monitoring: prepopulate vault for dedupe job

2026-01-21 12:18:57 -03:00 · 2026-01-21 12:18:57 -03:00 · 4e65f02fba
commit 4e65f02fba
parent 88de0f7cee
1 changed files with 13 additions and 10 deletions
--- a/services/monitoring/grafana-user-dedupe-job.yaml
+++ b/services/monitoring/grafana-user-dedupe-job.yaml
@ -2,20 +2,23 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: grafana-user-dedupe-api-v3
+  name: grafana-user-dedupe-api-v4
  namespace: monitoring
-  annotations:
-    vault.hashicorp.com/agent-inject: "true"
-    vault.hashicorp.com/role: "monitoring"
-    vault.hashicorp.com/agent-inject-secret-grafana-env.sh: "kv/data/atlas/monitoring/grafana-admin"
-    vault.hashicorp.com/agent-inject-template-grafana-env.sh: |
-      {{ with secret "kv/data/atlas/monitoring/grafana-admin" }}
-      export GRAFANA_USER="{{ index .Data.data "admin-user" }}"
-      export GRAFANA_PASSWORD="{{ index .Data.data "admin-password" }}"
-      {{ end }}
 spec:
  backoffLimit: 1
  template:
+    metadata:
+      annotations:
+        vault.hashicorp.com/agent-inject: "true"
+        vault.hashicorp.com/agent-pre-populate: "true"
+        vault.hashicorp.com/agent-pre-populate-only: "true"
+        vault.hashicorp.com/role: "monitoring"
+        vault.hashicorp.com/agent-inject-secret-grafana-env.sh: "kv/data/atlas/monitoring/grafana-admin"
+        vault.hashicorp.com/agent-inject-template-grafana-env.sh: |
+          {{ with secret "kv/data/atlas/monitoring/grafana-admin" }}
+          export GRAFANA_USER="{{ index .Data.data "admin-user" }}"
+          export GRAFANA_PASSWORD="{{ index .Data.data "admin-password" }}"
+          {{ end }}
    spec:
      serviceAccountName: monitoring-vault-sync
      automountServiceAccountToken: true