sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add explicit vault inject for brusnika prod openobserve

Browse Source
This commit is contained in:
Kochetkov S 2026-06-17 21:49:03 +03:00
parent 729b7abf05
commit c22151e766
1 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
clusters/brusnika-prod/infrastructure/patches/openobserve.yaml
View File

@ -18,6 +18,43 @@ spec:
- op: add - op: add
path: /spec/template/metadata/annotations/sidecar.istio.io~1inject path: /spec/template/metadata/annotations/sidecar.istio.io~1inject
value: "false" value: "false"
- op: add
path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-init-first
value: "true"
- op: add
path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject
value: "true"
- op: add
path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-pre-populate-only
value: "true"
- op: add
path: /spec/template/metadata/annotations/vault.hashicorp.com~1auth-path
value: auth/kubernetes
- op: add
path: /spec/template/metadata/annotations/vault.hashicorp.com~1role
value: openobserve
- op: add
path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-openobserve-env
value: secrets/data/vault/apps/openobserve
- op: add
path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-template-openobserve-env
value: |-
{{- with secret "secrets/data/vault/apps/openobserve" -}}
ZO_ROOT_USER_EMAIL={{ printf "%q" (index .Data.data "ZO_ROOT_USER_EMAIL") }}
ZO_ROOT_USER_PASSWORD={{ printf "%q" (index .Data.data "ZO_ROOT_USER_PASSWORD") }}
ZO_META_POSTGRES_DSN={{ printf "%q" (index .Data.data "ZO_META_POSTGRES_DSN") }}
ZO_NATS_ADDR={{ printf "%q" (index .Data.data "ZO_NATS_ADDR") }}
PGHOST={{ printf "%q" (index .Data.data "PGHOST") }}
PGPORT={{ printf "%q" (index .Data.data "PGPORT") }}
PGDATABASE={{ printf "%q" (index .Data.data "PGDATABASE") }}
PGUSER={{ printf "%q" (index .Data.data "PGUSER") }}
PGPASSWORD={{ printf "%q" (index .Data.data "PGPASSWORD") }}
PGSSLMODE={{ printf "%q" (index .Data.data "PGSSLMODE") }}
PGSSLROOTCERT={{ printf "%q" (index .Data.data "PGSSLROOTCERT") }}
ZO_S3_ACCESS_KEY={{ printf "%q" (index .Data.data "ZO_S3_ACCESS_KEY") }}
ZO_S3_SECRET_KEY={{ printf "%q" (index .Data.data "ZO_S3_SECRET_KEY") }}
OPENOBSERVE_BASIC_AUTH={{ printf "%q" (index .Data.data "OPENOBSERVE_BASIC_AUTH") }}
{{- end -}}
- op: add - op: add
path: /spec/template/spec/imagePullSecrets path: /spec/template/spec/imagePullSecrets
value: value: