Browse Source

external-secrets: add vault store

main
Victor Roest 1 year ago
parent
commit
888b33fa77
Signed by: 0x76 GPG Key ID: A3923C699D1A3BDA
  1. 1
      cluster/core/external-secrets/external-secrets/kustomization.yaml
  2. 26
      cluster/core/external-secrets/external-secrets/vault-secret-store.yaml

1
cluster/core/external-secrets/external-secrets/kustomization.yaml

@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
- vault-secret-store

26
cluster/core/external-secrets/external-secrets/vault-secret-store.yaml

@ -0,0 +1,26 @@
apiVersion: external-secrets.io/v1alpha1
kind: ClusterSecretStore
metadata:
name: vault
namespace: external-secrets
spec:
provider:
vault:
server: "http://10.42.42.6:8200"
path: "k8s"
version: "v2"
auth:
# VaultAppRole authenticates with Vault using the
# App Role auth mechanism
# https://www.vaultproject.io/docs/auth/approle
appRole:
# Path where the App Role authentication backend is mounted
path: "approle"
# RoleID configured in the App Role authentication backend
roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0"
# Reference to a key in a K8 Secret that contains the App Role SecretId
# (not commited in git)
secretRef:
name: "vault-secret-id"
namespace: "external-secrets"
key: "secret-id"