update secret-es

k8s/11-petclinic-secret-es.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: petclinic-db-secret
+  namespace: petclinic-ns
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: aws-secretsmanager
+    kind: ClusterSecretStore
+  target:
+    name: petclinic-db-secret      # 실제 생성될 k8s Secret 이름
+    creationPolicy: Owner
+  data:
+    - secretKey: SPRING_DATASOURCE_USERNAME
+      remoteRef:
+        key: arn:aws:secretsmanager:ap-northeast-2:723926525504:secret:rds!db-6b52b01a-5c9d-4ff6-b787-d67320379683-mhNAu6   # master_user_secret_arn
+        property: username
+    - secretKey: SPRING_DATASOURCE_PASSWORD
+      remoteRef:
+        key: arn:aws:secretsmanager:ap-northeast-2:723926525504:secret:rds!db-6b52b01a-5c9d-4ff6-b787-d67320379683-mhNAu6   # 같은 ARN
+        property: password

k8s/11-petclinic-secret.yaml

@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: petclinic-db-secret
-  namespace: petclinic-ns
-type: Opaque
-stringData:
-  SPRING_DATASOURCE_USERNAME: "petclinic"
-  SPRING_DATASOURCE_PASSWORD: "poweradmin!"

k8s/12-petclinic-clustersecretstore.yaml

@@ -0,0 +1,14 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: aws-secretsmanager
+spec:
+  provider:
+    aws:
+      service: SecretsManager
+      region: ap-northeast-2
+      auth:
+        jwt:
+          serviceAccountRef:
+            name: external-secrets
+            namespace: external-secrets