Mayne0213
c1214029a2
- alertmanager: alertmanager → observability/alertmanager - grafana: postgresql → storage/postgresql - prometheus: postgresql → storage/postgresql, minio → storage/minio - thanos: minio → storage/minio Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
58 lines
1.3 KiB
YAML
58 lines
1.3 KiB
YAML
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: postgresql-password
|
|
namespace: prometheus
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: vault-backend
|
|
target:
|
|
name: postgresql-password
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: password
|
|
remoteRef:
|
|
key: storage/postgresql
|
|
property: PASSWORD
|
|
---
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: thanos-objstore-secret
|
|
namespace: prometheus
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: vault-backend
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: thanos-objstore-secret
|
|
template:
|
|
engineVersion: v2
|
|
data:
|
|
objstore.yml: |
|
|
type: S3
|
|
config:
|
|
bucket: thanos
|
|
endpoint: minio.minio.svc.cluster.local:9000
|
|
access_key: {{ .access_key }}
|
|
secret_key: {{ .secret_key }}
|
|
insecure: true
|
|
data:
|
|
- secretKey: access_key
|
|
remoteRef:
|
|
key: storage/minio
|
|
property: ROOT_USER
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
metadataPolicy: None
|
|
- secretKey: secret_key
|
|
remoteRef:
|
|
key: storage/minio
|
|
property: ROOT_PASSWORD
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
metadataPolicy: None
|