Point Forgejo ClusterSecretStore at live coulombcore OpenBao
All checks were successful
CI Smoke / host-smoke (push) Successful in 1s
CI Smoke / container-smoke (push) Successful in 2s

Use https://bao.coulomb.social with token auth until railiance01 OpenBao is
bootstrapped; the in-cluster railiance01 instance is not initialized.
This commit is contained in:
tegwick 2026-07-07 14:35:46 +02:00
parent 0941d6e8f9
commit f428940da8

View file

@ -1,3 +1,9 @@
# Interim: Forgejo on railiance01 reads SMTP creds from coulombcore OpenBao
# (https://bao.coulomb.social) until railiance01 OpenBao is bootstrapped (Wave 7).
#
# Prereq: Secret external-secrets/openbao-forgejo-eso-token (key: token) with a
# policy-limited OpenBao token that can read platform/workloads/forgejo/forgejo-mailer.
# Bootstrap: railiance-apps make forgejo-openbao-eso-token-apply
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore kind: ClusterSecretStore
metadata: metadata:
@ -8,16 +14,14 @@ metadata:
spec: spec:
provider: provider:
vault: vault:
server: http://openbao.openbao.svc.cluster.local:8200 server: https://bao.coulomb.social
path: platform path: platform
version: v2 version: v2
auth: auth:
kubernetes: tokenSecretRef:
mountPath: kubernetes name: openbao-forgejo-eso-token
role: external-secrets-forgejo namespace: external-secrets
serviceAccountRef: key: token
name: external-secrets
namespace: external-secrets
conditions: conditions:
- namespaces: - namespaces:
- forgejo - forgejo