55 lines
2.1 KiB
YAML
55 lines
2.1 KiB
YAML
# services/veles/secretproviderclass.yaml
|
|
apiVersion: secrets-store.csi.x-k8s.io/v1
|
|
kind: SecretProviderClass
|
|
metadata:
|
|
name: veles-vault
|
|
namespace: veles
|
|
spec:
|
|
provider: vault
|
|
parameters:
|
|
vaultAddress: "http://vault.vault.svc.cluster.local:8200"
|
|
roleName: "veles"
|
|
objects: |
|
|
- objectName: "harbor-pull__dockerconfigjson"
|
|
secretPath: "kv/data/atlas/shared/harbor-pull"
|
|
secretKey: "dockerconfigjson"
|
|
- objectName: "veles-db__DATABASE_URL"
|
|
secretPath: "kv/data/atlas/veles/veles-db"
|
|
secretKey: "DATABASE_URL"
|
|
- objectName: "veles-db__POSTGRES_USER"
|
|
secretPath: "kv/data/atlas/veles/veles-db"
|
|
secretKey: "POSTGRES_USER"
|
|
- objectName: "veles-db__POSTGRES_PASSWORD"
|
|
secretPath: "kv/data/atlas/veles/veles-db"
|
|
secretKey: "POSTGRES_PASSWORD"
|
|
- objectName: "veles-oidc__client_secret"
|
|
secretPath: "kv/data/atlas/veles/veles-oidc"
|
|
secretKey: "client_secret"
|
|
- objectName: "veles-app-secrets__VELES_SESSION_SECRET"
|
|
secretPath: "kv/data/atlas/veles/app-secrets"
|
|
secretKey: "VELES_SESSION_SECRET"
|
|
- objectName: "veles-app-secrets__VELES_BYOK_ENCRYPTION_KEY"
|
|
secretPath: "kv/data/atlas/veles/app-secrets"
|
|
secretKey: "VELES_BYOK_ENCRYPTION_KEY"
|
|
secretObjects:
|
|
- secretName: harbor-regcred
|
|
type: kubernetes.io/dockerconfigjson
|
|
data:
|
|
- objectName: harbor-pull__dockerconfigjson
|
|
key: .dockerconfigjson
|
|
- secretName: veles-runtime-secrets
|
|
type: Opaque
|
|
data:
|
|
- objectName: veles-db__DATABASE_URL
|
|
key: DATABASE_URL
|
|
- objectName: veles-db__POSTGRES_USER
|
|
key: VELES_DATABASE_USER
|
|
- objectName: veles-db__POSTGRES_PASSWORD
|
|
key: VELES_DATABASE_PASSWORD
|
|
- objectName: veles-oidc__client_secret
|
|
key: VELES_OIDC_CLIENT_SECRET
|
|
- objectName: veles-app-secrets__VELES_SESSION_SECRET
|
|
key: VELES_SESSION_SECRET
|
|
- objectName: veles-app-secrets__VELES_BYOK_ENCRYPTION_KEY
|
|
key: VELES_BYOK_ENCRYPTION_KEY
|