41 lines
2.0 KiB
YAML
41 lines
2.0 KiB
YAML
{{- if .Values.externalSecret.enabled }}
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ClusterSecretStore
|
|
metadata:
|
|
name: {{ .Values.externalSecret.vault.secretStoreName | default "vault-backend" }}
|
|
labels:
|
|
app.kubernetes.io/name: cert-manager-webhook-ovh
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
spec:
|
|
provider:
|
|
vault:
|
|
server: {{ .Values.externalSecret.vault.server }}
|
|
path: {{ .Values.externalSecret.vault.path | default "secret" }}
|
|
version: {{ .Values.externalSecret.vault.version | default "v2" }}
|
|
auth:
|
|
{{- if .Values.externalSecret.vault.auth.kubernetes }}
|
|
kubernetes:
|
|
mountPath: {{ .Values.externalSecret.vault.auth.kubernetes.mountPath | default "kubernetes" }}
|
|
role: {{ .Values.externalSecret.vault.auth.kubernetes.role }}
|
|
{{- if .Values.externalSecret.vault.auth.kubernetes.serviceAccountRef }}
|
|
serviceAccountRef:
|
|
name: {{ .Values.externalSecret.vault.auth.kubernetes.serviceAccountRef.name }}
|
|
{{- if .Values.externalSecret.vault.auth.kubernetes.serviceAccountRef.namespace }}
|
|
namespace: {{ .Values.externalSecret.vault.auth.kubernetes.serviceAccountRef.namespace }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- else if .Values.externalSecret.vault.auth.token }}
|
|
tokenSecretRef:
|
|
name: {{ .Values.externalSecret.vault.auth.token.secretName }}
|
|
key: {{ .Values.externalSecret.vault.auth.token.secretKey | default "token" }}
|
|
{{- else if .Values.externalSecret.vault.auth.appRole }}
|
|
appRole:
|
|
path: {{ .Values.externalSecret.vault.auth.appRole.path | default "approle" }}
|
|
roleId: {{ .Values.externalSecret.vault.auth.appRole.roleId }}
|
|
secretRef:
|
|
name: {{ .Values.externalSecret.vault.auth.appRole.secretRef.name }}
|
|
key: {{ .Values.externalSecret.vault.auth.appRole.secretRef.key | default "secretId" }}
|
|
{{- end }}
|
|
{{- end }}
|