From 588861a53b29a1c49097bc8eef67af5b5f2a382d Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Mon, 29 Dec 2025 21:48:39 +0900
Subject: [PATCH] REFACTOR(vault): remove Vault database and user

- Vault uses file storage instead
- Remove database dependencies
---
 postgresql/kustomization.yaml            |  2 --
 postgresql/manifests/vault-database.yaml | 11 -----------
 postgresql/vault/vault-user-secret.yaml  | 23 -----------------------
 3 files changed, 36 deletions(-)
 delete mode 100644 postgresql/manifests/vault-database.yaml
 delete mode 100644 postgresql/vault/vault-user-secret.yaml

diff --git a/postgresql/kustomization.yaml b/postgresql/kustomization.yaml
index 5a3d23d..b64d767 100644
--- a/postgresql/kustomization.yaml
+++ b/postgresql/kustomization.yaml
@@ -7,12 +7,10 @@ resources:
   # Vault External Secrets
   - vault/app-user-secret.yaml
   - vault/superuser-secret.yaml
-  - vault/vault-user-secret.yaml
   # - vault/backup-s3-secret.yaml  # Disabled - using Velero instead
 
   # CNPG Cluster
   - manifests/cluster.yaml
-  - manifests/vault-database.yaml
 
   # PodMonitor is auto-created by CNPG operator via cluster.spec.monitoring.enablePodMonitor
 
diff --git a/postgresql/manifests/vault-database.yaml b/postgresql/manifests/vault-database.yaml
deleted file mode 100644
index d10e0b3..0000000
--- a/postgresql/manifests/vault-database.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Database
-metadata:
-  name: vault
-  namespace: postgresql
-spec:
-  cluster:
-    name: postgresql
-  name: vault
-  owner: vault
-  ensure: present
diff --git a/postgresql/vault/vault-user-secret.yaml b/postgresql/vault/vault-user-secret.yaml
deleted file mode 100644
index eb8833f..0000000
--- a/postgresql/vault/vault-user-secret.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: postgresql-vault-user
-  namespace: postgresql
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault-backend
-  target:
-    name: postgresql-vault-user
-    creationPolicy: Owner
-    template:
-      type: kubernetes.io/basic-auth
-      data:
-        username: vault
-        password: "{{ .password }}"
-  data:
-    - secretKey: password
-      remoteRef:
-        key: databases/postgresql
-        property: VAULT_PASSWORD