quality(sonarqube): inject exporter token from vault

services/quality/sonarqube-exporter-deployment.yaml

@@ -16,10 +16,18 @@ spec:
       labels:
         app: sonarqube-exporter
       annotations:
+        vault.hashicorp.com/agent-inject: "true"
+        vault.hashicorp.com/role: "quality"
+        vault.hashicorp.com/agent-inject-secret-sonarqube-exporter-env.sh: "kv/data/atlas/quality/sonarqube-exporter"
+        vault.hashicorp.com/agent-inject-template-sonarqube-exporter-env.sh: |
+          {{- with secret "kv/data/atlas/quality/sonarqube-exporter" -}}
+          export SONARQUBE_TOKEN="{{ .Data.data.token }}"
+          {{- end -}}
         prometheus.io/scrape: "true"
         prometheus.io/port: "9798"
         prometheus.io/path: /metrics
     spec:
+      serviceAccountName: quality-vault-sync
       nodeSelector:
         node-role.kubernetes.io/worker: "true"
       affinity:
@@ -49,6 +57,9 @@ spec:
             - -ec
           args:
             - |
+              if [ -f /vault/secrets/sonarqube-exporter-env.sh ]; then
+                . /vault/secrets/sonarqube-exporter-env.sh
+              fi
               cp /config/exporter.py /app/exporter.py
               python /app/exporter.py
           env: