50 lines
1.1 KiB
Bash
Executable File
50 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
# Config
|
|
VAULT_ADDR="https://10.100.30.11:8200"
|
|
VAULT_CA="./vault-ca.crt"
|
|
|
|
# Check dependencies
|
|
if ! command -v vault &> /dev/null; then
|
|
echo "❌ 'vault' CLI nicht gefunden."
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -f "$VAULT_CA" ]; then
|
|
echo "⚠️ $VAULT_CA nicht gefunden. Versuche Download..."
|
|
scp -i ~/.ssh/id_ed25519_ansible_prod ansible@10.100.30.11:/opt/vault/certs/ca.crt "$VAULT_CA"
|
|
fi
|
|
|
|
echo "🔐 Setup K3s Secrets in Vault"
|
|
echo "-----------------------------"
|
|
|
|
# Auth
|
|
if [ -z "$VAULT_TOKEN" ]; then
|
|
read -sp "Bitte Vault Root Token eingeben: " VAULT_TOKEN
|
|
echo ""
|
|
export VAULT_TOKEN
|
|
fi
|
|
export VAULT_ADDR
|
|
export VAULT_CACERT="$VAULT_CA"
|
|
|
|
# 1. Generate K3s Token
|
|
K3S_TOKEN=$(openssl rand -base64 32)
|
|
echo "✅ K3s Token generiert."
|
|
|
|
# 2. Set Kube-VIP Version
|
|
KUBEVIP_VERSION="v0.8.0"
|
|
|
|
# 3. Write to Vault
|
|
echo "Schreibe nach secret/infrastructure/k3s..."
|
|
|
|
vault kv put secret/infrastructure/k3s \
|
|
token="$K3S_TOKEN" \
|
|
kubevip_version="$KUBEVIP_VERSION" \
|
|
kubevip_address="10.100.40.5"
|
|
|
|
echo ""
|
|
echo "✅ Secrets erfolgreich angelegt!"
|
|
echo " K3s Token: (im Vault gespeichert)"
|
|
echo " Kube-VIP IP: 10.100.40.5"
|