Add ESO OpenBao GitOps add-ons
This commit is contained in:
@@ -10,7 +10,7 @@ topic_slug: railiance
|
||||
planning_priority: high
|
||||
planning_order: 4
|
||||
created: "2026-06-19"
|
||||
updated: "2026-06-19"
|
||||
updated: "2026-06-25"
|
||||
state_hub_workstream_id: "e57e487b-8557-439d-8093-0457c73ede93"
|
||||
---
|
||||
|
||||
@@ -149,6 +149,21 @@ platform/operators/argocd/repositories/<repo-name>
|
||||
External Secrets Operator for values that become Kubernetes Secrets, CSI for
|
||||
file-reference workloads, and no OpenBao injector in the current deployment.
|
||||
|
||||
|
||||
## Follow-up Progress (2026-06-25)
|
||||
|
||||
- Added a platform-owned `railiance-platform-addons` AppProject for
|
||||
cluster-scoped add-ons.
|
||||
- Added the `external-secrets` ArgoCD Application for External Secrets
|
||||
Operator and the `openbao-secretstore` Application for
|
||||
`ClusterSecretStore/openbao`.
|
||||
- Added the least-privilege OpenBao policy and Kubernetes auth role helper for
|
||||
the issue-core ESO pilot. The role binds only the
|
||||
`external-secrets/external-secrets` service account and reads only
|
||||
`platform/workloads/issue-core/issue-core/*`.
|
||||
- Limited the initial `ClusterSecretStore/openbao` to the `issue-core`
|
||||
namespace; broaden only through a later platform review.
|
||||
|
||||
## Target State
|
||||
|
||||
- `argocd/bootstrap/` contains the two AppProjects and root app-of-apps
|
||||
|
||||
Reference in New Issue
Block a user