use env values

2024-07-02 11:40:38 -05:00
parent 72b8a546e3
commit c6458f30e3
2 changed files with 186 additions and 43 deletions
--- a/clusters/cl01tl/platform/vault/templates/external-secret.yaml
+++ b/clusters/cl01tl/platform/vault/templates/external-secret.yaml
@@ -92,13 +92,69 @@ spec:
    kind: ClusterSecretStore
    name: vault
  data:
-    - secretKey: vault-unseal.yaml
+    - secretKey: ENVIRONMENT
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /cl01tl/vault/unseal/config
+        key: /cl01tl/vault/unseal/config-1
        metadataPolicy: None
-        property: vault-unseal.yaml-1
+        property: ENVIRONMENT
+    - secretKey: CHECK_INTERVAL
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-1
+        metadataPolicy: None
+        property: CHECK_INTERVAL
+    - secretKey: MAX_CHECK_INTERVAL
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-1
+        metadataPolicy: None
+        property: MAX_CHECK_INTERVAL
+    - secretKey: NODES
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-1
+        metadataPolicy: None
+        property: NODES
+    - secretKey: TLS_SKIP_VERIFY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-1
+        metadataPolicy: None
+        property: TLS_SKIP_VERIFY
+    - secretKey: TOKENS
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-1
+        metadataPolicy: None
+        property: TOKENS
+    - secretKey: EMAIL_ENABLED
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-1
+        metadataPolicy: None
+        property: EMAIL_ENABLED
+    - secretKey: NOTIFY_MAX_ELAPSED
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-1
+        metadataPolicy: None
+        property: NOTIFY_MAX_ELAPSED
+    - secretKey: NOTIFY_QUEUE_DELAY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-1
+        metadataPolicy: None
+        property: NOTIFY_QUEUE_DELAY

 ---
 apiVersion: external-secrets.io/v1beta1
@@ -117,13 +173,69 @@ spec:
    kind: ClusterSecretStore
    name: vault
  data:
-    - secretKey: vault-unseal.yaml
+    - secretKey: ENVIRONMENT
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /cl01tl/vault/unseal/config
+        key: /cl01tl/vault/unseal/config-2
        metadataPolicy: None
-        property: vault-unseal.yaml-2
+        property: ENVIRONMENT
+    - secretKey: CHECK_INTERVAL
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-2
+        metadataPolicy: None
+        property: CHECK_INTERVAL
+    - secretKey: MAX_CHECK_INTERVAL
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-2
+        metadataPolicy: None
+        property: MAX_CHECK_INTERVAL
+    - secretKey: NODES
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-2
+        metadataPolicy: None
+        property: NODES
+    - secretKey: TLS_SKIP_VERIFY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-2
+        metadataPolicy: None
+        property: TLS_SKIP_VERIFY
+    - secretKey: TOKENS
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-2
+        metadataPolicy: None
+        property: TOKENS
+    - secretKey: EMAIL_ENABLED
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-2
+        metadataPolicy: None
+        property: EMAIL_ENABLED
+    - secretKey: NOTIFY_MAX_ELAPSED
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-2
+        metadataPolicy: None
+        property: NOTIFY_MAX_ELAPSED
+    - secretKey: NOTIFY_QUEUE_DELAY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-2
+        metadataPolicy: None
+        property: NOTIFY_QUEUE_DELAY

 ---
 apiVersion: external-secrets.io/v1beta1
@@ -142,13 +254,69 @@ spec:
    kind: ClusterSecretStore
    name: vault
  data:
-    - secretKey: vault-unseal.yaml
+    - secretKey: ENVIRONMENT
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /cl01tl/vault/unseal/config
+        key: /cl01tl/vault/unseal/config-3
        metadataPolicy: None
-        property: vault-unseal.yaml-3
+        property: ENVIRONMENT
+    - secretKey: CHECK_INTERVAL
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config--3
+        metadataPolicy: None
+        property: CHECK_INTERVAL
+    - secretKey: MAX_CHECK_INTERVAL
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-3
+        metadataPolicy: None
+        property: MAX_CHECK_INTERVAL
+    - secretKey: NODES
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-3
+        metadataPolicy: None
+        property: NODES
+    - secretKey: TLS_SKIP_VERIFY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-3
+        metadataPolicy: None
+        property: TLS_SKIP_VERIFY
+    - secretKey: TOKENS
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-3
+        metadataPolicy: None
+        property: TOKENS
+    - secretKey: EMAIL_ENABLED
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-3
+        metadataPolicy: None
+        property: EMAIL_ENABLED
+    - secretKey: NOTIFY_MAX_ELAPSED
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-3
+        metadataPolicy: None
+        property: NOTIFY_MAX_ELAPSED
+    - secretKey: NOTIFY_QUEUE_DELAY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/unseal/config-3
+        metadataPolicy: None
+        property: NOTIFY_QUEUE_DELAY

 ---
 apiVersion: external-secrets.io/v1beta1
--- a/clusters/cl01tl/platform/vault/values.yaml
+++ b/clusters/cl01tl/platform/vault/values.yaml
@@ -255,6 +255,9 @@ unseal:
            repository: ghcr.io/lrstanley/vault-unseal
            tag: 0.5.1
            pullPolicy: IfNotPresent
+          envFrom:
+            - secretRef:
+                name: vault-unseal-config-1
          resources:
            requests:
              cpu: 100m
@@ -270,6 +273,9 @@ unseal:
            repository: ghcr.io/lrstanley/vault-unseal
            tag: 0.5.1
            pullPolicy: IfNotPresent
+          envFrom:
+            - secretRef:
+                name: vault-unseal-config-2
          resources:
            requests:
              cpu: 100m
@@ -285,43 +291,12 @@ unseal:
            repository: ghcr.io/lrstanley/vault-unseal
            tag: 0.5.1
            pullPolicy: IfNotPresent
+          envFrom:
+            - secretRef:
+                name: vault-unseal-config-3
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
  serviceAccount:
    create: true
-  persistence:
-    config-1:
-      enabled: true
-      type: secret
-      name: vault-unseal-config-1
-      advancedMounts:
-        unseal-1:
-          main:
-            - path: /vault-unseal.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: vault-unseal.yaml
-    config-2:
-      enabled: true
-      type: secret
-      name: vault-unseal-config-2
-      advancedMounts:
-        unseal-2:
-          main:
-            - path: /vault-unseal.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: vault-unseal.yaml
-    config-3:
-      enabled: true
-      type: secret
-      name: vault-unseal-config-3
-      advancedMounts:
-        unseal-3:
-          main:
-            - path: /vault-unseal.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: vault-unseal.yaml