Extend secrets helm chart

This commit is contained in:
Amarpreet Minhas 2023-07-10 20:46:00 +00:00
parent e66e15aecb
commit eb1bd5f704
7 changed files with 28 additions and 19 deletions

View file

@ -6,13 +6,16 @@ serviceAccountName: miniflux
externalSecrets:
secretStoreName: miniflux
vaultRole: miniflux
secrets:
- secretKey: miniflux_admin_pw
key: miniflux
property: miniflux_admin_pw
- secretKey: miniflux_db_url
key: miniflux
property: miniflux_db_url
secretPaths:
- name: miniflux
secrets:
- secretKey: miniflux_admin_pw
key: miniflux
property: miniflux_admin_pw
- secretKey: miniflux_db_url
key: miniflux
property: miniflux_db_url
istio:
commonName: rss.minhas.io
ingressSelector: ingressgateway

View file

@ -6,10 +6,12 @@ serviceAccountName: default
externalSecrets:
secretStoreName: default
vaultRole: external-dns
secrets:
- secretKey: pihole-password
key: external-dns
property: pihole-password
secretPaths:
- name: pihole
secrets:
- secretKey: pihole-password
key: external-dns
property: pihole-password
# app
serviceDns:

View file

@ -59,18 +59,19 @@ spec:
secretRef:
name: "serviceaccounttoken"
...
{{- range .Values.externalSecrets.secretPaths }}
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: {{ .Values.name }}
namespace: {{ .Values.namespace }}
name: {{ .name }}
namespace: {{ $.Values.namespace }}
spec:
secretStoreRef:
name: {{ .Values.externalSecrets.secretStoreName }}
name: {{ $.Values.externalSecrets.secretStoreName }}
kind: SecretStore
data:
{{- range .Values.externalSecrets.secrets }}
{{- range .secrets }}
- secretKey: {{ .secretKey }}
remoteRef:
conversionStrategy: Default
@ -79,4 +80,5 @@ spec:
property: {{ .property }}
{{- end }}
...
{{- end }}
{{ end }}

View file

@ -5,10 +5,12 @@ serviceAccountName: vault-config-operator
externalSecrets:
secretStoreName: vault-config-operator
vaultRole: vault-config-operator
secrets:
- secretKey: ca.crt
key: vault-config-operator
property: ca.crt
secretPaths:
- name: vault-config-operator
secrets:
- secretKey: ca.crt
key: vault-config-operator
property: ca.crt
enableCertManager: true