preparation for k3s

2026-01-10 21:42:51 +00:00
parent f57870280c
commit a415c515e3
16 changed files with 471 additions and 15 deletions
--- a/setup_k3s_secrets.sh
+++ b/setup_k3s_secrets.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+set -e
+
+# Config
+VAULT_ADDR="https://10.100.30.11:8200"
+VAULT_CA="./vault-ca.crt"
+
+# Check dependencies
+if ! command -v vault &> /dev/null; then
+    echo "❌ 'vault' CLI nicht gefunden."
+    exit 1
+fi
+
+if [ ! -f "$VAULT_CA" ]; then
+    echo "⚠️  $VAULT_CA nicht gefunden. Versuche Download..."
+    scp -i ~/.ssh/id_ed25519_ansible_prod ansible@10.100.30.11:/opt/vault/certs/ca.crt "$VAULT_CA"
+fi
+
+echo "🔐 Setup K3s Secrets in Vault"
+echo "-----------------------------"
+
+# Auth
+if [ -z "$VAULT_TOKEN" ]; then
+    read -sp "Bitte Vault Root Token eingeben: " VAULT_TOKEN
+    echo ""
+    export VAULT_TOKEN
+fi
+export VAULT_ADDR
+export VAULT_CACERT="$VAULT_CA"
+
+# 1. Generate K3s Token
+K3S_TOKEN=$(openssl rand -base64 32)
+echo "✅ K3s Token generiert."
+
+# 2. Set Kube-VIP Version
+KUBEVIP_VERSION="v0.8.0"
+
+# 3. Write to Vault
+echo "Schreibe nach secret/infrastructure/k3s..."
+
+vault kv put secret/infrastructure/k3s \
+    token="$K3S_TOKEN" \
+    kubevip_version="$KUBEVIP_VERSION" \
+    kubevip_address="10.100.40.5"
+
+echo ""
+echo "✅ Secrets erfolgreich angelegt!"
+echo "   K3s Token: (im Vault gespeichert)"
+echo "   Kube-VIP IP: 10.100.40.5"