REFACTOR(velero): simplify vault
- and velero configs - vault: Fix CreateNamespace conflict (set to false) - velero: Consolidate ExternalSecrets into vault/velero-secrets.yaml - velero: Clean up kustomization.yaml
This commit is contained in:
@@ -2,8 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
# argocd.yaml files은 수동으로 관리 (순환 참조 방지)
|
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- external-secret.yaml
|
- vault/velero-secrets.yaml
|
||||||
- vault/velero-ui-secret.yaml
|
|
||||||
- ingress.yaml
|
- ingress.yaml
|
||||||
|
|||||||
@@ -5,11 +5,9 @@ metadata:
|
|||||||
namespace: velero
|
namespace: velero
|
||||||
spec:
|
spec:
|
||||||
refreshInterval: 1h
|
refreshInterval: 1h
|
||||||
|
|
||||||
secretStoreRef:
|
secretStoreRef:
|
||||||
name: vault-backend
|
|
||||||
kind: ClusterSecretStore
|
kind: ClusterSecretStore
|
||||||
|
name: vault-backend
|
||||||
target:
|
target:
|
||||||
name: velero-s3-credentials
|
name: velero-s3-credentials
|
||||||
creationPolicy: Owner
|
creationPolicy: Owner
|
||||||
@@ -20,14 +18,36 @@ spec:
|
|||||||
[default]
|
[default]
|
||||||
aws_access_key_id={{ .minioAccessKey }}
|
aws_access_key_id={{ .minioAccessKey }}
|
||||||
aws_secret_access_key="{{ .minioSecretKey }}"
|
aws_secret_access_key="{{ .minioSecretKey }}"
|
||||||
|
|
||||||
data:
|
data:
|
||||||
- secretKey: minioAccessKey
|
- secretKey: minioAccessKey
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: databases/minio
|
key: databases/minio
|
||||||
property: ROOT_USER
|
property: ROOT_USER
|
||||||
|
|
||||||
- secretKey: minioSecretKey
|
- secretKey: minioSecretKey
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: databases/minio
|
key: databases/minio
|
||||||
property: ROOT_PASSWORD
|
property: ROOT_PASSWORD
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: velero-ui-secret
|
||||||
|
namespace: velero
|
||||||
|
spec:
|
||||||
|
refreshInterval: 1h
|
||||||
|
secretStoreRef:
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
name: vault-backend
|
||||||
|
target:
|
||||||
|
name: velero-ui-secret
|
||||||
|
creationPolicy: Owner
|
||||||
|
data:
|
||||||
|
- secretKey: username
|
||||||
|
remoteRef:
|
||||||
|
key: cluster-infrastructure/velero
|
||||||
|
property: UI_USERNAME
|
||||||
|
- secretKey: password
|
||||||
|
remoteRef:
|
||||||
|
key: cluster-infrastructure/velero
|
||||||
|
property: UI_PASSWORD
|
||||||
@@ -1,23 +0,0 @@
|
|||||||
apiVersion: external-secrets.io/v1beta1
|
|
||||||
kind: ExternalSecret
|
|
||||||
metadata:
|
|
||||||
name: velero-ui-secret
|
|
||||||
namespace: velero
|
|
||||||
spec:
|
|
||||||
refreshInterval: 1h
|
|
||||||
secretStoreRef:
|
|
||||||
kind: ClusterSecretStore
|
|
||||||
name: vault-backend
|
|
||||||
target:
|
|
||||||
name: velero-ui-secret
|
|
||||||
creationPolicy: Owner
|
|
||||||
data:
|
|
||||||
- secretKey: username
|
|
||||||
remoteRef:
|
|
||||||
key: cluster-infrastructure/velero
|
|
||||||
property: UI_USERNAME
|
|
||||||
- secretKey: password
|
|
||||||
remoteRef:
|
|
||||||
key: cluster-infrastructure/velero
|
|
||||||
property: UI_PASSWORD
|
|
||||||
|
|
||||||
Reference in New Issue
Block a user