studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7ff35d3e0cc2f644b674daa55d29584cdc4641f7
sbbb/base/monitoring/vault-secrets.yaml

37 lines
761 B
YAML
Raw Normal View History

feat(infra): production bootstrap — cert-manager, longhorn, monitoring Add new bases for cert-manager (Let's Encrypt + wildcard cert), Longhorn distributed storage, and monitoring (kube-prometheus-stack + Loki + Tempo + Grafana OIDC). Add cloud-init for Scaleway Elastic Metal provisioning. Production overlay: add patches for postgres sizing, SeaweedFS volume, OpenSearch storage, LiveKit service, Pingora host ports, resource limits, and CNPG daily barman backups. Update cert-manager.yaml with full dnsNames for all *.sunbeam.pt subdomains.
2026-03-06 12:06:27 +00:00
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: vso-auth
namespace: monitoring
spec:
method: kubernetes
mount: kubernetes
kubernetes:
role: vso
serviceAccount: default
---
# Grafana admin password from OpenBao KV at secret/grafana.
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: grafana-admin
namespace: monitoring
spec:
vaultAuthRef: vso-auth
mount: secret
type: kv-v2
path: grafana
refreshAfter: 30s
destination:
name: grafana-admin
create: true
overwrite: true
transformation:
excludeRaw: true
templates:
admin-password:
text: "{{ index .Secrets \"admin-password\" }}"
admin-user:
text: "admin"
Reference in New Issue Copy Permalink