wip
This commit is contained in:
parent
2eed379533
commit
d410d564f3
GPG key ID:
C6827B976F17240D
5 changed files with 162 additions and 0 deletions
44
vault-unseal.sh
Executable file
44
vault-unseal.sh
Executable file
|
|
@ -0,0 +1,44 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
UNSEAL_KEYS="xxx yyy zzz"
|
||||
|
||||
VAULT_PODS=$(kubectl get pods -n vault -l app.kubernetes.io/name=vault -o jsonpath='{.items[*].metadata.name}')
|
||||
|
||||
echo ""
|
||||
echo "Unsealing Vault..."
|
||||
echo ""
|
||||
|
||||
echo "Deleting existing pods..."
|
||||
echo ""
|
||||
|
||||
kubectl delete pods -n vault $VAULT_PODS >> /dev/null
|
||||
|
||||
echo "Waiting for new pods to become ready..."
|
||||
echo ""
|
||||
|
||||
kubectl wait --for=condition=ready --timeout=180s pods -n vault -l app.kubernetes.io/name=vault >> /dev/null
|
||||
|
||||
echo "Unsealing Vault pods..."
|
||||
echo ""
|
||||
|
||||
for pod in $VAULT_PODS
|
||||
do
|
||||
echo "Unsealing $pod..."
|
||||
|
||||
for key in $UNSEAL_KEYS
|
||||
do
|
||||
kubectl exec -n vault -it $pod -- vault operator unseal $key >> /dev/null
|
||||
sleep 1
|
||||
done
|
||||
|
||||
echo "$pod unsealed!"
|
||||
echo ""
|
||||
done
|
||||
|
||||
echo "Vault unsealed!"
|
||||
echo ""
|
||||
echo ""
|
||||
echo ""
|
||||
|
||||
|
||||
|
||||
Reference in a new issue