DevFW-CICD/stacks-instances
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial upload

Browse source
This commit is contained in:
Christopher Hase 2025-05-21 15:04:28 +02:00
parent bcb837e79e
commit dc5fab84fa
115 changed files with 17102 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9277
otc/ABC/stacks/ref-implementation/external-secrets/manifests/install.yaml Normal file
View file

File diff suppressed because it is too large Load diff

9
otc/ABC/stacks/ref-implementation/external-secrets/manifests/role.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: openbao
name: external-secrets-role
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]

13
otc/ABC/stacks/ref-implementation/external-secrets/manifests/rolebinding.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: external-secrets-rolebinding
namespace: openbao
subjects:
- kind: ServiceAccount
name: external-secrets
namespace: external-secrets
roleRef:
kind: Role
name: external-secrets-role
apiGroup: rbac.authorization.k8s.io

20
otc/ABC/stacks/ref-implementation/external-secrets/manifests/secret-store.yaml Normal file
View file

@ -0,0 +1,20 @@
# cluster-store.yaml
apiVersion: external-secrets.io/v1beta1
kind: SecretStore #Kubernetes resource type
metadata:
name: bao-backend #resource name
namespace: openbao
spec:
provider:
vault: #specifies vault as the provider
# server: "http://10.244.0.28:8200" # how to map it dynamically?
server: "http://openbao.openbao.svc.cluster.local:8200"
path: "data" #path for accessing the secrets
version: "v1" #Vault API version
auth:
tokenSecretRef:
name: "vault-token" #Use a secret called vault-token
key: "token" #THIS REFERENCES THE INITIAL TOKEN NOW SAVED AS A K8 SECRET
# openbao-0.openbao.pod.cluster.local
# 10.96.59.250:8200