From 556cfc38c5eb7edecc98a0de94c5e591bab9051d Mon Sep 17 00:00:00 2001 From: Jian Date: Thu, 30 May 2024 11:02:00 -0700 Subject: [PATCH] feat: pull secrets from vault --- hokusai/production.yml | 38 ++++++++++++++++++++++++++++++++++++++ hokusai/staging.yml | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+) diff --git a/hokusai/production.yml b/hokusai/production.yml index 1cda6b7b97c..51bbfa5df98 100644 --- a/hokusai/production.yml +++ b/hokusai/production.yml @@ -1,3 +1,37 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: force +spec: + refreshInterval: "5m" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: force + creationPolicy: Owner + deletionPolicy: Merge + template: + engineVersion: v2 + templateFrom: + - target: Data + {% raw %} + literal: | + {{ range $key, $value := . }} + {{$key}}: {{$value | fromJson | values | first}} + {{ end }} + {% endraw %} + dataFrom: + - find: + path: kubernetes/apps/force + name: + regexp: ".*" + rewrite: + - regexp: + source: "kubernetes/apps/force/(.*)" + target: "$1" + --- apiVersion: apps/v1 kind: Deployment @@ -46,6 +80,8 @@ spec: envFrom: - configMapRef: name: force-environment + - secretRef: + name: force image: 585031190124.dkr.ecr.us-east-1.amazonaws.com/force:production imagePullPolicy: Always ports: @@ -135,6 +171,8 @@ spec: envFrom: - configMapRef: name: force-environment + - secretRef: + name: force image: 585031190124.dkr.ecr.us-east-1.amazonaws.com/force:production imagePullPolicy: Always ports: diff --git a/hokusai/staging.yml b/hokusai/staging.yml index 6bb32af672a..282f2bdf064 100644 --- a/hokusai/staging.yml +++ b/hokusai/staging.yml @@ -1,3 +1,37 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: force +spec: + refreshInterval: "5m" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: force + creationPolicy: Owner + deletionPolicy: Merge + template: + engineVersion: v2 + templateFrom: + - target: Data + {% raw %} + literal: | + {{ range $key, $value := . }} + {{$key}}: {{$value | fromJson | values | first}} + {{ end }} + {% endraw %} + dataFrom: + - find: + path: kubernetes/apps/force + name: + regexp: ".*" + rewrite: + - regexp: + source: "kubernetes/apps/force/(.*)" + target: "$1" + --- apiVersion: apps/v1 kind: Deployment @@ -54,6 +88,8 @@ spec: envFrom: - configMapRef: name: force-environment + - secretRef: + name: force image: 585031190124.dkr.ecr.us-east-1.amazonaws.com/force:staging imagePullPolicy: Always ports: @@ -150,6 +186,8 @@ spec: envFrom: - configMapRef: name: force-environment + - secretRef: + name: force image: 585031190124.dkr.ecr.us-east-1.amazonaws.com/force:staging imagePullPolicy: Always ports: