From 09f08fba75120152ea70455eff14c490312ee31f Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Mon, 29 Dec 2025 13:42:21 +0900 Subject: [PATCH] FEAT(cert-manager): integrate cert-manager, Vault, Velero - Add cert-manager configuration - Add Vault and Velero integration --- vault/argocd-secrets.yaml | 32 ------------------------ vault/{argocd-vault.yaml => argocd.yaml} | 5 ++-- vault/kustomization.yaml | 10 +------- vault/vault-postgres-secret.yaml | 21 ---------------- 4 files changed, 4 insertions(+), 64 deletions(-) delete mode 100644 vault/argocd-secrets.yaml rename vault/{argocd-vault.yaml => argocd.yaml} (88%) delete mode 100644 vault/vault-postgres-secret.yaml diff --git a/vault/argocd-secrets.yaml b/vault/argocd-secrets.yaml deleted file mode 100644 index 0f7ceb4..0000000 --- a/vault/argocd-secrets.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: vault-secrets - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: default - - source: - repoURL: https://gitea0213.kro.kr/bluemayne/cluster-infrastructure.git - targetRevision: main - path: vault - - destination: - server: https://kubernetes.default.svc - - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: 5 - backoff: - duration: 5s - factor: 2 - maxDuration: 3m - - revisionHistoryLimit: 10 diff --git a/vault/argocd-vault.yaml b/vault/argocd.yaml similarity index 88% rename from vault/argocd-vault.yaml rename to vault/argocd.yaml index 6ea977b..592b6d8 100644 --- a/vault/argocd-vault.yaml +++ b/vault/argocd.yaml @@ -9,17 +9,18 @@ spec: project: default sources: - # Helm chart from external repository - repoURL: https://helm.releases.hashicorp.com chart: vault targetRevision: 0.28.1 helm: valueFiles: - $values/vault/helm-values.yaml - # Values file from Git repository - repoURL: https://gitea0213.kro.kr/bluemayne/cluster-infrastructure.git targetRevision: main ref: values + - repoURL: https://gitea0213.kro.kr/bluemayne/cluster-infrastructure.git + targetRevision: main + path: vault destination: server: https://kubernetes.default.svc diff --git a/vault/kustomization.yaml b/vault/kustomization.yaml index 123f1ca..08e3cbb 100644 --- a/vault/kustomization.yaml +++ b/vault/kustomization.yaml @@ -2,13 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - # argocd.yaml files은 수동으로 관리 (순환 참조 방지) - # - argocd-vault.yaml - # - argocd-secrets.yaml - namespace.yaml - - # External Secrets integration - # ServiceAccount is managed by external-secrets Helm chart - - cluster-secret-store.yaml - - vault-postgres-secret.yaml - # vault-config-job.yaml은 삭제됨 (민감한 정보 포함으로 인해 .md 파일로 대체) \ No newline at end of file + - cluster-secret-store.yaml \ No newline at end of file diff --git a/vault/vault-postgres-secret.yaml b/vault/vault-postgres-secret.yaml deleted file mode 100644 index 10f0824..0000000 --- a/vault/vault-postgres-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: vault-postgres-password - namespace: vault -spec: - refreshInterval: 1h - secretStoreRef: - kind: ClusterSecretStore - name: vault-backend - target: - name: vault-postgres-password - creationPolicy: Owner - template: - data: - password: "{{ .password }}" - data: - - secretKey: password - remoteRef: - key: databases/postgresql-cnpg - property: VAULT_PASSWORD