ansible role update

2022-12-09 13:38:44 +09:00
parent 8391ca915d
commit 3af7e034fc
890 changed files with 79234 additions and 0 deletions
--- a/ansible/roles/helm_install/files/vault_agent/configmap.yaml
+++ b/ansible/roles/helm_install/files/vault_agent/configmap.yaml
@@ -0,0 +1,52 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dsk-vault-agent-config
+data:
+  server.tmpl: |
+    {{ with secret "tls/data/server" }}{{ toJSON .Data.data }}
+    {{ end }}
+
+  client.tmpl: |
+    {{ with secret "tls/data/client" }}{{ toJSON .Data.data }}
+    {{ end }}
+
+  agent.hcl: |
+    pid_file = "./pidfile"
+
+    vault {
+      address="http://vault-ui.dsk-middle:8200"
+    }
+
+    auto_auth {
+      method {
+        type = "approle"
+        config = {
+          role_id_file_path = "/vault-agent/role-id"
+          secret_id_file_path = "/vault-agent/secret-id"
+          remove_secret_id_file_after_reading = false
+        }
+      }
+
+      sink {
+        type = "file"
+        config = {
+          path = "/vault-agent/.vault-token"
+          mode = 0644
+        }
+      }
+    }
+
+    template_config {
+      static_secret_render_interval = "10s"
+    }
+
+    template {
+      source = "/vault-agent/conf/server.tmpl"
+      destination = "/vault-agent/serverTls"
+    }
+
+    template {
+      source = "/vault-agent/conf/client.tmpl"
+      destination = "/vault-agent/clientTls"
+    }