Extend secrets helm chart
This commit is contained in:
parent
e66e15aecb
commit
eb1bd5f704
7 changed files with 28 additions and 19 deletions
|
@ -6,13 +6,16 @@ serviceAccountName: miniflux
|
||||||
externalSecrets:
|
externalSecrets:
|
||||||
secretStoreName: miniflux
|
secretStoreName: miniflux
|
||||||
vaultRole: miniflux
|
vaultRole: miniflux
|
||||||
secrets:
|
secretPaths:
|
||||||
- secretKey: miniflux_admin_pw
|
- name: miniflux
|
||||||
key: miniflux
|
secrets:
|
||||||
property: miniflux_admin_pw
|
- secretKey: miniflux_admin_pw
|
||||||
- secretKey: miniflux_db_url
|
key: miniflux
|
||||||
key: miniflux
|
property: miniflux_admin_pw
|
||||||
property: miniflux_db_url
|
- secretKey: miniflux_db_url
|
||||||
|
key: miniflux
|
||||||
|
property: miniflux_db_url
|
||||||
|
|
||||||
istio:
|
istio:
|
||||||
commonName: rss.minhas.io
|
commonName: rss.minhas.io
|
||||||
ingressSelector: ingressgateway
|
ingressSelector: ingressgateway
|
||||||
|
|
|
@ -6,10 +6,12 @@ serviceAccountName: default
|
||||||
externalSecrets:
|
externalSecrets:
|
||||||
secretStoreName: default
|
secretStoreName: default
|
||||||
vaultRole: external-dns
|
vaultRole: external-dns
|
||||||
secrets:
|
secretPaths:
|
||||||
- secretKey: pihole-password
|
- name: pihole
|
||||||
key: external-dns
|
secrets:
|
||||||
property: pihole-password
|
- secretKey: pihole-password
|
||||||
|
key: external-dns
|
||||||
|
property: pihole-password
|
||||||
|
|
||||||
# app
|
# app
|
||||||
serviceDns:
|
serviceDns:
|
||||||
|
|
|
@ -59,18 +59,19 @@ spec:
|
||||||
secretRef:
|
secretRef:
|
||||||
name: "serviceaccounttoken"
|
name: "serviceaccounttoken"
|
||||||
...
|
...
|
||||||
|
{{- range .Values.externalSecrets.secretPaths }}
|
||||||
---
|
---
|
||||||
apiVersion: external-secrets.io/v1beta1
|
apiVersion: external-secrets.io/v1beta1
|
||||||
kind: ExternalSecret
|
kind: ExternalSecret
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ .Values.name }}
|
name: {{ .name }}
|
||||||
namespace: {{ .Values.namespace }}
|
namespace: {{ $.Values.namespace }}
|
||||||
spec:
|
spec:
|
||||||
secretStoreRef:
|
secretStoreRef:
|
||||||
name: {{ .Values.externalSecrets.secretStoreName }}
|
name: {{ $.Values.externalSecrets.secretStoreName }}
|
||||||
kind: SecretStore
|
kind: SecretStore
|
||||||
data:
|
data:
|
||||||
{{- range .Values.externalSecrets.secrets }}
|
{{- range .secrets }}
|
||||||
- secretKey: {{ .secretKey }}
|
- secretKey: {{ .secretKey }}
|
||||||
remoteRef:
|
remoteRef:
|
||||||
conversionStrategy: Default
|
conversionStrategy: Default
|
||||||
|
@ -79,4 +80,5 @@ spec:
|
||||||
property: {{ .property }}
|
property: {{ .property }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
...
|
...
|
||||||
|
{{- end }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
|
@ -5,10 +5,12 @@ serviceAccountName: vault-config-operator
|
||||||
externalSecrets:
|
externalSecrets:
|
||||||
secretStoreName: vault-config-operator
|
secretStoreName: vault-config-operator
|
||||||
vaultRole: vault-config-operator
|
vaultRole: vault-config-operator
|
||||||
secrets:
|
secretPaths:
|
||||||
- secretKey: ca.crt
|
- name: vault-config-operator
|
||||||
key: vault-config-operator
|
secrets:
|
||||||
property: ca.crt
|
- secretKey: ca.crt
|
||||||
|
key: vault-config-operator
|
||||||
|
property: ca.crt
|
||||||
|
|
||||||
enableCertManager: true
|
enableCertManager: true
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue