setup gcs backup bucket for longhorn

2025-08-31 20:50:28 +02:00
parent b9a46afb82
commit 2d4cb5d8a5
5 changed files with 129 additions and 19 deletions
--- a/argocd/templates/longhorn_backup_target_creds.yaml
+++ b/argocd/templates/longhorn_backup_target_creds.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: longhorn-vault-secret-reader
+  namespace: longhorn-system
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultAuth
+metadata:
+  name: longhorn-vault-secret-reader
+  namespace: longhorn-system
+spec:
+  method: kubernetes
+  mount: kubernetes
+  kubernetes:
+    role: longhorn
+    serviceAccount: longhorn-vault-secret-reader # le même que dans TF
+    audiences:
+      - vault
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: longhorn-gcs-backup-credentials
+  namespace: longhorn-system
+spec:
+  type: kv-v2
+  mount: kvv2
+
+  path: longhorn/gcs-backup
+  
+  destination:
+    name: longhorn-gcs-backup-credentials
+    create: true
+  
+  refreshAfter: 1h
+
+  vaultAuthRef: longhorn-vault-secret-reader