feat(vault): autoinject

drone
nold 2 years ago
parent 44f35a79b3
commit 55371156bc
  1. 21
      charts/heqet/templates/heqet-podpreset.yaml
  2. 1
      charts/heqet/values.yaml

@ -0,0 +1,21 @@
{{- range .Values.apps }}
---
kind: PodPreset
apiVersion: settings.k8s.io/v1alpha1
metadata:
annotations:
heqet.gnu.one/app: "true"
{{- if not .novault }}
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/role: "{{ .name }}-vault-ro"
{{- if .secret }}
{{- $appname := .name }}
{{- range .secrets }}
vault.hashicorp.com/agent-inject-secret-{{ .path }}: "heqet/apps/{{ $appname }}/{{ .name }}"
{{- end }}
{{- end }}
namespace: {{ .namespace | default .name }}
spec:
serviceAccountName: "{{ .name }}-vault-ro"
{{- end }}
{{- end }}

@ -98,6 +98,7 @@ apps:
vhost: vault.heqet.gnu.one
ingress_prefix: server
ingress_hosts_keymap: true
novault: true
parameters:
- name: server.dev.enabled
value: "true"

Loading…
Cancel
Save