FIX(app): fix todo-dev ExternalSecret field name and reorganize

- Fix deletePolicy to deletionPolicy in externalsecret.yaml - Move serviceaccount.yaml to base (remove duplicate) - Add secretstore.yaml to prod - Add deletionPolicy to prod externalsecret
2025-12-13 12:23:27 +09:00
parent a35d50027e
commit 78f6592ad8
7 changed files with 20 additions and 19 deletions
--- a/deploy/k8s/base/kustomization.yaml
+++ b/deploy/k8s/base/kustomization.yaml
@@ -4,6 +4,7 @@ kind: Kustomization
 resources:
  - deployment.yaml
  - service.yaml
+  - serviceaccount.yaml

 commonLabels:
  app.kubernetes.io/name: todo
--- a/deploy/k8s/overlays/dev/serviceaccount.yaml
+++ b/deploy/k8s/overlays/dev/serviceaccount.yaml
--- a/deploy/k8s/overlays/dev/kustomization.yaml
+++ b/deploy/k8s/overlays/dev/kustomization.yaml
@@ -7,7 +7,6 @@ resources:
  - ../../base
  - resourcequota.yaml
  - namespace.yaml
-  - serviceaccount.yaml
  - secretstore.yaml
  - externalsecret.yaml

@@ -17,7 +16,7 @@ commonLabels:
 # 이미지 태그 설정
 images:
  - name: ghcr.io/mayne0213/todo
-    newTag: develop-sha-96b28119b396f430d258218efae5b00df47d0027
+    newTag: develop-sha-5d7b9f152df398afe8c9a424693f1f016bb1fd12

 patchesStrategicMerge:
  - deployment-patch.yaml
--- a/deploy/k8s/overlays/prod/externalsecret.yaml
+++ b/deploy/k8s/overlays/prod/externalsecret.yaml
@@ -10,6 +10,7 @@ spec:
  target:
    name: todo-secrets
    creationPolicy: Owner
+    deletionPolicy: Retain
  data:
    - secretKey: database-url
      remoteRef:
--- a/deploy/k8s/overlays/prod/kustomization.yaml
+++ b/deploy/k8s/overlays/prod/kustomization.yaml
@@ -6,6 +6,7 @@ namespace: todo
 resources:
  - ../../base
  - resourcequota.yaml
+  - secretstore.yaml
  - externalsecret.yaml

 commonLabels:
--- a/deploy/k8s/overlays/prod/sealed-todo-secrets.yaml
+++ b/deploy/k8s/overlays/prod/sealed-todo-secrets.yaml
@@ -1,17 +0,0 @@
---
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  annotations:
-    sealedsecrets.bitnami.com/namespace-wide: "true"
-  name: todo-secrets
-  namespace: todo
-spec:
-  encryptedData:
-    database-url: AgBg7nC3lqjal0EqXw1wjAl63CO9dmXwaKG1QT63WtpavuZv+0DFI4+CXWR1ECpV4TaSyFR5AFX+UwlYuOXOITxj/TceS4ToiUY6FIER2dVIeprT2NMtpHpEvkGYDXGjmIdGEfkKajwxo3GQjJZmYJlORJxagYQELQ24cYyvogjFGzXgQyhGlAZmHrbKjsMlImsCHtxijPYraFcawGL/wcm102v7GRHf0vGft9keam9ofaiUdydQ0fb8XJZctfrjdLVcHN54/5fBKgyOiAmvas3RDZDIjwWnmwaqjo5U3uLGlbCHBgTLIkB3pG4Tsrp93B4Rexb9hqesMcvzmm7wzZ23gz4yrC44xMUfMOpZkXNSYJ9ZDvkzj2WYlSYPhyfqfVSd/7sz8kraCVVqO4oQzDIY0aPfZhcVhbu3ZE9OrbjSTzATfCZ27fn3sRtoFeoBJ7luStdfAJnd0Wa6CFo/VyMwQiwFeS/+83RvxrbpcjmbpxBPQYCfoCTk2fITc6iAgEXmtT9naafqa/z9NaZ8PvEcl7rf9xVQILEqTg9GzTDnPidAif7ILm+g3IjfhiU0Ifp6AbIRp99iEn4PYls6G8AEjuwBqP0NSot2IxI14DLEleO+gVxzzD/4PIbwPlEIFoQXdLLD6QoU8CIVYbA1sTzgbmkuibkFMCBT/ZcmiqJaGrKDS7/EyXxPbX8xWZrxqbIjsEQ+jcwebgeOZrX2cWxU5LBvgJUeiP9Uf7yR/d7edmCyXXKPDWjMU3waOxsOKvuTLwOW5c0CwVjUi1d2eLhPmRJCmefOE3+O1W7jHKziM1oeQxywAlo244eif+N8rYg=
-  template:
-    metadata:
-      annotations:
-        sealedsecrets.bitnami.com/namespace-wide: "true"
-      name: todo-secrets
-      namespace: todo
--- a/deploy/k8s/overlays/prod/secretstore.yaml
+++ b/deploy/k8s/overlays/prod/secretstore.yaml
@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: vault-backend
+spec:
+  provider:
+    vault:
+      server: http://vault.vault.svc.cluster.local:8200
+      path: secret
+      version: v2
+      auth:
+        kubernetes:
+          mountPath: kubernetes
+          role: todo
+          serviceAccountRef:
+            name: external-secrets