# services/veles/secretproviderclass.yaml apiVersion: secrets-store.csi.x-k8s.io/v1 kind: SecretProviderClass metadata: name: veles-vault namespace: veles spec: provider: vault parameters: vaultAddress: "http://vault.vault.svc.cluster.local:8200" roleName: "veles" objects: | - objectName: "harbor-pull__dockerconfigjson" secretPath: "kv/data/atlas/shared/harbor-pull" secretKey: "dockerconfigjson" - objectName: "veles-db__DATABASE_URL" secretPath: "kv/data/atlas/veles/veles-db" secretKey: "DATABASE_URL" - objectName: "veles-db__POSTGRES_USER" secretPath: "kv/data/atlas/veles/veles-db" secretKey: "POSTGRES_USER" - objectName: "veles-db__POSTGRES_PASSWORD" secretPath: "kv/data/atlas/veles/veles-db" secretKey: "POSTGRES_PASSWORD" - objectName: "veles-oidc__client_secret" secretPath: "kv/data/atlas/veles/veles-oidc" secretKey: "client_secret" - objectName: "veles-app-secrets__VELES_SESSION_SECRET" secretPath: "kv/data/atlas/veles/app-secrets" secretKey: "VELES_SESSION_SECRET" - objectName: "veles-app-secrets__VELES_BYOK_ENCRYPTION_KEY" secretPath: "kv/data/atlas/veles/app-secrets" secretKey: "VELES_BYOK_ENCRYPTION_KEY" secretObjects: - secretName: harbor-regcred type: kubernetes.io/dockerconfigjson data: - objectName: harbor-pull__dockerconfigjson key: .dockerconfigjson - secretName: veles-runtime-secrets type: Opaque data: - objectName: veles-db__DATABASE_URL key: DATABASE_URL - objectName: veles-db__POSTGRES_USER key: VELES_DATABASE_USER - objectName: veles-db__POSTGRES_PASSWORD key: VELES_DATABASE_PASSWORD - objectName: veles-oidc__client_secret key: VELES_OIDC_CLIENT_SECRET - objectName: veles-app-secrets__VELES_SESSION_SECRET key: VELES_SESSION_SECRET - objectName: veles-app-secrets__VELES_BYOK_ENCRYPTION_KEY key: VELES_BYOK_ENCRYPTION_KEY