titan-iac/services/harbor/secretproviderclass.yaml

# services/harbor/secretproviderclass.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: harbor-vault
  namespace: harbor
spec:
  provider: vault
  parameters:
    vaultAddress: "http://vault.vault.svc.cluster.local:8200"
    roleName: "harbor"
    objects: |
      - objectName: "harbor-core__CSRF_KEY"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "CSRF_KEY"
      - objectName: "harbor-core__REGISTRY_CREDENTIAL_PASSWORD"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "REGISTRY_CREDENTIAL_PASSWORD"
      - objectName: "harbor-core__harbor_admin_password"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "harbor_admin_password"
      - objectName: "harbor-core__secret"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "secret"
      - objectName: "harbor-core__secretKey"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "secretKey"
      - objectName: "harbor-core__tls.crt"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "tls.crt"
      - objectName: "harbor-core__tls.key"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "tls.key"
      - objectName: "harbor-db__database"
        secretPath: "kv/data/atlas/harbor/harbor-db"
        secretKey: "database"
      - objectName: "harbor-db__host"
        secretPath: "kv/data/atlas/harbor/harbor-db"
        secretKey: "host"
      - objectName: "harbor-db__password"
        secretPath: "kv/data/atlas/harbor/harbor-db"
        secretKey: "password"
      - objectName: "harbor-db__port"
        secretPath: "kv/data/atlas/harbor/harbor-db"
        secretKey: "port"
      - objectName: "harbor-db__username"
        secretPath: "kv/data/atlas/harbor/harbor-db"
        secretKey: "username"
      - objectName: "harbor-oidc__CONFIG_OVERWRITE_JSON"
        secretPath: "kv/data/atlas/harbor/harbor-oidc"
        secretKey: "CONFIG_OVERWRITE_JSON"
      - objectName: "harbor-pull__dockerconfigjson"
        secretPath: "kv/data/atlas/harbor-pull/harbor"
        secretKey: "dockerconfigjson"
  secretObjects:
    - secretName: harbor-core
      type: Opaque
      data:
        - objectName: harbor-core__CSRF_KEY
          key: CSRF_KEY
        - objectName: harbor-core__REGISTRY_CREDENTIAL_PASSWORD
          key: REGISTRY_CREDENTIAL_PASSWORD
        - objectName: harbor-core__harbor_admin_password
          key: harbor_admin_password
        - objectName: harbor-core__secret
          key: secret
        - objectName: harbor-core__secretKey
          key: secretKey
        - objectName: harbor-core__tls.crt
          key: tls.crt
        - objectName: harbor-core__tls.key
          key: tls.key
    - secretName: harbor-db
      type: Opaque
      data:
        - objectName: harbor-db__database
          key: database
        - objectName: harbor-db__host
          key: host
        - objectName: harbor-db__password
          key: password
        - objectName: harbor-db__port
          key: port
        - objectName: harbor-db__username
          key: username
    - secretName: harbor-oidc
      type: Opaque
      data:
        - objectName: harbor-oidc__CONFIG_OVERWRITE_JSON
          key: CONFIG_OVERWRITE_JSON
    - secretName: harbor-regcred
      type: kubernetes.io/dockerconfigjson
      data:
        - objectName: harbor-pull__dockerconfigjson
          key: .dockerconfigjson
vault(consumption): sync secrets via CSI 2026-01-14 05:07:23 -03:00			`# services/harbor/secretproviderclass.yaml`
