Use https://bao.coulomb.social with token auth until railiance01 OpenBao is bootstrapped; the in-cluster railiance01 instance is not initialized.
27 lines
No EOL
897 B
YAML
27 lines
No EOL
897 B
YAML
# Interim: Forgejo on railiance01 reads SMTP creds from coulombcore OpenBao
|
|
# (https://bao.coulomb.social) until railiance01 OpenBao is bootstrapped (Wave 7).
|
|
#
|
|
# Prereq: Secret external-secrets/openbao-forgejo-eso-token (key: token) with a
|
|
# policy-limited OpenBao token that can read platform/workloads/forgejo/forgejo-mailer.
|
|
# Bootstrap: railiance-apps make forgejo-openbao-eso-token-apply
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ClusterSecretStore
|
|
metadata:
|
|
name: openbao-forgejo
|
|
labels:
|
|
app.kubernetes.io/part-of: railiance-gitops
|
|
railiance-platform/component: external-secrets
|
|
spec:
|
|
provider:
|
|
vault:
|
|
server: https://bao.coulomb.social
|
|
path: platform
|
|
version: v2
|
|
auth:
|
|
tokenSecretRef:
|
|
name: openbao-forgejo-eso-token
|
|
namespace: external-secrets
|
|
key: token
|
|
conditions:
|
|
- namespaces:
|
|
- forgejo |