{{- if and (.Values.local.enabled) (.Values.externalSecrets.enabled) }} --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: {{ include "volsync.localRepoName" . }} namespace: {{ include "volsync.namespace" . }} labels: {{- include "volsync.labels" . | nindent 4 }} app.kubernetes.io/name: {{ include "volsync.localRepoName" . }} {{- with .Values.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} spec: secretStoreRef: kind: ClusterSecretStore name: openbao target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "s3:{{ `{{ .ENDPOINT }}` }}/{{ `{{ .BUCKET }}` }}/{{ .Values.kubernetesClusterName }}/{{ .Release.Namespace }}/{{ .Values.pvcTarget | required "PVC target is required" }}" data: - secretKey: ENDPOINT remoteRef: key: {{ .Values.local.externalSecret.bucketPath | required "External Secret Volsync local path is required" }} property: ENDPOINT_LOCAL - secretKey: BUCKET remoteRef: key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Volsync local path is required" }} property: BUCKET - secretKey: RESTIC_PASSWORD remoteRef: key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Volsync local path is required" }} property: RESTIC_PASSWORD_LOCAL - secretKey: AWS_DEFAULT_REGION remoteRef: key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential local path is required" }} property: ACCESS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential local path is required" }} property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential local path is required" }} property: ACCESS_SECRET_KEY {{- end }} {{- if and (.Values.remote.enabled) (.Values.externalSecrets.enabled) }} --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: {{ include "volsync.remoteRepoName" . }} namespace: {{ include "volsync.namespace" . }} labels: {{- include "volsync.labels" . | nindent 4 }} app.kubernetes.io/name: {{ include "volsync.remoteRepoName" . }} {{- with .Values.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} spec: secretStoreRef: kind: ClusterSecretStore name: openbao target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "s3:{{ `{{ .ENDPOINT }}` }}/{{ `{{ .BUCKET }}` }}/{{ .Values.kubernetesClusterName }}/{{ .Release.Namespace }}/{{ .Values.pvcTarget | required "PVC target is required" }}" data: - secretKey: ENDPOINT remoteRef: key: {{ .Values.remote.externalSecret.bucketPath | required "External Secret Volsync local path is required" }} property: ENDPOINT_REMOTE - secretKey: BUCKET remoteRef: key: {{ .Values.remote.externalSecret.credentialPath | required "External Secret Volsync local path is required" }} property: BUCKET - secretKey: RESTIC_PASSWORD remoteRef: key: {{ .Values.remote.externalSecret.credentialPath | required "External Secret Volsync local path is required" }} property: RESTIC_PASSWORD_REMOTE - secretKey: AWS_DEFAULT_REGION remoteRef: key: {{ .Values.remote.externalSecret.credentialPath | required "External Secret Credential remote path is required" }} property: ACCESS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: key: {{ .Values.remote.externalSecret.credentialPath | required "External Secret Credential remote path is required" }} property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: key: {{ .Values.remote.externalSecret.credentialPath | required "External Secret Credential remote path is required" }} property: ACCESS_SECRET_KEY {{- end }} {{- if and (.Values.external.enabled) (.Values.externalSecrets.enabled) }} --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: {{ include "volsync.externalRepoName" . }} namespace: {{ include "volsync.namespace" . }} labels: {{- include "volsync.labels" . | nindent 4 }} app.kubernetes.io/name: {{ include "volsync.externalRepoName" . }} {{- with .Values.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} spec: secretStoreRef: kind: ClusterSecretStore name: openbao target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "s3:{{ `{{ .ENDPOINT }}` }}/{{ `{{ .BUCKET }}` }}/{{ .Values.kubernetesClusterName }}/{{ .Release.Namespace }}/{{ .Values.pvcTarget | required "PVC target is required" }}" data: - secretKey: ENDPOINT remoteRef: key: {{ .Values.external.externalSecret.bucketPath | required "External Secret Volsync external path is required" }} property: ENDPOINT - secretKey: BUCKET remoteRef: key: {{ .Values.external.externalSecret.credentialPath | required "External Secret Volsync local path is required" }} property: BUCKET - secretKey: RESTIC_PASSWORD remoteRef: key: {{ .Values.external.externalSecret.credentialPath | required "External Secret Volsync external path is required" }} property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: key: {{ .Values.external.externalSecret.credentialPath | required "External Secret Credential external path is required" }} property: AWS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: key: {{ .Values.external.externalSecret.credentialPath | required "External Secret Credential external path is required" }} property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: key: {{ .Values.external.externalSecret.credentialPath | required "External Secret Credential external path is required" }} property: AWS_SECRET_ACCESS_KEY {{- end }}