From e7a3bbd05596823f1abe87e975b5973bb8494749 Mon Sep 17 00:00:00 2001 From: Michal Vala Date: Mon, 21 Feb 2022 08:59:25 +0100 Subject: [PATCH] Svpi61 vault init (#118) Svpi61 vault init --- README.md | 5 ++++ .../authentication/spi-vault-admin.yaml | 14 ++++++++++ components/authentication/view-spi.yaml | 2 ++ components/spi/kustomization.yaml | 3 ++- components/spi/vault_role.yaml | 26 +++++++++++++++++++ 5 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 components/authentication/spi-vault-admin.yaml create mode 100644 components/spi/vault_role.yaml diff --git a/README.md b/README.md index 11d9d4f16..4348a4db1 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,11 @@ SPI components fails to start right after the bootstrap. It requires manual conf This process is automated in `preview mode` see below. +SPI Vault instance has to be manually initialized. There is a script to help with that: +1) Make sure that your cluster user has at least permissions `./components/spi/vault_role.yaml` +2) Clone SPI operator repo `git clone https://github.com/redhat-appstudio/service-provider-integration-operator && cd service-provider-integration-operator` +3) run `vault-init.sh` script from repo root directory `./hack/vault-init.sh` + ### Install Toolchain (Sandbox) Operators There are two scripts which you can use: - `./hack/sandbox-development-mode.sh` for development mode diff --git a/components/authentication/spi-vault-admin.yaml b/components/authentication/spi-vault-admin.yaml new file mode 100644 index 000000000..ba3175be7 --- /dev/null +++ b/components/authentication/spi-vault-admin.yaml @@ -0,0 +1,14 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: spi-vault-admin + namespace: spi-system +subjects: + - kind: User + name: skabashnyuk + - kind: User + name: sparkoo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: spi-vault-admin diff --git a/components/authentication/view-spi.yaml b/components/authentication/view-spi.yaml index 4f88efa0a..01ce4f7ef 100644 --- a/components/authentication/view-spi.yaml +++ b/components/authentication/view-spi.yaml @@ -8,6 +8,8 @@ subjects: name: skabashnyuk - kind: User name: sbose78 + - kind: User + name: sparkoo roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/components/spi/kustomization.yaml b/components/spi/kustomization.yaml index a61ffe782..ab01dbb51 100644 --- a/components/spi/kustomization.yaml +++ b/components/spi/kustomization.yaml @@ -1,9 +1,10 @@ resources: - argocd-permissions.yaml - - https://github.com/redhat-appstudio/service-provider-integration-operator/config/default?ref=53e870e32db78603485621337f57c09793bcf06f + - https://github.com/redhat-appstudio/service-provider-integration-operator/config/default?ref=faca4bea8d65c80ab0bea3ce25d56346f2c86201 - oauth_route.yaml - https://github.com/redhat-appstudio/service-provider-integration-scm-file-retriever/server/config/default?ref=381f7746b88019ea13d4aa42e71b01ac9bb2ec1e - scm_route.yaml + - vault_role.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/components/spi/vault_role.yaml b/components/spi/vault_role.yaml new file mode 100644 index 000000000..ea9254449 --- /dev/null +++ b/components/spi/vault_role.yaml @@ -0,0 +1,26 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: spi-vault-admin +rules: + - verbs: + - get + - delete + apiGroups: + - '' + resources: + - pods + - verbs: + - create + apiGroups: + - '' + resources: + - pods/exec + - verbs: + - get + - delete + - create + apiGroups: + - '' + resources: + - secrets