freezer/mareshq-gitops-legacy
Archived
1
0
Fork 0
Code Activity
This repository has been archived on 2025-08-23. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.
mareshq-gitops-legacy/vault-unseal.sh
Vojtech Mares d410d564f3
wip
2024-01-25 17:07:18 +01:00

44 lines
780 B
Bash
Executable file
Raw Permalink Blame History

#!/usr/bin/env bash
UNSEAL_KEYS="xxx yyy zzz"
VAULT_PODS=$(kubectl get pods -n vault -l app.kubernetes.io/name=vault -o jsonpath='{.items[*].metadata.name}')
echo ""
echo "Unsealing Vault..."
echo ""
echo "Deleting existing pods..."
echo ""
kubectl delete pods -n vault $VAULT_PODS >> /dev/null
echo "Waiting for new pods to become ready..."
echo ""
kubectl wait --for=condition=ready --timeout=180s pods -n vault -l app.kubernetes.io/name=vault >> /dev/null
echo "Unsealing Vault pods..."
echo ""
for pod in $VAULT_PODS
do
echo "Unsealing $pod..."
for key in $UNSEAL_KEYS
do
kubectl exec -n vault -it $pod -- vault operator unseal $key >> /dev/null
sleep 1
done
echo "$pod unsealed!"
echo ""
done
echo "Vault unsealed!"
echo ""
echo ""
echo ""
View git blame Copy permalink