apiVersion: v1
kind: ServiceAccount
metadata:
  name: longhorn-vault-secret-reader
  namespace: longhorn-system
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
  name: longhorn-vault-secret-reader
  namespace: longhorn-system
spec:
  method: kubernetes
  mount: kubernetes
  kubernetes:
    role: longhorn
    serviceAccount: longhorn-vault-secret-reader # le même que dans TF
    audiences:
      - vault
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
  name: longhorn-gcs-backup-credentials
  namespace: longhorn-system
spec:
  type: kv-v2
  mount: kvv2

  path: longhorn/gcs-backup
  
  destination:
    name: longhorn-gcs-backup-credentials
    create: true
  
  refreshAfter: 1h

  vaultAuthRef: longhorn-vault-secret-reader
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: longhorn-default-resource
  namespace: longhorn-system
data:
  default-resource.yaml: |
    "backup-target": "s3://arcodange-backup@us-east-1/"
    "backup-target-credential-secret": "longhorn-gcs-backup-credentials"
    "backupstore-poll-interval": "180"