26 lines
801 B
YAML
26 lines
801 B
YAML
---
|
|
# ExternalSecret: pull agent AppRole credentials from OpenBao into k8s Secrets
|
|
# One ExternalSecret per role. Template shown for pm; others follow same pattern.
|
|
# Deploy via: kubectl apply -f externalsecrets/ (generated per-role)
|
|
#
|
|
# Prerequisites:
|
|
# - external-secrets operator installed
|
|
# - ClusterSecretStore "openbao" configured pointing to OpenBao in-cluster
|
|
#
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ClusterSecretStore
|
|
metadata:
|
|
name: openbao
|
|
spec:
|
|
provider:
|
|
vault:
|
|
server: "http://openbao.openbao.svc.cluster.local:8200"
|
|
path: "secret"
|
|
version: "v2"
|
|
auth:
|
|
kubernetes:
|
|
mountPath: "kubernetes"
|
|
role: "external-secrets"
|
|
serviceAccountRef:
|
|
name: "external-secrets"
|
|
namespace: "external-secrets"
|