K3S-HOME/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FEAT(velero): add velero and falco UI auth

Browse Source 
- secrets from Vault
This commit is contained in:
Mayne0213
2025-12-27 21:27:08 +09:00
parent 50ceb6d98d
commit 90c7883c37
3 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
falco/helm-values/falco.yaml
View File

@@ -140,6 +140,19 @@ falcosidekick:
# cpu: removed to prevent throttling # cpu: removed to prevent throttling
memory: 512Mi memory: 512Mi
# Environment variables from Vault secret
env:
- name: FALCOSIDEKICK_USERNAME
valueFrom:
secretKeyRef:
name: falco-ui-secret
key: username
- name: FALCOSIDEKICK_PASSWORD
valueFrom:
secretKeyRef:
name: falco-ui-secret
key: password
# RBAC # RBAC
rbac: rbac:
create: true create: true

2
falco/kustomization.yaml
View File

@@ -5,5 +5,7 @@ resources:
# ArgoCD Application 리소스는 root kustomization.yaml에서 관리 # ArgoCD Application 리소스는 root kustomization.yaml에서 관리
# - argocd/falco.yaml # - argocd/falco.yaml
# Falco UI credentials from Vault
- vault/falco-ui-secret.yaml
# Falco UI Ingress # Falco UI Ingress
- ingress/falco-ui-ingress.yaml - ingress/falco-ui-ingress.yaml

23
falco/vault/falco-ui-secret.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: falco-ui-secret
namespace: falco
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: falco-ui-secret
creationPolicy: Owner
data:
- secretKey: username
remoteRef:
key: cluster-infrastructure/falco
property: UI_USERNAME
- secretKey: password
remoteRef:
key: cluster-infrastructure/falco
property: UI_PASSWORD