Skip to content
This repository has been archived by the owner on Apr 5, 2024. It is now read-only.

Commit

Permalink
feat: add SA in patch
Browse files Browse the repository at this point in the history
  • Loading branch information
malo-octo committed Dec 20, 2023
1 parent fd77add commit 60e9e0f
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 4 deletions.
10 changes: 7 additions & 3 deletions .kontinuous/patches/secrets.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,21 @@ module.exports = (manifests) => {
...manifest.spec.template.metadata.annotations,
"vault.hashicorp.com/service": "http://vault.vault-dev.svc:8200",
"vault.hashicorp.com/agent-inject": "true",
"vault.hashicorp.com/role": "webapp",
"vault.hashicorp.com/role": "dev",
"vault.hashicorp.com/agent-inject-secret-nextauth": 'kv/data/dev/nextauth_secret',
"vault.hashicorp.com/agent-inject-secret-keycloack_client_id": 'kv/data/dev/keycloack_client_id',
"vault.hashicorp.com/agent-inject-secret-keycloack_client_secret": 'kv/data/dev/keycloack_client_secret',
"vault.hashicorp.com/agent-inject-secret-keycloak_client_id": 'kv/data/dev/keycloak_client_id',
"vault.hashicorp.com/agent-inject-secret-keycloak_client_secret": 'kv/data/dev/keycloak_client_secret',
"vault.hashicorp.com/agent-inject-template-dev": '| \
{{- with secret "kv/dev/nextauth_secret" -}} \
{{- range $key, $value := .Data.data }} \
export {{ $key }}={{ $value }} \
{{- end }} \
{{- end }}'
};
manifest.spec.template.spec = {
...manifest.spec.template.spec,
serviceAccountName: "vault"
};
}
}
return manifests;
Expand Down
1 change: 0 additions & 1 deletion .kontinuous/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@ app:
imagePackage: app
containerPort: 3000
probesPath: "/healthz"
serviceAccountName: vault
securityContext:
fsGroup: 1001
runAsGroup: 1000
Expand Down

0 comments on commit 60e9e0f

Please sign in to comment.