Add shared Infisical auth layer (InfisicalConnection + InfisicalAuth)

Phase 2: GitOps-managed shared auth layer in infisical-operator ns —
InfisicalConnection (https://infisical.chemavx.xyz) + InfisicalAuth
(kubernetes method, operator SA via TokenReview) + identity-ID Secret
(non-secret UUID; auth is via SA token, so safe in git). To be referenced
cross-namespace by per-app InfisicalStaticSecret CRs later. No real secret yet.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
2026-06-18 20:39:30 +00:00
co-authored by Claude Opus 4.8
parent 5f6b491ed3
commit 5a0fd04598
4 changed files with 54 additions and 0 deletions
@@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: infisical-machine-identity
namespace: infisical-operator
type: Opaque
stringData:
# Non-secret UUID for machine identity "k8s-operator". Required as a secretRef
# by the InfisicalAuth schema; auth happens via the operator's SA token (TokenReview),
# so this value grants nothing on its own. Safe to commit.
identityId: "42c12566-1058-4674-a5f5-0cc1bc0ea4e7"