKey: {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.truenas_api_key }}{{ end }}
|
||||||
allowInsecure: [[ .democratic_csi.controller.truenas.api.insecure | ternary "true" "false" ]]
|
allowInsecure: [[ .democratic_csi.controller.truenas.api.insecure | ternary "true" "false" ]]
|
||||||
apiVersion: 2
|
apiVersion: 2
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue