CHORE(pgweb): use ClusterSecretStore instead of namespace Secret

- Change to ClusterSecretStore
- Simplify secret management

pgweb/kustomization.yaml

@@ -2,7 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - deployment.yaml
-- vault/serviceaccount.yaml
-- vault/secretstore.yaml
 - vault/pgweb-secret.yaml
 - ingress.yaml

pgweb/vault/pgweb-secret.yaml

@@ -6,7 +6,7 @@ metadata:
 spec:
   refreshInterval: 1h
   secretStoreRef:
-    kind: SecretStore
+    kind: ClusterSecretStore
     name: vault-backend
   target:
     name: pgweb-password

pgweb/vault/secretstore.yaml

@@ -1,17 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: SecretStore
-metadata:
-  name: vault-backend
-  namespace: pgweb
-spec:
-  provider:
-    vault:
-      server: http://vault.vault.svc.cluster.local:8200
-      path: secret
-      version: v2
-      auth:
-        kubernetes:
-          mountPath: kubernetes
-          role: pgweb
-          serviceAccountRef:
-            name: external-secrets

pgweb/vault/serviceaccount.yaml

@@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: external-secrets
-  namespace: pgweb