From 44f4584cfb594d3f4ff9e116d5520a8e55e8bd81 Mon Sep 17 00:00:00 2001
From: gitea-bot <gitea-bot@alexlebens.net>
Date: Sat, 18 Apr 2026 00:22:29 +0000
Subject: [PATCH] chore: Update manifests after change

---
 .../ClusterRoleBinding-external-secrets.yaml  | 17 ++++++++++++++
 .../ClusterSecretStore-openbao.yaml           | 23 +++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets.yaml
 create mode 100644 clusters/cl01tl/manifests/external-secrets/ClusterSecretStore-openbao.yaml

diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets.yaml
new file mode 100644
index 000000000..0dc62650f
--- /dev/null
+++ b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: external-secrets
+  namespace: external-secrets
+  labels:
+    app.kubernetes.io/name: external-secrets
+    app.kubernetes.io/instance: external-secrets
+    app.kubernetes.io/part-of: external-secrets
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+  - kind: ServiceAccount
+    name: external-secrets
+    namespace: external-secrets
diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterSecretStore-openbao.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterSecretStore-openbao.yaml
new file mode 100644
index 000000000..19148353f
--- /dev/null
+++ b/clusters/cl01tl/manifests/external-secrets/ClusterSecretStore-openbao.yaml
@@ -0,0 +1,23 @@
+apiVersion: external-secrets.io/v1
+kind: ClusterSecretStore
+metadata:
+  name: openbao
+  namespace: external-secrets
+  labels:
+    app.kubernetes.io/name: openbao
+    app.kubernetes.io/instance: external-secrets
+    app.kubernetes.io/part-of: external-secrets
+spec:
+  provider:
+    vault:
+      server: http://openbao-internal.openbao:8200
+      path: secret
+      version: v2
+      auth:
+        kubernetes:
+          mountPath: kubernetes
+          role: external-secrets
+          serviceAccountRef:
+            name: external-secrets
+            audiences:
+              - openbao