feat: transition Secrets K8s existants (extraEnvFrom) en attendant Vault root token
This commit is contained in:
dahoud
@@ -16,7 +16,7 @@ sources:
|
|||||||
- https://git.lions.dev/lionsdev/unionflow-server-impl-quarkus-k1 # ce repo (deploy)
|
- https://git.lions.dev/lionsdev/unionflow-server-impl-quarkus-k1 # ce repo (deploy)
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: lions-app
|
- name: lions-app
|
||||||
version: "1.0.0"
|
version: "1.0.1"
|
||||||
repository: "https://git.lions.dev/api/packages/lionsdev/helm"
|
repository: "https://git.lions.dev/api/packages/lionsdev/helm"
|
||||||
# Alternative pour dev local sans registry :
|
# Alternative pour dev local sans registry :
|
||||||
# repository: "file://../helm-chart-lions-app"
|
# repository: "file://../helm-chart-lions-app"
|
||||||
|
|||||||
33
values.yaml
33
values.yaml
@@ -60,10 +60,21 @@ lions-app:
|
|||||||
JAVA_OPTS: -Xms256m -Xmx512m
|
JAVA_OPTS: -Xms256m -Xmx512m
|
||||||
|
|
||||||
# --------------------------------------------------------
|
# --------------------------------------------------------
|
||||||
# Secrets depuis Vault (via External Secrets Operator)
|
# Secrets — phase de transition : référencer les Secrets K8s existants
|
||||||
|
#
|
||||||
|
# TODO: quand Vault root token sera disponible, migrer vers externalSecret.
|
||||||
|
# Les Secrets existants (db-secret, oidc-secret) seront alors
|
||||||
|
# régénérés par ESO depuis Vault automatiquement.
|
||||||
# --------------------------------------------------------
|
# --------------------------------------------------------
|
||||||
|
extraEnvFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: unionflow-server-impl-quarkus-db-secret
|
||||||
|
- secretRef:
|
||||||
|
name: unionflow-server-oidc-secret
|
||||||
|
|
||||||
externalSecret:
|
externalSecret:
|
||||||
enabled: true
|
enabled: false
|
||||||
|
# Configuration prête pour activation future :
|
||||||
secretStoreRef:
|
secretStoreRef:
|
||||||
kind: ClusterSecretStore
|
kind: ClusterSecretStore
|
||||||
name: vault-backend
|
name: vault-backend
|
||||||
@@ -72,24 +83,14 @@ lions-app:
|
|||||||
creationPolicy: Owner
|
creationPolicy: Owner
|
||||||
deletionPolicy: Retain
|
deletionPolicy: Retain
|
||||||
data:
|
data:
|
||||||
# Base de données
|
|
||||||
- secretKey: QUARKUS_DATASOURCE_USERNAME
|
- secretKey: QUARKUS_DATASOURCE_USERNAME
|
||||||
remoteRef:
|
remoteRef: { key: lions/applications/unionflow-server/db, property: username }
|
||||||
key: lions/applications/unionflow-server/db
|
|
||||||
property: username
|
|
||||||
- secretKey: QUARKUS_DATASOURCE_PASSWORD
|
- secretKey: QUARKUS_DATASOURCE_PASSWORD
|
||||||
remoteRef:
|
remoteRef: { key: lions/applications/unionflow-server/db, property: password }
|
||||||
key: lions/applications/unionflow-server/db
|
|
||||||
property: password
|
|
||||||
# Keycloak OIDC
|
|
||||||
- secretKey: KEYCLOAK_CLIENT_SECRET
|
- secretKey: KEYCLOAK_CLIENT_SECRET
|
||||||
remoteRef:
|
remoteRef: { key: lions/applications/unionflow-server/oidc, property: client-secret }
|
||||||
key: lions/applications/unionflow-server/oidc
|
|
||||||
property: client-secret
|
|
||||||
- secretKey: KEYCLOAK_ADMIN_SERVICE_SECRET
|
- secretKey: KEYCLOAK_ADMIN_SERVICE_SECRET
|
||||||
remoteRef:
|
remoteRef: { key: lions/applications/unionflow-server/oidc, property: admin-service-secret }
|
||||||
key: lions/applications/unionflow-server/oidc
|
|
||||||
property: admin-service-secret
|
|
||||||
|
|
||||||
# --------------------------------------------------------
|
# --------------------------------------------------------
|
||||||
# Ingress
|
# Ingress
|
||||||
|
|||||||
Reference in New Issue
Block a user