52 lines
1.6 KiB
YAML
52 lines
1.6 KiB
YAML
{{- if and .Values.orchard.database.secretsManager .Values.orchard.database.secretsManager.enabled }}
|
|
apiVersion: secrets-store.csi.x-k8s.io/v1
|
|
kind: SecretProviderClass
|
|
metadata:
|
|
name: {{ include "orchard.fullname" . }}-db-secret
|
|
labels:
|
|
{{- include "orchard.labels" . | nindent 4 }}
|
|
spec:
|
|
provider: aws
|
|
parameters:
|
|
objects: |
|
|
- objectName: "{{ .Values.orchard.database.secretsManager.secretArn }}"
|
|
objectType: "secretsmanager"
|
|
jmesPath:
|
|
- path: username
|
|
objectAlias: db-username
|
|
- path: password
|
|
objectAlias: db-password
|
|
secretObjects:
|
|
- secretName: {{ include "orchard.fullname" . }}-db-credentials
|
|
type: Opaque
|
|
data:
|
|
- objectName: db-username
|
|
key: username
|
|
- objectName: db-password
|
|
key: password
|
|
{{- end }}
|
|
---
|
|
{{- if and .Values.orchard.auth .Values.orchard.auth.secretsManager .Values.orchard.auth.secretsManager.enabled }}
|
|
apiVersion: secrets-store.csi.x-k8s.io/v1
|
|
kind: SecretProviderClass
|
|
metadata:
|
|
name: {{ include "orchard.fullname" . }}-auth-secret
|
|
labels:
|
|
{{- include "orchard.labels" . | nindent 4 }}
|
|
spec:
|
|
provider: aws
|
|
parameters:
|
|
objects: |
|
|
- objectName: "{{ .Values.orchard.auth.secretsManager.secretArn }}"
|
|
objectType: "secretsmanager"
|
|
jmesPath:
|
|
- path: admin_password
|
|
objectAlias: admin-password
|
|
secretObjects:
|
|
- secretName: {{ include "orchard.fullname" . }}-auth-credentials
|
|
type: Opaque
|
|
data:
|
|
- objectName: admin-password
|
|
key: admin-password
|
|
{{- end }}
|