{{- if and (.Values.local.enabled) (.Values.externalSecrets.enabled) }} --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: {{ include "volsync.localRepoName" . }} namespace: {{ include "volsync.namespace" . }} labels: {{- include "volsync.labels" . | nindent 4 }} app.kubernetes.io/name: {{ include "volsync.localRepoName" . }} {{- with .Values.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/{{ .Release.Namespace }}/{{ .Values.pvcTarget | required "PVC target is required" }}" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.local.externalSecret.volsyncPath | required "External Secret Volsync local path is required" }} metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.local.externalSecret.volsyncPath | required "External Secret Volsync local path is required" }} metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential local path is required" }} metadataPolicy: None property: ACCESS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential local path is required" }} metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential local path is required" }} metadataPolicy: None property: ACCESS_SECRET_KEY {{- end }} {{- if and (.Values.remote.enabled) (.Values.externalSecrets.enabled) }} --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: {{ include "volsync.remoteRepoName" . }} namespace: {{ include "volsync.namespace" . }} labels: {{- include "volsync.labels" . | nindent 4 }} app.kubernetes.io/name: {{ include "volsync.remoteRepoName" . }} {{- with .Values.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/{{ .Release.Namespace }}/{{ .Values.pvcTarget | required "PVC target is required" }}" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.remote.externalSecret.volsyncPath | required "External Secret Volsync remote path is required" }} metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.remote.externalSecret.volsyncPath | required "External Secret Volsync remote path is required" }} metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.remote.externalSecret.credentialPath | required "External Secret Credential remote path is required" }} metadataPolicy: None property: ACCESS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.remote.externalSecret.credentialPath | required "External Secret Credential remote path is required" }} metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.remote.externalSecret.credentialPath | required "External Secret Credential remote path is required" }} metadataPolicy: None property: ACCESS_SECRET_KEY {{- end }} {{- if and (.Values.external.enabled) (.Values.externalSecrets.enabled) }} --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: {{ include "volsync.externalRepoName" . }} namespace: {{ include "volsync.namespace" . }} labels: {{- include "volsync.labels" . | nindent 4 }} app.kubernetes.io/name: {{ include "volsync.externalRepoName" . }} {{- with .Values.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/{{ .Release.Namespace }}/{{ .Values.pvcTarget | required "PVC target is required" }}" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.external.externalSecret.volsyncPath | required "External Secret Volsync external path is required" }} metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.external.externalSecret.volsyncPath | required "External Secret Volsync external path is required" }} metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.external.externalSecret.credentialPath | required "External Secret Credential external path is required" }} metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.external.externalSecret.credentialPath | required "External Secret Credential external path is required" }} metadataPolicy: None property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: {{ .Values.external.externalSecret.credentialPath | required "External Secret Credential external path is required" }} metadataPolicy: None property: AWS_SECRET_ACCESS_KEY {{- end }}