arcodange/dance-lessons-coach
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(deploy): chart Vault CRDs gated by vault.enabled (default false) (#97)
All checks were successful
CI/CD Pipeline / Build Docker Cache (push) Successful in 11s
Details
CI/CD Pipeline / CI Pipeline (push) Successful in 4m23s
Details
CI/CD Pipeline / Trigger Docker Push (push) Successful in 6s
Details

Browse Source 
Co-authored-by: Gabriel Radureau <arcodange@gmail.com>
Co-committed-by: Gabriel Radureau <arcodange@gmail.com>
This commit was merged in pull request #97.
This commit is contained in:
Gabriel Radureau
2026-05-06 07:14:40 +02:00
committed by arcodange
parent a26cc96239
commit 03a47396c5
4 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
chart/templates/vaultauth.yaml Normal file
View File

@@ -0,0 +1,15 @@
{{- if .Values.vault.enabled }}
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: auth
namespace: {{ .Release.Namespace }}
spec:
method: kubernetes
mount: kubernetes
kubernetes:
role: {{ .Values.vault.role }}
serviceAccount: {{ include "dance-lessons-coach.serviceAccountName" . }}
audiences:
- vault
{{- end }}

17
chart/templates/vaultdynamicsecret.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if .Values.vault.enabled }}
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultDynamicSecret
metadata:
name: vso-db
namespace: {{ .Release.Namespace }}
spec:
mount: postgres
path: {{ .Values.vault.postgresPath }}
destination:
create: true
name: vso-db-credentials
rolloutRestartTargets:
- kind: Deployment
name: {{ include "dance-lessons-coach.fullname" . }}
vaultAuthRef: auth
{{- end }}

16
chart/templates/vaultsecret.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.vault.enabled }}
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: vault-kv-app
namespace: {{ .Release.Namespace }}
spec:
type: kv-v2
mount: kvv2
path: {{ .Values.vault.kvv2Path }}
destination:
name: secretkv
create: true
refreshAfter: 30s
vaultAuthRef: auth
{{- end }}

9
chart/values.yaml
View File

@@ -104,6 +104,15 @@ tolerations: []
affinity: {}
# Vault Secrets Operator integration. Disabled by default ; set vault.enabled=true
# to render the VaultAuth / VaultStaticSecret / VaultDynamicSecret CRDs (requires
# VSO operator + Vault prereqs, cf. iac/ once shipped).
vault:
enabled: false
role: dance-lessons-coach # k8s auth backend role name (matches iac/main.tf)
kvv2Path: dance-lessons-coach/config # KVv2 secret path
postgresPath: creds/dance-lessons-coach # postgres dynamic creds path
# DLC-specific configuration
config:
DLC_LOGGING_JSON: "true"