K3S-HOME/storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b7eb52778220a8f9b8b6523d8ffd9143d594a718
storage/zot/manifests/secret.yaml
Mayne0213 b7eb527782 FIX(zot): add session keys for consistent cookie handling 
- Add ExternalSecret for session hashKey and blockKey
- Mount session keys from Vault
- Configure sessionDriver with key files
- Fix securecookie validation error in multi-replica setup
2026-01-10 03:00:53 +09:00

73 lines
1.4 KiB
YAML
Raw Blame History

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: zot-htpasswd-secret
namespace: zot
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: zot-htpasswd
creationPolicy: Owner
data:
- secretKey: htpasswd
remoteRef:
key: zot
property: HTPASSWD
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: zot-oidc-secret
namespace: zot
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: zot-oidc-credentials
creationPolicy: Owner
template:
engineVersion: v2
data:
credentials.json: |
{
"clientid": "{{ .client_id }}",
"clientsecret": "{{ .client_secret }}"
}
data:
- secretKey: client_id
remoteRef:
key: zot
property: OIDC_CLIENT_ID
- secretKey: client_secret
remoteRef:
key: zot
property: OIDC_CLIENT_SECRET
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: zot-session-secret
namespace: zot
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: zot-session-keys
creationPolicy: Owner
data:
- secretKey: hashKey
remoteRef:
key: zot
property: SESSION_HASH_KEY
- secretKey: blockKey
remoteRef:
key: zot
property: SESSION_BLOCK_KEY
Reference in New Issue View Git Blame Copy Permalink