# services/harbor/secretproviderclass.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: harbor-vault
  namespace: harbor
spec:
  provider: vault
  parameters:
    vaultAddress: "http://vault.vault.svc.cluster.local:8200"
    roleName: "harbor"
    objects: |
      - objectName: "harbor-core__CSRF_KEY"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "CSRF_KEY"
      - objectName: "harbor-core__REGISTRY_CREDENTIAL_PASSWORD"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "REGISTRY_CREDENTIAL_PASSWORD"
      - objectName: "harbor-core__harbor_admin_password"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "harbor_admin_password"
      - objectName: "harbor-core__secret"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "secret"
      - objectName: "harbor-core__secretKey"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "secretKey"
      - objectName: "harbor-core__tls.crt"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "tls.crt"
      - objectName: "harbor-core__tls.key"
        secretPath: "kv/data/atlas/harbor/harbor-core"
        secretKey: "tls.key"
      - objectName: "harbor-db__database"
        secretPath: "kv/data/atlas/harbor/harbor-db"
        secretKey: "database"
      - objectName: "harbor-db__host"
        secretPath: "kv/data/atlas/harbor/harbor-db"
        secretKey: "host"
      - objectName: "harbor-db__password"
        secretPath: "kv/data/atlas/harbor/harbor-db"
        secretKey: "password"
      - objectName: "harbor-db__port"
        secretPath: "kv/data/atlas/harbor/harbor-db"
        secretKey: "port"
      - objectName: "harbor-db__username"
        secretPath: "kv/data/atlas/harbor/harbor-db"
        secretKey: "username"
      - objectName: "harbor-oidc__CONFIG_OVERWRITE_JSON"
        secretPath: "kv/data/atlas/harbor/harbor-oidc"
        secretKey: "CONFIG_OVERWRITE_JSON"
      - objectName: "harbor-pull__dockerconfigjson"
        secretPath: "kv/data/atlas/harbor-pull/harbor"
        secretKey: "dockerconfigjson"
  secretObjects:
    - secretName: harbor-core
      type: Opaque
      data:
        - objectName: harbor-core__CSRF_KEY
          key: CSRF_KEY
        - objectName: harbor-core__REGISTRY_CREDENTIAL_PASSWORD
          key: REGISTRY_CREDENTIAL_PASSWORD
        - objectName: harbor-core__harbor_admin_password
          key: harbor_admin_password
        - objectName: harbor-core__secret
          key: secret
        - objectName: harbor-core__secretKey
          key: secretKey
        - objectName: harbor-core__tls.crt
          key: tls.crt
        - objectName: harbor-core__tls.key
          key: tls.key
    - secretName: harbor-db
      type: Opaque
      data:
        - objectName: harbor-db__database
          key: database
        - objectName: harbor-db__host
          key: host
        - objectName: harbor-db__password
          key: password
        - objectName: harbor-db__port
          key: port
        - objectName: harbor-db__username
          key: username
    - secretName: harbor-oidc
      type: Opaque
      data:
        - objectName: harbor-oidc__CONFIG_OVERWRITE_JSON
          key: CONFIG_OVERWRITE_JSON
    - secretName: harbor-regcred
      type: kubernetes.io/dockerconfigjson
      data:
        - objectName: harbor-pull__dockerconfigjson
          key: .dockerconfigjson