# infrastructure/longhorn/core/secretproviderclass.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: longhorn-vault
  namespace: longhorn-system
spec:
  provider: vault
  parameters:
    vaultAddress: "http://vault.vault.svc.cluster.local:8200"
    roleName: "longhorn"
    objects: |
      - objectName: "harbor-pull__dockerconfigjson"
        secretPath: "kv/data/atlas/shared/harbor-pull"
        secretKey: "dockerconfigjson"
      - objectName: "longhorn_backup__AWS_ACCESS_KEY_ID"
        secretPath: "kv/data/atlas/longhorn/backup-b2"
        secretKey: "AWS_ACCESS_KEY_ID"
      - objectName: "longhorn_backup__AWS_SECRET_ACCESS_KEY"
        secretPath: "kv/data/atlas/longhorn/backup-b2"
        secretKey: "AWS_SECRET_ACCESS_KEY"
      - objectName: "longhorn_backup__AWS_ENDPOINTS"
        secretPath: "kv/data/atlas/longhorn/backup-b2"
        secretKey: "AWS_ENDPOINTS"
  secretObjects:
    - secretName: longhorn-registry
      type: kubernetes.io/dockerconfigjson
      data:
        - objectName: harbor-pull__dockerconfigjson
          key: .dockerconfigjson
    - secretName: longhorn-backup-b2
      type: Opaque
      data:
        - objectName: longhorn_backup__AWS_ACCESS_KEY_ID
          key: AWS_ACCESS_KEY_ID
        - objectName: longhorn_backup__AWS_SECRET_ACCESS_KEY
          key: AWS_SECRET_ACCESS_KEY
        - objectName: longhorn_backup__AWS_ENDPOINTS
          key: AWS_ENDPOINTS