diff --git a/.kontinuous/patches/secrets.js b/.kontinuous/patches/secrets.js index 824ad368..e66534ce 100644 --- a/.kontinuous/patches/secrets.js +++ b/.kontinuous/patches/secrets.js @@ -9,10 +9,10 @@ module.exports = (manifests) => { ...manifest.spec.template.metadata.annotations, "vault.hashicorp.com/service": "http://vault.vault-dev.svc:8200", "vault.hashicorp.com/agent-inject": "true", - "vault.hashicorp.com/role": "webapp", + "vault.hashicorp.com/role": "dev", "vault.hashicorp.com/agent-inject-secret-nextauth": 'kv/data/dev/nextauth_secret', - "vault.hashicorp.com/agent-inject-secret-keycloack_client_id": 'kv/data/dev/keycloack_client_id', - "vault.hashicorp.com/agent-inject-secret-keycloack_client_secret": 'kv/data/dev/keycloack_client_secret', + "vault.hashicorp.com/agent-inject-secret-keycloak_client_id": 'kv/data/dev/keycloak_client_id', + "vault.hashicorp.com/agent-inject-secret-keycloak_client_secret": 'kv/data/dev/keycloak_client_secret', "vault.hashicorp.com/agent-inject-template-dev": '| \ {{- with secret "kv/dev/nextauth_secret" -}} \ {{- range $key, $value := .Data.data }} \ @@ -20,6 +20,10 @@ module.exports = (manifests) => { {{- end }} \ {{- end }}' }; + manifest.spec.template.spec = { + ...manifest.spec.template.spec, + serviceAccountName: "vault" + }; } } return manifests; diff --git a/.kontinuous/values.yaml b/.kontinuous/values.yaml index 050f41f5..70dce64f 100644 --- a/.kontinuous/values.yaml +++ b/.kontinuous/values.yaml @@ -37,7 +37,6 @@ app: imagePackage: app containerPort: 3000 probesPath: "/healthz" - serviceAccountName: vault securityContext: fsGroup: 1001 runAsGroup: 1000