f03eb6f651
Deploys ArgoCD Image Updater into the argocd-image-updater namespace. Vault-managed secrets provide registry credentials for git.unkin.net and an ArgoCD API token. Prerequisites before syncing: - Create Vault role argocd-image-updater in k8s/au/syd1 - Populate kv/service/argocd-image-updater/registry-creds (key: creds, value: <user>:<token>) - Create ArgoCD local user image-updater and store token at kv/service/argocd-image-updater/argocd-token
19 lines
406 B
YAML
19 lines
406 B
YAML
---
|
|
apiVersion: secrets.hashicorp.com/v1beta1
|
|
kind: VaultAuth
|
|
metadata:
|
|
name: default
|
|
namespace: argocd-image-updater
|
|
spec:
|
|
allowedNamespaces:
|
|
- argocd-image-updater
|
|
kubernetes:
|
|
audiences:
|
|
- vault
|
|
role: argocd-image-updater
|
|
serviceAccount: argocd-image-updater
|
|
tokenExpirationSeconds: 600
|
|
method: kubernetes
|
|
mount: k8s/au/syd1
|
|
vaultConnectionRef: vso-system/default
|