Add venafi-components VenafiConnection and supporting resources

wallrj · wallrj · commit 5fca3a35d795 · 2024-08-20T11:47:02.000+01:00
Signed-off-by: Richard Wall &lt;richard.wall@venafi.com&gt;
diff --git a/test.sh b/test.sh
@@ -85,3 +85,5 @@ venctl components kubernetes apply \
        --venafi-kubernetes-agent-values-files "${script_dir}/values.venafi-kubernetes-agent.yaml" \
        --venafi-kubernetes-agent-custom-image-registry "${OCI_BASE}/images" \
        --venafi-kubernetes-agent-custom-chart-repository "oci://${OCI_BASE}/charts"
+
+envsubst < venafi-components.yaml | kubectl apply -n venafi -f -
diff --git a/venafi-components.yaml b/venafi-components.yaml
@@ -0,0 +1,40 @@
+apiVersion: jetstack.io/v1alpha1
+kind: VenafiConnection
+metadata:
+  name: venafi-components
+spec:
+  vcp:
+    apiKey:
+    - secret:
+        name: venafi-credentials
+        fields: ["api-key"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+      name: get-venafi-credentials
+rules:
+    - apiGroups: [ "" ]
+      resources: [ "secrets" ]
+      verbs: [ "get" ]
+      resourceNames: [ "venafi-credentials" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: application-team-1-secret-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: get-venafi-credentials
+subjects:
+- kind: ServiceAccount
+  name: venafi-connection
+  namespace: venafi
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: venafi-credentials
+stringData:
+  api-key: ${VEN_API_KEY}
