143 lines
5.4 KiB
YAML
143 lines
5.4 KiB
YAML
# services/comms/secretproviderclass.yaml
|
|
apiVersion: secrets-store.csi.x-k8s.io/v1
|
|
kind: SecretProviderClass
|
|
metadata:
|
|
name: comms-vault
|
|
namespace: comms
|
|
spec:
|
|
provider: vault
|
|
parameters:
|
|
vaultAddress: "http://vault.vault.svc.cluster.local:8200"
|
|
roleName: "comms"
|
|
objects: |
|
|
- objectName: "turn-shared-secret__TURN_STATIC_AUTH_SECRET"
|
|
secretPath: "kv/data/atlas/comms/turn-shared-secret"
|
|
secretKey: "TURN_STATIC_AUTH_SECRET"
|
|
- objectName: "livekit-api__primary"
|
|
secretPath: "kv/data/atlas/comms/livekit-api"
|
|
secretKey: "primary"
|
|
- objectName: "synapse-db__POSTGRES_PASSWORD"
|
|
secretPath: "kv/data/atlas/comms/synapse-db"
|
|
secretKey: "POSTGRES_PASSWORD"
|
|
- objectName: "synapse-redis__redis-password"
|
|
secretPath: "kv/data/atlas/comms/synapse-redis"
|
|
secretKey: "redis-password"
|
|
- objectName: "synapse-macaroon__macaroon_secret_key"
|
|
secretPath: "kv/data/atlas/comms/synapse-macaroon"
|
|
secretKey: "macaroon_secret_key"
|
|
- objectName: "atlasbot-credentials-runtime__bot-password"
|
|
secretPath: "kv/data/atlas/comms/atlasbot-credentials-runtime"
|
|
secretKey: "bot-password"
|
|
- objectName: "atlasbot-credentials-runtime__seeder-password"
|
|
secretPath: "kv/data/atlas/comms/atlasbot-credentials-runtime"
|
|
secretKey: "seeder-password"
|
|
- objectName: "chat-ai-keys-runtime__matrix"
|
|
secretPath: "kv/data/atlas/shared/chat-ai-keys-runtime"
|
|
secretKey: "matrix"
|
|
- objectName: "chat-ai-keys-runtime__homepage"
|
|
secretPath: "kv/data/atlas/shared/chat-ai-keys-runtime"
|
|
secretKey: "homepage"
|
|
- objectName: "mas-admin-client-runtime__client_secret"
|
|
secretPath: "kv/data/atlas/comms/mas-admin-client-runtime"
|
|
secretKey: "client_secret"
|
|
- objectName: "mas-db__password"
|
|
secretPath: "kv/data/atlas/comms/mas-db"
|
|
secretKey: "password"
|
|
- objectName: "mas-secrets-runtime__encryption"
|
|
secretPath: "kv/data/atlas/comms/mas-secrets-runtime"
|
|
secretKey: "encryption"
|
|
- objectName: "mas-secrets-runtime__matrix_shared_secret"
|
|
secretPath: "kv/data/atlas/comms/mas-secrets-runtime"
|
|
secretKey: "matrix_shared_secret"
|
|
- objectName: "mas-secrets-runtime__keycloak_client_secret"
|
|
secretPath: "kv/data/atlas/comms/mas-secrets-runtime"
|
|
secretKey: "keycloak_client_secret"
|
|
- objectName: "mas-secrets-runtime__rsa_key"
|
|
secretPath: "kv/data/atlas/comms/mas-secrets-runtime"
|
|
secretKey: "rsa_key"
|
|
- objectName: "othrys-synapse-signingkey__signing.key"
|
|
secretPath: "kv/data/atlas/comms/othrys-synapse-signingkey"
|
|
secretKey: "signing.key"
|
|
- objectName: "synapse-oidc__client-secret"
|
|
secretPath: "kv/data/atlas/comms/synapse-oidc"
|
|
secretKey: "client-secret"
|
|
- objectName: "harbor-pull__dockerconfigjson"
|
|
secretPath: "kv/data/atlas/harbor-pull/comms"
|
|
secretKey: "dockerconfigjson"
|
|
secretObjects:
|
|
- secretName: turn-shared-secret
|
|
type: Opaque
|
|
data:
|
|
- objectName: turn-shared-secret__TURN_STATIC_AUTH_SECRET
|
|
key: TURN_STATIC_AUTH_SECRET
|
|
- secretName: livekit-api
|
|
type: Opaque
|
|
data:
|
|
- objectName: livekit-api__primary
|
|
key: primary
|
|
- secretName: synapse-db
|
|
type: Opaque
|
|
data:
|
|
- objectName: synapse-db__POSTGRES_PASSWORD
|
|
key: POSTGRES_PASSWORD
|
|
- secretName: synapse-redis
|
|
type: Opaque
|
|
data:
|
|
- objectName: synapse-redis__redis-password
|
|
key: redis-password
|
|
- secretName: synapse-macaroon
|
|
type: Opaque
|
|
data:
|
|
- objectName: synapse-macaroon__macaroon_secret_key
|
|
key: macaroon_secret_key
|
|
- secretName: atlasbot-credentials-runtime
|
|
type: Opaque
|
|
data:
|
|
- objectName: atlasbot-credentials-runtime__bot-password
|
|
key: bot-password
|
|
- objectName: atlasbot-credentials-runtime__seeder-password
|
|
key: seeder-password
|
|
- secretName: chat-ai-keys-runtime
|
|
type: Opaque
|
|
data:
|
|
- objectName: chat-ai-keys-runtime__matrix
|
|
key: matrix
|
|
- objectName: chat-ai-keys-runtime__homepage
|
|
key: homepage
|
|
- secretName: mas-admin-client-runtime
|
|
type: Opaque
|
|
data:
|
|
- objectName: mas-admin-client-runtime__client_secret
|
|
key: client_secret
|
|
- secretName: mas-db
|
|
type: Opaque
|
|
data:
|
|
- objectName: mas-db__password
|
|
key: password
|
|
- secretName: mas-secrets-runtime
|
|
type: Opaque
|
|
data:
|
|
- objectName: mas-secrets-runtime__encryption
|
|
key: encryption
|
|
- objectName: mas-secrets-runtime__matrix_shared_secret
|
|
key: matrix_shared_secret
|
|
- objectName: mas-secrets-runtime__keycloak_client_secret
|
|
key: keycloak_client_secret
|
|
- objectName: mas-secrets-runtime__rsa_key
|
|
key: rsa_key
|
|
- secretName: othrys-synapse-signingkey
|
|
type: Opaque
|
|
data:
|
|
- objectName: othrys-synapse-signingkey__signing.key
|
|
key: signing.key
|
|
- secretName: synapse-oidc
|
|
type: Opaque
|
|
data:
|
|
- objectName: synapse-oidc__client-secret
|
|
key: client-secret
|
|
- secretName: harbor-regcred
|
|
type: kubernetes.io/dockerconfigjson
|
|
data:
|
|
- objectName: harbor-pull__dockerconfigjson
|
|
key: .dockerconfigjson
|