Secret Store CSI Driverの使用を有効にするために、FEPClusterCR の spec.fepChildCrVal セクション配下にあるパラメータ“secretStore”を設定します。secretStore.csiの配下に、外部のシークレットストア (Azure、AWS、GCP、および HashiCorp Vault) に接続するための詳細と、そのシークレットストア内のシークレットのリストを定義する必要があります。spec.fepChildCrVal.secretStore パラメータの定義は、使用されるプロバイダのタイプによって異なります。
spec:
…..
fepChildCrVal:
secretStore:
method: csi
csi:
providerName: azure
azureProvider:
keyvaultname:
tenantid:
credentials:
fepSecrets:
- pgadminpassword: pgadminpassword
- tdepassphrase: passphrase
- systemCertificates: systemCerts
- pguser: pgusername
- pgpassword: pgpwd
- pgdb: pgdbsecret
- pgrepluser: pgrepluser
- pgreplpassword: pgreplpassword
- pgRewinduser: pgRewinduser
- pgRewindpassword: pgRewindpassword
- pgMetricsUser: metricsuser
- pgMetricsPassword: metricspwd
- patronitls: patronicrt
- patronitlscacrt: patronica
- postgrestls: postgrescrt
- postgrestlscacrt: postgresca
- pgAdminTls: admincrt
- pgAdminTlscacrt: adminca
- pgAdminTls_privateKeyPassword: adminpvtkey
- pgRewindUserTls: rewindcrt
- pgRewindUserTlscacrt: rewindca
- pgRewindUserTls_privateKeyPassword: rwndpvtkey
- pgrepluserTls: replcrt
- pgrepluserTlscacrt: replca
- pgrepluserTls_privateKeyPassword: replpvtkey
- pgMetricsUserTls: metricscrt
- pgMetricsUserTlscacrt: metricsca
- pgMetricsUserTls_privateKeyPassword: adminpvtkey
fepCustomCerts:
- userName:user1
userCrt: user1crt
userCa: user1ca
- userName: mydbuser
userCrt: mydbusercrt
userCa: mydbuserca注: fepSecretsで黒字の部分のパラメータは必須です。
spec:
…..
fepChildCrVal:
secretStore:
method: csi
csi:
providerName: aws
awsProvider:
region:
roleName:
fepSecrets:
- pgadminpassword: pgadminpassword
- tdepassphrase: passphrase
- systemCertificates: systemCerts
- pguser: pgusername
- pgpassword: pgpwd
- pgdb: pgdbsecret
- pgrepluser: pgrepluser
- pgreplpassword: pgreplpassword
- pgRewinduser: pgRewinduser
- pgRewindpassword: pgRewindpassword
- pgMetricsUser: metricsuser
- pgMetricsPassword: metricspwd
- patronitls: patronicrt
- patronitlscacrt: patronica
- postgrestls: postgrescrt
- postgrestlscacrt: postgresca
- pgAdminTls: admincrt
- pgAdminTlscacrt: adminca
- pgAdminTls_privateKeyPassword: adminpvtkey
- pgRewindUserTls: rewindcrt
- pgRewindUserTlscacrt: rewindca
- pgRewindUserTls_privateKeyPassword: rwndpvtkey
- pgrepluserTls: replcrt
- pgrepluserTlscacrt: replca
- pgrepluserTls_privateKeyPassword: replpvtkey
- pgMetricsUserTls: metricscrt
- pgMetricsUserTlscacrt: metricsca
- pgMetricsUserTls_privateKeyPassword: adminpvtkey
fepCustomCerts:
- userName:user1
userCrt: user1crt
userCa: user1ca
- userName: mydbuser
userCrt: mydbusercrt
userCa: mydbuserca注: fepSecretsで黒字の部分のパラメータは必須です。
spec:
…..
fepChildCrVal:
secretStore:
method: csi
csi:
providerName: gcp
gcpProvider:
credentials:
fepSecrets:
- pgadminpassword: pgadminpassword
- tdepassphrase: passphrase
- systemCertificates: systemCerts
- pguser: pgusername
- pgpassword: pgpwd
- pgdb: pgdbsecret
- pgrepluser: pgrepluser
- pgreplpassword: pgreplpassword
- pgRewinduser: pgRewinduser
- pgRewindpassword: pgRewindpassword
- pgMetricsUser: metricsuser
- pgMetricsPassword: metricspwd
- patronitls: patronicrt
- patronitlscacrt: patronica
- postgrestls: postgrescrt
- postgrestlscacrt: postgresca
- pgAdminTls: admincrt
- pgAdminTlscacrt: adminca
- pgAdminTls_privateKeyPassword: adminpvtkey
- pgRewindUserTls: rewindcrt
- pgRewindUserTlscacrt: rewindca
- pgRewindUserTls_privateKeyPassword: rwndpvtkey
- pgrepluserTls: replcrt
- pgrepluserTlscacrt: replca
- pgrepluserTls_privateKeyPassword: replpvtkey
- pgMetricsUserTls: metricscrt
- pgMetricsUserTlscacrt: metricsca
- pgMetricsUserTls_privateKeyPassword: adminpvtkey
fepCustomCerts:
- userName:user1
userCrt: user1crt
userCa: user1ca
- userName: mydbuser
userCrt: mydbusercrt
userCa: mydbuserca注: fepSecretsで黒字の部分のパラメータは必須です。
spec:
…..
fepChildCrVal:
secretStore:
method: csi
csi:
providerName: vault
vaultProvider:
roleName: "database"
vaultAddress: "http://vault-url-addr:8765"
fepSecrets:
- pgadminpassword: pgadminpassword
- tdepassphrase: passphrase
- systemCertificates: systemCerts
- pguser: pgusername
- pgpassword: pgpwd
- pgdb: pgdbsecret
- pgrepluser: pgrepluser
- pgreplpassword: pgreplpassword
- pgRewinduser: pgRewinduser
- pgRewindpassword: pgRewindpassword
- pgMetricsUser: metricsuser
- pgMetricsPassword: metricspwd
- patronitls: patronicrt
- patronitlscacrt: patronica
- postgrestls: postgrescrt
- postgrestlscacrt: postgresca
- pgAdminTls: admincrt
- pgAdminTlscacrt: adminca
- pgAdminTls_privateKeyPassword: adminpvtkey
- pgRewindUserTls: rewindcrt
- pgRewindUserTlscacrt: rewindca
- pgRewindUserTls_privateKeyPassword: rwndpvtkey
- pgrepluserTls: replcrt
- pgrepluserTlscacrt: replca
- pgrepluserTls_privateKeyPassword: replpvtkey
- pgMetricsUserTls: metricscrt
- pgMetricsUserTlscacrt: metricsca
- pgMetricsUserTls_privateKeyPassword: adminpvtkey
fepCustomCerts:
- userName:user1
userCrt: user1crt
userCa: user1ca
- userName: mydbuser
userCrt: mydbusercrt
userCa: mydbuserca注: fepSecretsで黒字の部分のパラメータは必須です。