K3S-HOME/storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CHORE(pgweb): use ClusterSecretStore instead of namespace Secret

Browse Source 
- Change to ClusterSecretStore
- Simplify secret management
This commit is contained in:
Mayne0213
2025-12-29 21:52:23 +09:00
parent 588861a53b
commit c537136c1d
4 changed files with 1 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pgweb/kustomization.yaml
View File

@@ -2,7 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- deployment.yaml - deployment.yaml
- vault/serviceaccount.yaml
- vault/secretstore.yaml
- vault/pgweb-secret.yaml - vault/pgweb-secret.yaml
- ingress.yaml - ingress.yaml

2
pgweb/vault/pgweb-secret.yaml
View File

@@ -6,7 +6,7 @@ metadata:
spec: spec:
refreshInterval: 1h refreshInterval: 1h
secretStoreRef: secretStoreRef:
kind: SecretStore kind: ClusterSecretStore
name: vault-backend name: vault-backend
target: target:
name: pgweb-password name: pgweb-password

17
pgweb/vault/secretstore.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: external-secrets.io/v1
kind: SecretStore
metadata:
name: vault-backend
namespace: pgweb
spec:
provider:
vault:
server: http://vault.vault.svc.cluster.local:8200
path: secret
version: v2
auth:
kubernetes:
mountPath: kubernetes
role: pgweb
serviceAccountRef:
name: external-secrets

5
pgweb/vault/serviceaccount.yaml
View File

@@ -1,5 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-secrets
namespace: pgweb