parent
1926560274
commit
4c82c014f8
@ -1,3 +1,46 @@ |
||||
local appDef = import './app-definitions.libsonnet'; |
||||
|
||||
appDef.localApplication(name="drone") |
||||
[ |
||||
appDef.localApplication(name="drone"), |
||||
|
||||
// TODO - maybe extract this, too? |
||||
{ |
||||
apiVersion: "secrets.hashicorp.com/v1beta1", |
||||
kind: "VaultAuth", |
||||
metadata: { |
||||
name: "static-auth", |
||||
namespace: "drone" |
||||
}, |
||||
spec: { |
||||
method: "kubernetes", |
||||
mount: "kubernetes", |
||||
kubernetes: { |
||||
role: "vault-secrets-operator", |
||||
serviceAccount: "default", |
||||
audiences: ["vault"] |
||||
} |
||||
} |
||||
}, |
||||
|
||||
// Note that currently this secret is created manually and statically. It'd be really cool for cold-start setup if OAuth |
||||
// App creation could be triggered at Gitea startup, and a secret automatically created! |
||||
{ |
||||
apiVersion: "secrets.hashicorp.com/v1beta1", |
||||
kind: "VaultStaticSecret", |
||||
metadata: { |
||||
name: "gitea-oauth-creds", |
||||
namespace: "drone" |
||||
}, |
||||
spec: { |
||||
type: "kv-v2", |
||||
mount: "shared-secrets", |
||||
path: "gitea/oauth-creds", |
||||
destination: { |
||||
name: "gitea-oauth-creds", |
||||
create: true |
||||
}, |
||||
refreshAfter: "30s", |
||||
vaultAuthRef: "static-auth" |
||||
} |
||||
} |
||||
] |
Loading…
Reference in new issue