try vault kvv2 secret engine

2024-10-16 14:02:58 +02:00
parent 32afe88a9b
commit 13870390a3
4 changed files with 42 additions and 2 deletions
--- a/chart/templates/vaultauth.yaml
+++ b/chart/templates/vaultauth.yaml
@@ -0,0 +1,13 @@
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultAuth
+metadata:
+  name: static-auth
+  namespace: {{ .Release.Namespace }}
+spec:
+  method: kubernetes
+  mount: kubernetes
+  kubernetes:
+    role: webapp
+    serviceAccount: {{ include "webapp.serviceAccountName" . }}
+    audiences:
+      - vault
--- a/chart/templates/vaultsecret.yaml
+++ b/chart/templates/vaultsecret.yaml
@@ -0,0 +1,24 @@
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: vault-kv-app
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: kv-v2
+
+  # mount path
+  mount: kvv2
+
+  # path of the secret
+  path: webapp/config
+
+  # dest k8s secret
+  destination:
+    name: secretkv
+    create: true
+
+  # static secret refresh interval
+  refreshAfter: 30s
+
+  # Name of the CRD to authenticate to Vault
+  vaultAuthRef: static-auth