Test new job

2025-09-28 22:26:34 +03:00 · 2025-09-28 22:26:34 +03:00 · dfd631fa3c
commit dfd631fa3c
parent 0010c610f7
1 changed files with 9 additions and 7 deletions
--- a/manifests/cluster-secret-store/cicd/bootstrap-job.yaml
+++ b/manifests/cluster-secret-store/cicd/bootstrap-job.yaml
@ -33,7 +33,8 @@ spec:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            capabilities:
-              drop: ["ALL"]
+              drop:
+                - ALL
          env:
            - name: VAULT_ADDR
              value: "http://vault.dev-tools.svc.cluster.local:8200"
@ -42,7 +43,9 @@ spec:
                secretKeyRef:
                  name: vault-admin-token
                  key: token
-          command: ["/bin/sh","-c"]
+          command:
+            - /bin/sh
+            - -c
          args:
            - |
              set -e
@ -58,12 +61,11 @@ spec:
                sleep 2
              done

-              # vault secrets enable -version=2 -path=cicd kv 2>/dev/null || true
-
              cat >/tmp/policy.hcl <<'EOF'
              path "cicd/metadata/*" { capabilities = ["list"] }
              path "cicd/data/*"     { capabilities = ["read"] }
              EOF
+
              vault policy write eso-cicd-read /tmp/policy.hcl || true

              vault write auth/kubernetes/role/eso-cicd \