FEAT(vault): add clustersecretstore
- for vault-backend - Create cluster-wide secret store for External Secrets Operator - Configure Kubernetes auth with external-secrets service account - Enable all namespaces to access Vault secrets via ClusterSecretStore
This commit is contained in:
17
vault/cluster-secret-store.yaml
Normal file
17
vault/cluster-secret-store.yaml
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
metadata:
|
||||||
|
name: vault-backend
|
||||||
|
spec:
|
||||||
|
provider:
|
||||||
|
vault:
|
||||||
|
server: http://vault.vault.svc.cluster.local:8200
|
||||||
|
path: secret
|
||||||
|
version: v2
|
||||||
|
auth:
|
||||||
|
kubernetes:
|
||||||
|
mountPath: kubernetes
|
||||||
|
role: external-secrets
|
||||||
|
serviceAccountRef:
|
||||||
|
name: external-secrets
|
||||||
|
namespace: external-secrets
|
||||||
@@ -4,4 +4,9 @@ kind: Kustomization
|
|||||||
resources:
|
resources:
|
||||||
# ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
|
# ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
|
||||||
# - argocd/vault.yaml
|
# - argocd/vault.yaml
|
||||||
# - argocd/vault-secrets.yaml
|
# - argocd/vault-secrets.yaml
|
||||||
|
|
||||||
|
# External Secrets integration
|
||||||
|
# ServiceAccount is managed by external-secrets Helm chart
|
||||||
|
- cluster-secret-store.yaml
|
||||||
|
# vault-config-job.yaml은 삭제됨 (민감한 정보 포함으로 인해 .md 파일로 대체)
|
||||||
Reference in New Issue
Block a user