sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add bi rmq

Browse Source
This commit is contained in:
Kochetkov S 2026-04-21 14:52:27 +03:00
parent dca654690b
commit d97e1d62ce
1 changed files with 39 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml
View File

@ -14,15 +14,27 @@ spec:
spec: spec:
restartPolicy: OnFailure restartPolicy: OnFailure
serviceAccountName: rabbitmq serviceAccountName: rabbitmq
automountServiceAccountToken: false
volumes:
- name: sa-token
projected:
sources:
- serviceAccountToken:
path: token
expirationSeconds: 3600
containers: containers:
- name: bootstrap - name: bootstrap
image: alpine:3.20 image: alpine:3.20
volumeMounts:
- name: sa-token
mountPath: /var/run/secrets/tokens
readOnly: true
command: ["/bin/sh", "-ec"] command: ["/bin/sh", "-ec"]
args: args:
- | - |
apk add --no-cache curl jq >/dev/null apk add --no-cache curl jq >/dev/null
VAULT_ADDR="http://vault-vault-contour.vault.svc:8200" VAULT_ADDR="http://vault-vault-contour.vault.svc:8200"
JWT="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" JWT="$(cat /var/run/secrets/tokens/token)"
VAULT_TOKEN="$(curl -sS --request POST \ VAULT_TOKEN="$(curl -sS --request POST \
--data "{\"role\":\"rabbitmq\",\"jwt\":\"${JWT}\"}" \ --data "{\"role\":\"rabbitmq\",\"jwt\":\"${JWT}\"}" \
"${VAULT_ADDR}/v1/auth/kubernetes/login" | jq -r '.auth.client_token')" "${VAULT_ADDR}/v1/auth/kubernetes/login" | jq -r '.auth.client_token')"
@ -91,9 +103,21 @@ spec:
spec: spec:
restartPolicy: OnFailure restartPolicy: OnFailure
serviceAccountName: minio-sa serviceAccountName: minio-sa
automountServiceAccountToken: false
volumes:
- name: sa-token
projected:
sources:
- serviceAccountToken:
path: token
expirationSeconds: 3600
containers: containers:
- name: bootstrap - name: bootstrap
image: alpine:3.20 image: alpine:3.20
volumeMounts:
- name: sa-token
mountPath: /var/run/secrets/tokens
readOnly: true
command: ["/bin/sh", "-ec"] command: ["/bin/sh", "-ec"]
args: args:
- | - |
@ -102,7 +126,7 @@ spec:
chmod +x /usr/local/bin/mc chmod +x /usr/local/bin/mc
VAULT_ADDR="http://vault-vault-contour.vault.svc:8200" VAULT_ADDR="http://vault-vault-contour.vault.svc:8200"
JWT="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" JWT="$(cat /var/run/secrets/tokens/token)"
VAULT_TOKEN="$(curl -sS --request POST \ VAULT_TOKEN="$(curl -sS --request POST \
--data "{\"role\":\"minio\",\"jwt\":\"${JWT}\"}" \ --data "{\"role\":\"minio\",\"jwt\":\"${JWT}\"}" \
"${VAULT_ADDR}/v1/auth/kubernetes/login" | jq -r '.auth.client_token')" "${VAULT_ADDR}/v1/auth/kubernetes/login" | jq -r '.auth.client_token')"
@ -168,16 +192,28 @@ spec:
spec: spec:
restartPolicy: OnFailure restartPolicy: OnFailure
serviceAccountName: kafka-kafka-contour serviceAccountName: kafka-kafka-contour
automountServiceAccountToken: false
volumes:
- name: sa-token
projected:
sources:
- serviceAccountToken:
path: token
expirationSeconds: 3600
containers: containers:
- name: bootstrap - name: bootstrap
image: alpine:3.20 image: alpine:3.20
volumeMounts:
- name: sa-token
mountPath: /var/run/secrets/tokens
readOnly: true
command: ["/bin/sh", "-ec"] command: ["/bin/sh", "-ec"]
args: args:
- | - |
apk add --no-cache bash curl jq kubectl >/dev/null apk add --no-cache bash curl jq kubectl >/dev/null
VAULT_ADDR="http://vault-vault-contour.vault.svc:8200" VAULT_ADDR="http://vault-vault-contour.vault.svc:8200"
JWT="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" JWT="$(cat /var/run/secrets/tokens/token)"
VAULT_TOKEN="$(curl -sS --request POST \ VAULT_TOKEN="$(curl -sS --request POST \
--data "{\"role\":\"kafka\",\"jwt\":\"${JWT}\"}" \ --data "{\"role\":\"kafka\",\"jwt\":\"${JWT}\"}" \
"${VAULT_ADDR}/v1/auth/kubernetes/login" | jq -r '.auth.client_token')" "${VAULT_ADDR}/v1/auth/kubernetes/login" | jq -r '.auth.client_token')"