diff --git a/services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml b/services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml index 16de572..f8d27b3 100644 --- a/services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml +++ b/services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml @@ -10,6 +10,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "bstein-dev-home" vault.hashicorp.com/agent-inject-secret-portal-env.sh: "kv/data/atlas/portal/atlas-portal-db" vault.hashicorp.com/agent-inject-template-portal-env.sh: | @@ -70,4 +71,4 @@ spec: - name: tests configMap: name: portal-onboarding-e2e-tests - defaultMode: 0555 + defaultMode: 0555 \ No newline at end of file diff --git a/services/bstein-dev-home/vaultwarden-cred-sync-cronjob.yaml b/services/bstein-dev-home/vaultwarden-cred-sync-cronjob.yaml index efbab7e..bba2b1b 100644 --- a/services/bstein-dev-home/vaultwarden-cred-sync-cronjob.yaml +++ b/services/bstein-dev-home/vaultwarden-cred-sync-cronjob.yaml @@ -16,6 +16,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "bstein-dev-home" vault.hashicorp.com/agent-inject-secret-portal-env.sh: "kv/data/atlas/portal/atlas-portal-db" vault.hashicorp.com/agent-inject-template-portal-env.sh: | @@ -73,4 +74,4 @@ spec: - name: vaultwarden-cred-sync-script configMap: name: vaultwarden-cred-sync-script - defaultMode: 0555 + defaultMode: 0555 \ No newline at end of file diff --git a/services/comms/bstein-force-leave-job.yaml b/services/comms/bstein-force-leave-job.yaml index 4d38349..759f30b 100644 --- a/services/comms/bstein-force-leave-job.yaml +++ b/services/comms/bstein-force-leave-job.yaml @@ -10,6 +10,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "comms" vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime" vault.hashicorp.com/agent-inject-template-mas-admin-secret: | @@ -185,4 +186,4 @@ spec: print(json.dumps(results, indent=2, sort_keys=True)) if failures: raise SystemExit(f"failed to leave/forget rooms: {', '.join(failures)}") - PY + PY \ No newline at end of file diff --git a/services/comms/guest-name-job.yaml b/services/comms/guest-name-job.yaml index 00a1e47..0ba2f52 100644 --- a/services/comms/guest-name-job.yaml +++ b/services/comms/guest-name-job.yaml @@ -17,6 +17,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "comms" vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret" vault.hashicorp.com/agent-inject-template-turn-secret: | @@ -430,4 +431,4 @@ spec: db_rename_numeric(existing) finally: mas_revoke_session(admin_token, seeder_session) - PY + PY \ No newline at end of file diff --git a/services/comms/mas-local-users-ensure-job.yaml b/services/comms/mas-local-users-ensure-job.yaml index 3cf24f9..fcb0faf 100644 --- a/services/comms/mas-local-users-ensure-job.yaml +++ b/services/comms/mas-local-users-ensure-job.yaml @@ -11,6 +11,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "comms" vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret" vault.hashicorp.com/agent-inject-template-turn-secret: | @@ -186,4 +187,4 @@ spec: token = admin_token() ensure_user(token, os.environ["SEEDER_USER"], os.environ["SEEDER_PASS"]) ensure_user(token, os.environ["BOT_USER"], os.environ["BOT_PASS"]) - PY + PY \ No newline at end of file diff --git a/services/comms/othrys-kick-numeric-job.yaml b/services/comms/othrys-kick-numeric-job.yaml index fa9d62d..4d9ad6d 100644 --- a/services/comms/othrys-kick-numeric-job.yaml +++ b/services/comms/othrys-kick-numeric-job.yaml @@ -10,6 +10,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "comms" vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret" vault.hashicorp.com/agent-inject-template-turn-secret: | @@ -155,4 +156,4 @@ spec: - name: vault-scripts configMap: name: comms-vault-env - defaultMode: 0555 + defaultMode: 0555 \ No newline at end of file diff --git a/services/comms/pin-othrys-job.yaml b/services/comms/pin-othrys-job.yaml index e56a71f..f25c18e 100644 --- a/services/comms/pin-othrys-job.yaml +++ b/services/comms/pin-othrys-job.yaml @@ -17,6 +17,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "comms" vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret" vault.hashicorp.com/agent-inject-template-turn-secret: | @@ -163,4 +164,4 @@ spec: - name: vault-scripts configMap: name: comms-vault-env - defaultMode: 0555 + defaultMode: 0555 \ No newline at end of file diff --git a/services/comms/reset-othrys-room-job.yaml b/services/comms/reset-othrys-room-job.yaml index 319e0a7..c0d941b 100644 --- a/services/comms/reset-othrys-room-job.yaml +++ b/services/comms/reset-othrys-room-job.yaml @@ -17,6 +17,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "comms" vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret" vault.hashicorp.com/agent-inject-template-turn-secret: | @@ -306,4 +307,4 @@ spec: - name: vault-scripts configMap: name: comms-vault-env - defaultMode: 0555 + defaultMode: 0555 \ No newline at end of file diff --git a/services/comms/seed-othrys-room.yaml b/services/comms/seed-othrys-room.yaml index 333ff35..ce87c85 100644 --- a/services/comms/seed-othrys-room.yaml +++ b/services/comms/seed-othrys-room.yaml @@ -15,6 +15,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "comms" vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret" vault.hashicorp.com/agent-inject-template-turn-secret: | @@ -179,4 +180,4 @@ spec: - name: vault-scripts configMap: name: comms-vault-env - defaultMode: 0555 + defaultMode: 0555 \ No newline at end of file diff --git a/services/comms/synapse-seeder-admin-ensure-job.yaml b/services/comms/synapse-seeder-admin-ensure-job.yaml index 450bdcd..073c28d 100644 --- a/services/comms/synapse-seeder-admin-ensure-job.yaml +++ b/services/comms/synapse-seeder-admin-ensure-job.yaml @@ -10,6 +10,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "comms" vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret" vault.hashicorp.com/agent-inject-template-turn-secret: | @@ -76,4 +77,4 @@ spec: - name: vault-scripts configMap: name: comms-vault-env - defaultMode: 0555 + defaultMode: 0555 \ No newline at end of file diff --git a/services/comms/synapse-user-seed-job.yaml b/services/comms/synapse-user-seed-job.yaml index 82b72e7..4117bff 100644 --- a/services/comms/synapse-user-seed-job.yaml +++ b/services/comms/synapse-user-seed-job.yaml @@ -11,6 +11,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "comms" vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret" vault.hashicorp.com/agent-inject-template-turn-secret: | @@ -150,4 +151,4 @@ spec: - name: vault-scripts configMap: name: comms-vault-env - defaultMode: 0555 + defaultMode: 0555 \ No newline at end of file diff --git a/services/keycloak/endurain-oidc-secret-ensure-job.yaml b/services/keycloak/endurain-oidc-secret-ensure-job.yaml index 386c663..2ce30b4 100644 --- a/services/keycloak/endurain-oidc-secret-ensure-job.yaml +++ b/services/keycloak/endurain-oidc-secret-ensure-job.yaml @@ -11,6 +11,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "sso-secrets" vault.hashicorp.com/agent-inject-secret-keycloak-admin-env.sh: "kv/data/atlas/shared/keycloak-admin" vault.hashicorp.com/agent-inject-template-keycloak-admin-env.sh: | @@ -49,4 +50,4 @@ spec: volumeMounts: - name: endurain-oidc-secret-ensure-script mountPath: /scripts - readOnly: true + readOnly: true \ No newline at end of file diff --git a/services/keycloak/harbor-oidc-secret-ensure-job.yaml b/services/keycloak/harbor-oidc-secret-ensure-job.yaml index 598b801..fc6dd7e 100644 --- a/services/keycloak/harbor-oidc-secret-ensure-job.yaml +++ b/services/keycloak/harbor-oidc-secret-ensure-job.yaml @@ -11,6 +11,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "sso-secrets" vault.hashicorp.com/agent-inject-secret-keycloak-admin-env.sh: "kv/data/atlas/shared/keycloak-admin" vault.hashicorp.com/agent-inject-template-keycloak-admin-env.sh: | @@ -44,4 +45,4 @@ spec: volumeMounts: - name: harbor-oidc-secret-ensure-script mountPath: /scripts - readOnly: true + readOnly: true \ No newline at end of file diff --git a/services/keycloak/ldap-federation-job.yaml b/services/keycloak/ldap-federation-job.yaml index 8dd62c9..783200c 100644 --- a/services/keycloak/ldap-federation-job.yaml +++ b/services/keycloak/ldap-federation-job.yaml @@ -10,6 +10,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "sso" vault.hashicorp.com/agent-inject-secret-keycloak-env.sh: "kv/data/atlas/shared/keycloak-admin" vault.hashicorp.com/agent-inject-template-keycloak-env.sh: | @@ -376,4 +377,4 @@ spec: except Exception as e: print(f"WARNING: LDAP cleanup failed (continuing): {e}") PY - volumeMounts: + volumeMounts: \ No newline at end of file diff --git a/services/keycloak/logs-oidc-secret-ensure-job.yaml b/services/keycloak/logs-oidc-secret-ensure-job.yaml index 5f9316f..67abdc9 100644 --- a/services/keycloak/logs-oidc-secret-ensure-job.yaml +++ b/services/keycloak/logs-oidc-secret-ensure-job.yaml @@ -11,6 +11,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "sso-secrets" vault.hashicorp.com/agent-inject-secret-keycloak-admin-env.sh: "kv/data/atlas/shared/keycloak-admin" vault.hashicorp.com/agent-inject-template-keycloak-admin-env.sh: | @@ -121,4 +122,4 @@ spec: --from-literal=cookie_secret="${COOKIE_SECRET}" \ --dry-run=client -o yaml | kubectl -n logging apply -f - >/dev/null volumeMounts: - volumes: + volumes: \ No newline at end of file diff --git a/services/keycloak/mas-secrets-ensure-job.yaml b/services/keycloak/mas-secrets-ensure-job.yaml index 330cb51..ff5f022 100644 --- a/services/keycloak/mas-secrets-ensure-job.yaml +++ b/services/keycloak/mas-secrets-ensure-job.yaml @@ -19,6 +19,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/agent-init-first: "true" vault.hashicorp.com/role: "sso-secrets" vault.hashicorp.com/agent-inject-secret-keycloak-admin-env.sh: "kv/data/atlas/shared/keycloak-admin" @@ -123,4 +124,4 @@ spec: -d "${payload}" "${vault_addr}/v1/kv/data/atlas/comms/mas-secrets-runtime" >/dev/null volumeMounts: - name: work - mountPath: /work + mountPath: /work \ No newline at end of file diff --git a/services/keycloak/portal-e2e-client-job.yaml b/services/keycloak/portal-e2e-client-job.yaml index c3d996d..e54fdfa 100644 --- a/services/keycloak/portal-e2e-client-job.yaml +++ b/services/keycloak/portal-e2e-client-job.yaml @@ -10,6 +10,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "sso" vault.hashicorp.com/agent-inject-secret-keycloak-env.sh: "kv/data/atlas/shared/keycloak-admin" vault.hashicorp.com/agent-inject-template-keycloak-env.sh: | @@ -257,4 +258,4 @@ spec: raise SystemExit(f"Role mapping update failed (status={status}) resp={resp}") PY volumeMounts: - volumes: + volumes: \ No newline at end of file diff --git a/services/keycloak/portal-e2e-execute-actions-email-test-job.yaml b/services/keycloak/portal-e2e-execute-actions-email-test-job.yaml index aeb3a0d..cc23305 100644 --- a/services/keycloak/portal-e2e-execute-actions-email-test-job.yaml +++ b/services/keycloak/portal-e2e-execute-actions-email-test-job.yaml @@ -10,6 +10,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "sso" vault.hashicorp.com/agent-inject-secret-keycloak-env.sh: "kv/data/atlas/shared/keycloak-admin" vault.hashicorp.com/agent-inject-template-keycloak-env.sh: | @@ -69,4 +70,4 @@ spec: - name: tests configMap: name: portal-e2e-tests - defaultMode: 0555 + defaultMode: 0555 \ No newline at end of file diff --git a/services/keycloak/portal-e2e-target-client-job.yaml b/services/keycloak/portal-e2e-target-client-job.yaml index 2900ae9..6fee3e8 100644 --- a/services/keycloak/portal-e2e-target-client-job.yaml +++ b/services/keycloak/portal-e2e-target-client-job.yaml @@ -10,6 +10,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "sso" vault.hashicorp.com/agent-inject-secret-keycloak-env.sh: "kv/data/atlas/shared/keycloak-admin" vault.hashicorp.com/agent-inject-template-keycloak-env.sh: | @@ -158,4 +159,4 @@ spec: print(f"OK: ensured token exchange enabled on client {target_client_id}") PY volumeMounts: - volumes: + volumes: \ No newline at end of file diff --git a/services/keycloak/portal-e2e-token-exchange-permissions-job.yaml b/services/keycloak/portal-e2e-token-exchange-permissions-job.yaml index 026260a..9ef1a01 100644 --- a/services/keycloak/portal-e2e-token-exchange-permissions-job.yaml +++ b/services/keycloak/portal-e2e-token-exchange-permissions-job.yaml @@ -10,6 +10,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "sso" vault.hashicorp.com/agent-inject-secret-keycloak-env.sh: "kv/data/atlas/shared/keycloak-admin" vault.hashicorp.com/agent-inject-template-keycloak-env.sh: | @@ -290,4 +291,4 @@ spec: print("OK: configured token exchange permissions for portal E2E client") PY - volumeMounts: + volumeMounts: \ No newline at end of file diff --git a/services/keycloak/portal-e2e-token-exchange-test-job.yaml b/services/keycloak/portal-e2e-token-exchange-test-job.yaml index f32fa52..ae1c636 100644 --- a/services/keycloak/portal-e2e-token-exchange-test-job.yaml +++ b/services/keycloak/portal-e2e-token-exchange-test-job.yaml @@ -11,6 +11,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "sso" vault.hashicorp.com/agent-inject-secret-keycloak-env.sh: "kv/data/atlas/shared/keycloak-admin" vault.hashicorp.com/agent-inject-template-keycloak-env.sh: | @@ -70,4 +71,4 @@ spec: - name: tests configMap: name: portal-e2e-tests - defaultMode: 0555 + defaultMode: 0555 \ No newline at end of file diff --git a/services/keycloak/realm-settings-job.yaml b/services/keycloak/realm-settings-job.yaml index d26e199..926ebeb 100644 --- a/services/keycloak/realm-settings-job.yaml +++ b/services/keycloak/realm-settings-job.yaml @@ -10,6 +10,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "sso" vault.hashicorp.com/agent-inject-secret-keycloak-env.sh: "kv/data/atlas/shared/keycloak-admin" vault.hashicorp.com/agent-inject-template-keycloak-env.sh: | @@ -467,4 +468,4 @@ spec: f"Unexpected execution update response for identity-provider-redirector: {status}" ) PY - volumeMounts: + volumeMounts: \ No newline at end of file diff --git a/services/keycloak/sparkyfitness-oidc-secret-ensure-job.yaml b/services/keycloak/sparkyfitness-oidc-secret-ensure-job.yaml index 6405d81..ea38eec 100644 --- a/services/keycloak/sparkyfitness-oidc-secret-ensure-job.yaml +++ b/services/keycloak/sparkyfitness-oidc-secret-ensure-job.yaml @@ -11,6 +11,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "sso-secrets" vault.hashicorp.com/agent-inject-secret-keycloak-admin-env.sh: "kv/data/atlas/shared/keycloak-admin" vault.hashicorp.com/agent-inject-template-keycloak-admin-env.sh: | @@ -49,4 +50,4 @@ spec: volumeMounts: - name: sparkyfitness-oidc-secret-ensure-script mountPath: /scripts - readOnly: true + readOnly: true \ No newline at end of file diff --git a/services/keycloak/synapse-oidc-secret-ensure-job.yaml b/services/keycloak/synapse-oidc-secret-ensure-job.yaml index f4f0da4..9a5dd8e 100644 --- a/services/keycloak/synapse-oidc-secret-ensure-job.yaml +++ b/services/keycloak/synapse-oidc-secret-ensure-job.yaml @@ -11,6 +11,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "sso-secrets" vault.hashicorp.com/agent-inject-secret-keycloak-admin-env.sh: "kv/data/atlas/shared/keycloak-admin" vault.hashicorp.com/agent-inject-template-keycloak-admin-env.sh: | @@ -81,4 +82,4 @@ spec: curl -sS -X POST -H "X-Vault-Token: ${vault_token}" \ -d "${payload}" "${vault_addr}/v1/kv/data/atlas/comms/synapse-oidc" >/dev/null volumeMounts: - volumes: + volumes: \ No newline at end of file diff --git a/services/keycloak/user-overrides-job.yaml b/services/keycloak/user-overrides-job.yaml index d0063fb..431d4fe 100644 --- a/services/keycloak/user-overrides-job.yaml +++ b/services/keycloak/user-overrides-job.yaml @@ -10,6 +10,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "sso" vault.hashicorp.com/agent-inject-secret-keycloak-env.sh: "kv/data/atlas/shared/keycloak-admin" vault.hashicorp.com/agent-inject-template-keycloak-env.sh: | @@ -164,4 +165,4 @@ spec: if status not in (200, 204): raise SystemExit(f"Unexpected user update response: {status}") PY - volumeMounts: + volumeMounts: \ No newline at end of file diff --git a/services/keycloak/vault-oidc-secret-ensure-job.yaml b/services/keycloak/vault-oidc-secret-ensure-job.yaml index 982444f..29f69b7 100644 --- a/services/keycloak/vault-oidc-secret-ensure-job.yaml +++ b/services/keycloak/vault-oidc-secret-ensure-job.yaml @@ -11,6 +11,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "sso-secrets" vault.hashicorp.com/agent-inject-secret-keycloak-admin-env.sh: "kv/data/atlas/shared/keycloak-admin" vault.hashicorp.com/agent-inject-template-keycloak-admin-env.sh: | @@ -44,4 +45,4 @@ spec: volumeMounts: - name: vault-oidc-secret-ensure-script mountPath: /scripts - readOnly: true + readOnly: true \ No newline at end of file diff --git a/services/mailu/mailu-sync-cronjob.yaml b/services/mailu/mailu-sync-cronjob.yaml index e4ef9be..9e0e35c 100644 --- a/services/mailu/mailu-sync-cronjob.yaml +++ b/services/mailu/mailu-sync-cronjob.yaml @@ -13,6 +13,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "mailu-mailserver" vault.hashicorp.com/agent-inject-secret-mailu-db-secret__database: "kv/data/atlas/mailu/mailu-db-secret" vault.hashicorp.com/agent-inject-template-mailu-db-secret__database: | @@ -78,4 +79,4 @@ spec: - name: vault-scripts configMap: name: mailu-vault-env - defaultMode: 0555 + defaultMode: 0555 \ No newline at end of file diff --git a/services/mailu/mailu-sync-job.yaml b/services/mailu/mailu-sync-job.yaml index b1cee93..00c84c5 100644 --- a/services/mailu/mailu-sync-job.yaml +++ b/services/mailu/mailu-sync-job.yaml @@ -9,6 +9,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "mailu-mailserver" vault.hashicorp.com/agent-inject-secret-mailu-db-secret__database: "kv/data/atlas/mailu/mailu-db-secret" vault.hashicorp.com/agent-inject-template-mailu-db-secret__database: | @@ -74,4 +75,4 @@ spec: - name: vault-scripts configMap: name: mailu-vault-env - defaultMode: 0555 + defaultMode: 0555 \ No newline at end of file diff --git a/services/nextcloud-mail-sync/cronjob.yaml b/services/nextcloud-mail-sync/cronjob.yaml index e6dcd37..6f38778 100644 --- a/services/nextcloud-mail-sync/cronjob.yaml +++ b/services/nextcloud-mail-sync/cronjob.yaml @@ -15,6 +15,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "nextcloud" vault.hashicorp.com/agent-inject-secret-nextcloud-env.sh: "kv/data/atlas/nextcloud/nextcloud-db" vault.hashicorp.com/agent-inject-template-nextcloud-env.sh: | @@ -103,4 +104,4 @@ spec: - name: sync-script configMap: name: nextcloud-mail-sync-script - defaultMode: 0755 + defaultMode: 0755 \ No newline at end of file diff --git a/services/nextcloud/maintenance-cronjob.yaml b/services/nextcloud/maintenance-cronjob.yaml index 8c92417..1ace3fc 100644 --- a/services/nextcloud/maintenance-cronjob.yaml +++ b/services/nextcloud/maintenance-cronjob.yaml @@ -13,6 +13,7 @@ spec: metadata: annotations: vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "nextcloud" vault.hashicorp.com/agent-inject-secret-nextcloud-env.sh: "kv/data/atlas/nextcloud/nextcloud-db" vault.hashicorp.com/agent-inject-template-nextcloud-env.sh: | @@ -93,4 +94,4 @@ spec: - name: maintenance-script configMap: name: nextcloud-maintenance-script - defaultMode: 0755 + defaultMode: 0755 \ No newline at end of file