DevFW-CICD/stacks-instances
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial upload

Browse source
This commit is contained in:
Christopher Hase 2025-05-21 15:04:28 +02:00
parent bcb837e79e
commit dc5fab84fa
115 changed files with 17102 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
otc/ABC/stacks/ref-implementation/external-secrets/generate-manifests.sh Executable file
View file

@ -0,0 +1,12 @@
#!/bin/bash
set -e
INSTALL_YAML="manifests/install.yaml"
CHART_VERSION="0.9.11"
echo "# EXTERNAL SECRETS INSTALL RESOURCES" >${INSTALL_YAML}
echo "# This file is auto-generated with 'ref-impelmentation/external-secrets/generate-manifests.sh'" >>${INSTALL_YAML}
helm repo add external-secrets --force-update https://charts.external-secrets.io
helm repo update
helm template --namespace external-secrets external-secrets external-secrets/external-secrets -f values.yaml --version ${CHART_VERSION} >>${INSTALL_YAML}

9277
otc/ABC/stacks/ref-implementation/external-secrets/manifests/install.yaml Normal file
View file

File diff suppressed because it is too large Load diff

9
otc/ABC/stacks/ref-implementation/external-secrets/manifests/role.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: openbao
name: external-secrets-role
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]

13
otc/ABC/stacks/ref-implementation/external-secrets/manifests/rolebinding.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: external-secrets-rolebinding
namespace: openbao
subjects:
- kind: ServiceAccount
name: external-secrets
namespace: external-secrets
roleRef:
kind: Role
name: external-secrets-role
apiGroup: rbac.authorization.k8s.io

20
otc/ABC/stacks/ref-implementation/external-secrets/manifests/secret-store.yaml Normal file
View file

@ -0,0 +1,20 @@
# cluster-store.yaml
apiVersion: external-secrets.io/v1beta1
kind: SecretStore #Kubernetes resource type
metadata:
name: bao-backend #resource name
namespace: openbao
spec:
provider:
vault: #specifies vault as the provider
# server: "http://10.244.0.28:8200" # how to map it dynamically?
server: "http://openbao.openbao.svc.cluster.local:8200"
path: "data" #path for accessing the secrets
version: "v1" #Vault API version
auth:
tokenSecretRef:
name: "vault-token" #Use a secret called vault-token
key: "token" #THIS REFERENCES THE INITIAL TOKEN NOW SAVED AS A K8 SECRET
# openbao-0.openbao.pod.cluster.local
# 10.96.59.250:8200