feat: transition Secrets K8s existants (extraEnvFrom) en attendant Vault root token

2026-04-22 14:51:48 +00:00
parent 945a19462c
commit 307c5c84f8
2 changed files with 18 additions and 17 deletions
--- a/values.yaml
+++ b/values.yaml
@@ -60,10 +60,21 @@ lions-app:
      JAVA_OPTS: -Xms256m -Xmx512m

  # --------------------------------------------------------
-  # Secrets depuis Vault (via External Secrets Operator)
+  # Secrets — phase de transition : référencer les Secrets K8s existants
+  #
+  # TODO: quand Vault root token sera disponible, migrer vers externalSecret.
+  # Les Secrets existants (db-secret, oidc-secret) seront alors
+  # régénérés par ESO depuis Vault automatiquement.
  # --------------------------------------------------------
+  extraEnvFrom:
+    - secretRef:
+        name: unionflow-server-impl-quarkus-db-secret
+    - secretRef:
+        name: unionflow-server-oidc-secret
+
  externalSecret:
-    enabled: true
+    enabled: false
+    # Configuration prête pour activation future :
    secretStoreRef:
      kind: ClusterSecretStore
      name: vault-backend
@@ -72,24 +83,14 @@ lions-app:
      creationPolicy: Owner
      deletionPolicy: Retain
    data:
-      # Base de données
      - secretKey: QUARKUS_DATASOURCE_USERNAME
-        remoteRef:
-          key: lions/applications/unionflow-server/db
-          property: username
+        remoteRef: { key: lions/applications/unionflow-server/db, property: username }
      - secretKey: QUARKUS_DATASOURCE_PASSWORD
-        remoteRef:
-          key: lions/applications/unionflow-server/db
-          property: password
-      # Keycloak OIDC
+        remoteRef: { key: lions/applications/unionflow-server/db, property: password }
      - secretKey: KEYCLOAK_CLIENT_SECRET
-        remoteRef:
-          key: lions/applications/unionflow-server/oidc
-          property: client-secret
+        remoteRef: { key: lions/applications/unionflow-server/oidc, property: client-secret }
      - secretKey: KEYCLOAK_ADMIN_SERVICE_SECRET
-        remoteRef:
-          key: lions/applications/unionflow-server/oidc
-          property: admin-service-secret
+        remoteRef: { key: lions/applications/unionflow-server/oidc, property: admin-service-secret }

  # --------------------------------------------------------
  # Ingress