49 lines
1.1 KiB
YAML
49 lines
1.1 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: longhorn-vault-secret-reader
|
|
namespace: longhorn-system
|
|
---
|
|
apiVersion: secrets.hashicorp.com/v1beta1
|
|
kind: VaultAuth
|
|
metadata:
|
|
name: longhorn-vault-secret-reader
|
|
namespace: longhorn-system
|
|
spec:
|
|
method: kubernetes
|
|
mount: kubernetes
|
|
kubernetes:
|
|
role: longhorn
|
|
serviceAccount: longhorn-vault-secret-reader # le même que dans TF
|
|
audiences:
|
|
- vault
|
|
---
|
|
apiVersion: secrets.hashicorp.com/v1beta1
|
|
kind: VaultStaticSecret
|
|
metadata:
|
|
name: longhorn-gcs-backup-credentials
|
|
namespace: longhorn-system
|
|
spec:
|
|
type: kv-v2
|
|
mount: kvv2
|
|
|
|
path: longhorn/gcs-backup
|
|
|
|
destination:
|
|
name: longhorn-gcs-backup-credentials
|
|
create: true
|
|
|
|
refreshAfter: 1h
|
|
|
|
vaultAuthRef: longhorn-vault-secret-reader
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: longhorn-default-resource
|
|
namespace: longhorn-system
|
|
data:
|
|
default-resource.yaml: |
|
|
"backup-target": "s3://arcodange-backup@us-east-1/"
|
|
"backup-target-credential-secret": "longhorn-gcs-backup-credentials"
|
|
"backupstore-poll-interval": "180" |