Added openbao secrets management and phaseout of bitnami for CloudNative PG

This commit is contained in:
2026-05-18 11:53:59 +02:00
parent fc0a6c280b
commit 980947894e
8 changed files with 493 additions and 16 deletions

View File

@@ -22,7 +22,8 @@ Railiance is structured as five independent repos per OAS Stack layer. This repo
- PostgreSQL via CloudNative PG operator (cnpg) — operator deployed, `databases` namespace active
- Valkey / Redis-compatible cache as a standalone Helm release (to be extracted from S2)
- Secret management infrastructure
- Secret management infrastructure (OpenBao as the platform service,
SOPS/age for Git-at-rest bootstrap material)
- Identity services integration point (with net-kingdom)
- Message brokers (RabbitMQ, similar)
- Object storage (MinIO / S3-compatible)
@@ -111,10 +112,17 @@ description: S3-compatible object storage service (MinIO) for artifact storage,
keywords: [minio, s3, object-storage, storage, artifacts, backup]
```
```capability
type: security
title: OpenBao platform secrets service
description: Canonical S3 secrets service for runtime secrets, dynamic credentials, audit, and future workload integrations. SOPS/age remains the bootstrap mechanism for Git-at-rest secrets.
keywords: [openbao, secrets, vault-compatible, secret-management, dynamic-credentials, audit, kubernetes-auth]
```
---
## Getting Oriented
- Start with: `CLAUDE.md` (session protocol, boundary rules)
- Key files / directories: `workplans/RAIL-PL-WP-0001-platform-baseline.md`, `helm/` (platform Helm charts), `Makefile`
- Key files / directories: `workplans/RAIL-PL-WP-0001-platform-baseline.md`, `workplans/RAIL-PL-WP-0002-openbao-platform-secrets-service.md`, `helm/` (platform Helm charts), `docs/openbao.md`, `Makefile`
- Pre-conditions: railiance-cluster (S2) converged with k3s running; cluster backup verified before migration steps (`sudo make backup` in railiance-cluster)