From b68493da2025a3e1cdbea9edd2fab4eef13be1b9 Mon Sep 17 00:00:00 2001
From: mklee <insulin90@gmail.com>
Date: Thu, 4 Dec 2025 13:36:01 +0000
Subject: [PATCH] update secret-es

---
 k8s/11-petclinic-secret-es.yaml          | 22 ++++++++++++++++++++++
 k8s/11-petclinic-secret.yaml             |  9 ---------
 k8s/12-petclinic-clustersecretstore.yaml | 14 ++++++++++++++
 3 files changed, 36 insertions(+), 9 deletions(-)
 create mode 100644 k8s/11-petclinic-secret-es.yaml
 delete mode 100644 k8s/11-petclinic-secret.yaml
 create mode 100644 k8s/12-petclinic-clustersecretstore.yaml

diff --git a/k8s/11-petclinic-secret-es.yaml b/k8s/11-petclinic-secret-es.yaml
new file mode 100644
index 000000000..bfac6ee8b
--- /dev/null
+++ b/k8s/11-petclinic-secret-es.yaml
@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: petclinic-db-secret
+  namespace: petclinic-ns
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: aws-secretsmanager
+    kind: ClusterSecretStore
+  target:
+    name: petclinic-db-secret      # 실제 생성될 k8s Secret 이름
+    creationPolicy: Owner
+  data:
+    - secretKey: SPRING_DATASOURCE_USERNAME
+      remoteRef:
+        key: arn:aws:secretsmanager:ap-northeast-2:723926525504:secret:rds!db-6b52b01a-5c9d-4ff6-b787-d67320379683-mhNAu6   # master_user_secret_arn
+        property: username
+    - secretKey: SPRING_DATASOURCE_PASSWORD
+      remoteRef:
+        key: arn:aws:secretsmanager:ap-northeast-2:723926525504:secret:rds!db-6b52b01a-5c9d-4ff6-b787-d67320379683-mhNAu6   # 같은 ARN
+        property: password
diff --git a/k8s/11-petclinic-secret.yaml b/k8s/11-petclinic-secret.yaml
deleted file mode 100644
index beee2e156..000000000
--- a/k8s/11-petclinic-secret.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: petclinic-db-secret
-  namespace: petclinic-ns
-type: Opaque
-stringData:
-  SPRING_DATASOURCE_USERNAME: "petclinic"
-  SPRING_DATASOURCE_PASSWORD: "poweradmin!"
diff --git a/k8s/12-petclinic-clustersecretstore.yaml b/k8s/12-petclinic-clustersecretstore.yaml
new file mode 100644
index 000000000..0d34416fe
--- /dev/null
+++ b/k8s/12-petclinic-clustersecretstore.yaml
@@ -0,0 +1,14 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: aws-secretsmanager
+spec:
+  provider:
+    aws:
+      service: SecretsManager
+      region: ap-northeast-2
+      auth:
+        jwt:
+          serviceAccountRef:
+            name: external-secrets
+            namespace: external-secrets