diff --git a/deploy/base/db-taskarr-user.yaml b/deploy/base/db-taskarr-user.yaml new file mode 100644 index 0000000..131de47 --- /dev/null +++ b/deploy/base/db-taskarr-user.yaml @@ -0,0 +1,19 @@ +apiVersion: secrets.hashicorp.com/v1beta1 +kind: HCPDynamicSecret +metadata: + name: taskarr-db-app-user +spec: + mount: database + path: creds/taskarr-role + method: GET + destination: + name: taskarr-db-url + create: true + # This is where the magic happens + transformation: + templates: + DATABASE_URL: + # Use Go template syntax to build the string + # 'username' and 'password' come from the Vault response + content: "postgresql://{{ .username }}:{{ .password }}@postgres-service.taskarr.svc.cluster.local:5432/taskarr_db?sslmode=disable" + refreshAfter: 1h diff --git a/deploy/base/deployment.yaml b/deploy/base/deployment.yaml index 787a5a5..47c767b 100644 --- a/deploy/base/deployment.yaml +++ b/deploy/base/deployment.yaml @@ -48,7 +48,7 @@ spec: - name: DATABASE_URL valueFrom: secretKeyRef: - name: taskarr-app + name: taskarr-db-url key: DATABASE_URL - name: ORIGIN valueFrom: diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml index e56a0b5..f66c4e5 100644 --- a/deploy/base/kustomization.yaml +++ b/deploy/base/kustomization.yaml @@ -13,4 +13,4 @@ resources: - ./postgres.yaml - ./database-secret.yaml - ./app-secret.yaml - - ./expose.yaml + - ./db-taskarr-user.yaml