alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

use env values

Browse Source
This commit is contained in:
Alex Lebens
2024-07-02 11:40:38 -05:00
parent 72b8a546e3
commit c6458f30e3
2 changed files with 186 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
clusters/cl01tl/platform/vault/templates/external-secret.yaml
View File

@@ -92,13 +92,69 @@ spec:
kind: ClusterSecretStore
name: vault
data:
- secretKey: vault-unseal.yaml
- secretKey: ENVIRONMENT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: vault-unseal.yaml-1
property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: MAX_CHECK_INTERVAL
- secretKey: NODES
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: TLS_SKIP_VERIFY
- secretKey: TOKENS
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: TOKENS
- secretKey: EMAIL_ENABLED
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-1
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY
---
apiVersion: external-secrets.io/v1beta1
@@ -117,13 +173,69 @@ spec:
kind: ClusterSecretStore
name: vault
data:
- secretKey: vault-unseal.yaml
- secretKey: ENVIRONMENT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: vault-unseal.yaml-2
property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: MAX_CHECK_INTERVAL
- secretKey: NODES
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: TLS_SKIP_VERIFY
- secretKey: TOKENS
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: TOKENS
- secretKey: EMAIL_ENABLED
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-2
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY
---
apiVersion: external-secrets.io/v1beta1
@@ -142,13 +254,69 @@ spec:
kind: ClusterSecretStore
name: vault
data:
- secretKey: vault-unseal.yaml
- secretKey: ENVIRONMENT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: vault-unseal.yaml-3
property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config--3
metadataPolicy: None
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: MAX_CHECK_INTERVAL
- secretKey: NODES
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: TLS_SKIP_VERIFY
- secretKey: TOKENS
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: TOKENS
- secretKey: EMAIL_ENABLED
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/unseal/config-3
metadataPolicy: None
property: NOTIFY_QUEUE_DELAY
---
apiVersion: external-secrets.io/v1beta1

43
clusters/cl01tl/platform/vault/values.yaml
View File

@@ -255,6 +255,9 @@ unseal:
repository: ghcr.io/lrstanley/vault-unseal
tag: 0.5.1
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: vault-unseal-config-1
resources:
requests:
cpu: 100m
@@ -270,6 +273,9 @@ unseal:
repository: ghcr.io/lrstanley/vault-unseal
tag: 0.5.1
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: vault-unseal-config-2
resources:
requests:
cpu: 100m
@@ -285,43 +291,12 @@ unseal:
repository: ghcr.io/lrstanley/vault-unseal
tag: 0.5.1
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: vault-unseal-config-3
resources:
requests:
cpu: 100m
memory: 128Mi
serviceAccount:
create: true
persistence:
config-1:
enabled: true
type: secret
name: vault-unseal-config-1
advancedMounts:
unseal-1:
main:
- path: /vault-unseal.yaml
readOnly: true
mountPropagation: None
subPath: vault-unseal.yaml
config-2:
enabled: true
type: secret
name: vault-unseal-config-2
advancedMounts:
unseal-2:
main:
- path: /vault-unseal.yaml
readOnly: true
mountPropagation: None
subPath: vault-unseal.yaml
config-3:
enabled: true
type: secret
name: vault-unseal-config-3
advancedMounts:
unseal-3:
main:
- path: /vault-unseal.yaml
readOnly: true
mountPropagation: None
subPath: vault-unseal.yaml