			`apiVersion: secrets-store.csi.x-k8s.io/v1`
			`kind: SecretProviderClass`
			`metadata:`
			`name: harbor-vault`
			`namespace: harbor`
			`spec:`
			`provider: vault`
			`parameters:`
			`vaultAddress: "http://vault.vault.svc.cluster.local:8200"`
			`roleName: "harbor"`
			`objects: \|`
			`- objectName: "harbor-core__CSRF_KEY"`
			`secretPath: "kv/data/atlas/harbor/harbor-core"`
			`secretKey: "CSRF_KEY"`
			`- objectName: "harbor-core__REGISTRY_CREDENTIAL_PASSWORD"`
			`secretPath: "kv/data/atlas/harbor/harbor-core"`
			`secretKey: "REGISTRY_CREDENTIAL_PASSWORD"`
			`- objectName: "harbor-core__harbor_admin_password"`
			`secretPath: "kv/data/atlas/harbor/harbor-core"`
			`secretKey: "harbor_admin_password"`
			`- objectName: "harbor-core__secret"`
			`secretPath: "kv/data/atlas/harbor/harbor-core"`
			`secretKey: "secret"`
			`- objectName: "harbor-core__secretKey"`
			`secretPath: "kv/data/atlas/harbor/harbor-core"`
			`secretKey: "secretKey"`
			`- objectName: "harbor-core__tls.crt"`
			`secretPath: "kv/data/atlas/harbor/harbor-core"`
			`secretKey: "tls.crt"`
			`- objectName: "harbor-core__tls.key"`
			`secretPath: "kv/data/atlas/harbor/harbor-core"`
			`secretKey: "tls.key"`
			`- objectName: "harbor-db__database"`
			`secretPath: "kv/data/atlas/harbor/harbor-db"`
			`secretKey: "database"`
			`- objectName: "harbor-db__host"`
			`secretPath: "kv/data/atlas/harbor/harbor-db"`
			`secretKey: "host"`
			`- objectName: "harbor-db__password"`
			`secretPath: "kv/data/atlas/harbor/harbor-db"`
			`secretKey: "password"`
			`- objectName: "harbor-db__port"`
			`secretPath: "kv/data/atlas/harbor/harbor-db"`
			`secretKey: "port"`
			`- objectName: "harbor-db__username"`
			`secretPath: "kv/data/atlas/harbor/harbor-db"`
			`secretKey: "username"`
			`- objectName: "harbor-oidc__CONFIG_OVERWRITE_JSON"`
			`secretPath: "kv/data/atlas/harbor/harbor-oidc"`
			`secretKey: "CONFIG_OVERWRITE_JSON"`
vault: sync harbor pulls 2026-01-14 10:07:31 -03:00			`- objectName: "harbor-pull__dockerconfigjson"`
			`secretPath: "kv/data/atlas/harbor-pull/harbor"`
			`secretKey: "dockerconfigjson"`
vault(consumption): sync secrets via CSI 2026-01-14 05:07:23 -03:00			`secretObjects:`
			`- secretName: harbor-core`
			`type: Opaque`
			`data:`
			`- objectName: harbor-core__CSRF_KEY`
			`key: CSRF_KEY`
			`- objectName: harbor-core__REGISTRY_CREDENTIAL_PASSWORD`
			`key: REGISTRY_CREDENTIAL_PASSWORD`
			`- objectName: harbor-core__harbor_admin_password`
			`key: harbor_admin_password`
			`- objectName: harbor-core__secret`
			`key: secret`
			`- objectName: harbor-core__secretKey`
			`key: secretKey`
			`- objectName: harbor-core__tls.crt`
			`key: tls.crt`
			`- objectName: harbor-core__tls.key`
			`key: tls.key`
			`- secretName: harbor-db`
			`type: Opaque`
			`data:`
			`- objectName: harbor-db__database`
			`key: database`
			`- objectName: harbor-db__host`
			`key: host`
			`- objectName: harbor-db__password`
			`key: password`
			`- objectName: harbor-db__port`
			`key: port`
			`- objectName: harbor-db__username`
			`key: username`
			`- secretName: harbor-oidc`
			`type: Opaque`
			`data:`
			`- objectName: harbor-oidc__CONFIG_OVERWRITE_JSON`
			`key: CONFIG_OVERWRITE_JSON`
vault: sync harbor pulls 2026-01-14 10:07:31 -03:00			`- secretName: harbor-regcred`
			`type: kubernetes.io/dockerconfigjson`
			`data:`
			`- objectName: harbor-pull__dockerconfigjson`
			`key: .dockerconfigjson`