generated from coulomb/repo-seed
Harden KeyCape OpenBao client action
This commit is contained in:
@@ -70,7 +70,7 @@ image: keycape:v0.1 # replace with your actual tag
|
||||
# If T04 is not yet done, run it now and re-run after create-pi-token.sh.
|
||||
cd sso-mfa/k8s/keycape
|
||||
chmod +x create-secrets.sh create-pi-token.sh
|
||||
./create-secrets.sh
|
||||
bash ./create-secrets.sh
|
||||
|
||||
# 2. Apply manifests
|
||||
kubectl apply -f deployment.yaml
|
||||
@@ -92,7 +92,7 @@ chmod +x create-pi-token.sh
|
||||
./create-pi-token.sh
|
||||
|
||||
# 2. Re-run create-secrets.sh to update keycape-config with the real token
|
||||
./create-secrets.sh
|
||||
bash ./create-secrets.sh
|
||||
|
||||
# 3. Restart KeyCape to pick up the new Secret
|
||||
kubectl rollout restart deployment/keycape -n sso
|
||||
@@ -106,7 +106,7 @@ OpenBao admin CLI clients are code-defined there; operators should not create
|
||||
those clients manually in a separate UI. After changing the block:
|
||||
|
||||
```bash
|
||||
./create-secrets.sh # regenerates keycape-config Secret
|
||||
bash ./create-secrets.sh # regenerates keycape-config Secret
|
||||
kubectl rollout restart deployment/keycape -n sso
|
||||
```
|
||||
|
||||
|
||||
Reference in New Issue
Block a user