REFACTOR(vault): remove Vault database and user

- Vault uses file storage instead
- Remove database dependencies

postgresql/kustomization.yaml

@@ -7,12 +7,10 @@ resources:
   # Vault External Secrets
   - vault/app-user-secret.yaml
   - vault/superuser-secret.yaml
-  - vault/vault-user-secret.yaml
   # - vault/backup-s3-secret.yaml  # Disabled - using Velero instead
 
   # CNPG Cluster
   - manifests/cluster.yaml
-  - manifests/vault-database.yaml
 
   # PodMonitor is auto-created by CNPG operator via cluster.spec.monitoring.enablePodMonitor
 

postgresql/manifests/vault-database.yaml

@@ -1,11 +0,0 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Database
-metadata:
-  name: vault
-  namespace: postgresql
-spec:
-  cluster:
-    name: postgresql
-  name: vault
-  owner: vault
-  ensure: present

postgresql/vault/vault-user-secret.yaml

@@ -1,23 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: postgresql-vault-user
-  namespace: postgresql
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault-backend
-  target:
-    name: postgresql-vault-user
-    creationPolicy: Owner
-    template:
-      type: kubernetes.io/basic-auth
-      data:
-        username: vault
-        password: "{{ .password }}"
-  data:
-    - secretKey: password
-      remoteRef:
-        key: databases/postgresql
-        property: VAULT_PASSWORD