Add explicit vault inject for brusnika prod openobserve

2026-06-17 21:49:03 +03:00 · 2026-06-17 21:49:03 +03:00 · c22151e766
commit c22151e766
parent 729b7abf05
1 changed files with 37 additions and 0 deletions
--- a/clusters/brusnika-prod/infrastructure/patches/openobserve.yaml
+++ b/clusters/brusnika-prod/infrastructure/patches/openobserve.yaml
@ -18,6 +18,43 @@ spec:
              - op: add
                path: /spec/template/metadata/annotations/sidecar.istio.io~1inject
                value: "false"
+              - op: add
+                path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-init-first
+                value: "true"
+              - op: add
+                path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject
+                value: "true"
+              - op: add
+                path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-pre-populate-only
+                value: "true"
+              - op: add
+                path: /spec/template/metadata/annotations/vault.hashicorp.com~1auth-path
+                value: auth/kubernetes
+              - op: add
+                path: /spec/template/metadata/annotations/vault.hashicorp.com~1role
+                value: openobserve
+              - op: add
+                path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-openobserve-env
+                value: secrets/data/vault/apps/openobserve
+              - op: add
+                path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-template-openobserve-env
+                value: |-
+                  {{- with secret "secrets/data/vault/apps/openobserve" -}}
+                  ZO_ROOT_USER_EMAIL={{ printf "%q" (index .Data.data "ZO_ROOT_USER_EMAIL") }}
+                  ZO_ROOT_USER_PASSWORD={{ printf "%q" (index .Data.data "ZO_ROOT_USER_PASSWORD") }}
+                  ZO_META_POSTGRES_DSN={{ printf "%q" (index .Data.data "ZO_META_POSTGRES_DSN") }}
+                  ZO_NATS_ADDR={{ printf "%q" (index .Data.data "ZO_NATS_ADDR") }}
+                  PGHOST={{ printf "%q" (index .Data.data "PGHOST") }}
+                  PGPORT={{ printf "%q" (index .Data.data "PGPORT") }}
+                  PGDATABASE={{ printf "%q" (index .Data.data "PGDATABASE") }}
+                  PGUSER={{ printf "%q" (index .Data.data "PGUSER") }}
+                  PGPASSWORD={{ printf "%q" (index .Data.data "PGPASSWORD") }}
+                  PGSSLMODE={{ printf "%q" (index .Data.data "PGSSLMODE") }}
+                  PGSSLROOTCERT={{ printf "%q" (index .Data.data "PGSSLROOTCERT") }}
+                  ZO_S3_ACCESS_KEY={{ printf "%q" (index .Data.data "ZO_S3_ACCESS_KEY") }}
+                  ZO_S3_SECRET_KEY={{ printf "%q" (index .Data.data "ZO_S3_SECRET_KEY") }}
+                  OPENOBSERVE_BASIC_AUTH={{ printf "%q" (index .Data.data "OPENOBSERVE_BASIC_AUTH") }}
+                  {{- end -}}
              - op: add
                path: /spec/template/spec/imagePullSecrets
                value: