apiVersion: v1 kind: ServiceAccount metadata: name: erpnext-sa namespace: erpnext annotations: azure.workload.identity/client-id: "${CLIENT_ID}" --- apiVersion: secrets-store.csi.x-k8s.io/v1 kind: SecretProviderClass metadata: name: erpnext-secrets namespace: erpnext spec: provider: azure parameters: usePodIdentity: "false" useVMManagedIdentity: "true" userAssignedIdentityID: "${CLIENT_ID}" keyvaultName: "${KEYVAULT_NAME}" cloudName: "AzurePublicCloud" objects: | array: - | objectName: erpnext-admin-password objectType: secret objectAlias: admin-password - | objectName: erpnext-db-password objectType: secret objectAlias: db-password - | objectName: erpnext-redis-key objectType: secret objectAlias: redis-key - | objectName: erpnext-api-key objectType: secret objectAlias: api-key - | objectName: erpnext-api-secret objectType: secret objectAlias: api-secret - | objectName: erpnext-encryption-key objectType: secret objectAlias: encryption-key - | objectName: erpnext-jwt-secret objectType: secret objectAlias: jwt-secret tenantId: "${TENANT_ID}" secretObjects: - secretName: erpnext-secrets type: Opaque data: - objectName: admin-password key: admin-password - objectName: db-password key: db-password - objectName: redis-key key: redis-key - objectName: api-key key: api-key - objectName: api-secret key: api-secret - objectName: encryption-key key: encryption-key - objectName: jwt-secret key: jwt-secret --- apiVersion: v1 kind: Secret metadata: name: azure-storage-secret namespace: erpnext type: Opaque stringData: azurestorageaccountname: "${STORAGE_ACCOUNT}" azurestorageaccountkey: "${STORAGE_KEY}" --- apiVersion: v1 kind: Secret metadata: name: acr-secret namespace: erpnext type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: | { "auths": { "${ACR_LOGIN_SERVER}": { "username": "${ACR_USERNAME}", "password": "${ACR_PASSWORD}", "auth": "${ACR_AUTH}" } } }