diff --git a/clusters/cl01tl/helm/openbao/templates/external-secret.yaml b/clusters/cl01tl/helm/openbao/templates/external-secret.yaml index 0b0734b93..76704e164 100644 --- a/clusters/cl01tl/helm/openbao/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/openbao/templates/external-secret.yaml @@ -45,19 +45,15 @@ spec: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/openbao/unseal - property: ENVIRONMENT + property: environment - secretKey: NODES remoteRef: key: /cl01tl/openbao/unseal - property: NODES + property: nodes - secretKey: TOKENS remoteRef: key: /cl01tl/openbao/unseal - property: TOKENS_1 - - secretKey: NOTIFY_QUEUE_URLS - remoteRef: - key: /cl01tl/openbao/unseal - property: NOTIFY_QUEUE_URLS + property: tokens-1 --- apiVersion: external-secrets.io/v1 @@ -76,19 +72,15 @@ spec: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/openbao/unseal - property: ENVIRONMENT + property: environment - secretKey: NODES remoteRef: key: /cl01tl/openbao/unseal - property: NODES + property: nodes - secretKey: TOKENS remoteRef: key: /cl01tl/openbao/unseal - property: TOKENS_2 - - secretKey: NOTIFY_QUEUE_URLS - remoteRef: - key: /cl01tl/openbao/unseal - property: NOTIFY_QUEUE_URLS + property: tokens-2 --- apiVersion: external-secrets.io/v1 @@ -107,56 +99,41 @@ spec: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/openbao/unseal - property: ENVIRONMENT + property: environment - secretKey: NODES remoteRef: key: /cl01tl/openbao/unseal - property: NODES + property: nodes - secretKey: TOKENS remoteRef: key: /cl01tl/openbao/unseal - property: TOKENS_3 - - secretKey: NOTIFY_QUEUE_URLS - remoteRef: - key: /cl01tl/openbao/unseal - property: NOTIFY_QUEUE_URLS + property: tokens-3 -# --- -# apiVersion: external-secrets.io/v1 -# kind: ExternalSecret -# metadata: -# name: openbao-token -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: openbao-token -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: openbao -# data: -# - secretKey: token -# remoteRef: -# key: /cl01tl/openbao/token -# property: token -# - secretKey: unseal_key_1 -# remoteRef: -# key: /cl01tl/openbao/token -# property: unseal_key_1 -# - secretKey: unseal_key_2 -# remoteRef: -# key: /cl01tl/openbao/token -# property: unseal_key_2 -# - secretKey: unseal_key_3 -# remoteRef: -# key: /cl01tl/openbao/token -# property: unseal_key_3 -# - secretKey: unseal_key_4 -# remoteRef: -# key: /cl01tl/openbao/token -# property: unseal_key_4 -# - secretKey: unseal_key_5 -# remoteRef: -# key: /cl01tl/openbao/token -# property: unseal_key_5 +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: openbao-ntfy-unseal-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: openbao-ntfy-unseal-config + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + NOTIFY_QUEUE_URLS: "{{ `{{ .endpoint }}` }}/{{ `{{ .topic }}` }}/?priority=4&tags=vault,unseal&title=Vault+Unsealed" + data: + - secretKey: endpoint + remoteRef: + key: /cl01tl/ntfy/users/cl01tl + property: internal-endpoint-credential + - secretKey: topic + remoteRef: + key: /cl01tl/ntfy/topics + property: openbao diff --git a/clusters/cl01tl/helm/openbao/values.yaml b/clusters/cl01tl/helm/openbao/values.yaml index 73e7f51ee..e224f1a49 100644 --- a/clusters/cl01tl/helm/openbao/values.yaml +++ b/clusters/cl01tl/helm/openbao/values.yaml @@ -160,6 +160,8 @@ unseal: envFrom: - secretRef: name: openbao-unseal-config-1 + - secretRef: + name: openbao-ntfy-unseal-config resources: requests: cpu: 1m @@ -176,6 +178,8 @@ unseal: envFrom: - secretRef: name: openbao-unseal-config-2 + - secretRef: + name: openbao-ntfy-unseal-config resources: requests: cpu: 1m @@ -192,6 +196,8 @@ unseal: envFrom: - secretRef: name: openbao-unseal-config-3 + - secretRef: + name: openbao-ntfy-unseal-config resources: requests: cpu: 1m