From c537136c1deace64883c4490274684e7f4a9f039 Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Mon, 29 Dec 2025 21:52:23 +0900 Subject: [PATCH] CHORE(pgweb): use ClusterSecretStore instead of namespace Secret - Change to ClusterSecretStore - Simplify secret management --- pgweb/kustomization.yaml | 2 -- pgweb/vault/pgweb-secret.yaml | 2 +- pgweb/vault/secretstore.yaml | 17 ----------------- pgweb/vault/serviceaccount.yaml | 5 ----- 4 files changed, 1 insertion(+), 25 deletions(-) delete mode 100644 pgweb/vault/secretstore.yaml delete mode 100644 pgweb/vault/serviceaccount.yaml diff --git a/pgweb/kustomization.yaml b/pgweb/kustomization.yaml index cc2594b..7a8d974 100644 --- a/pgweb/kustomization.yaml +++ b/pgweb/kustomization.yaml @@ -2,7 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - deployment.yaml -- vault/serviceaccount.yaml -- vault/secretstore.yaml - vault/pgweb-secret.yaml - ingress.yaml diff --git a/pgweb/vault/pgweb-secret.yaml b/pgweb/vault/pgweb-secret.yaml index d46f508..060c62a 100644 --- a/pgweb/vault/pgweb-secret.yaml +++ b/pgweb/vault/pgweb-secret.yaml @@ -6,7 +6,7 @@ metadata: spec: refreshInterval: 1h secretStoreRef: - kind: SecretStore + kind: ClusterSecretStore name: vault-backend target: name: pgweb-password diff --git a/pgweb/vault/secretstore.yaml b/pgweb/vault/secretstore.yaml deleted file mode 100644 index 4d8fede..0000000 --- a/pgweb/vault/secretstore.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: SecretStore -metadata: - name: vault-backend - namespace: pgweb -spec: - provider: - vault: - server: http://vault.vault.svc.cluster.local:8200 - path: secret - version: v2 - auth: - kubernetes: - mountPath: kubernetes - role: pgweb - serviceAccountRef: - name: external-secrets diff --git a/pgweb/vault/serviceaccount.yaml b/pgweb/vault/serviceaccount.yaml deleted file mode 100644 index 94703eb..0000000 --- a/pgweb/vault/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: external-secrets - namespace: pgweb