feat: migrate to openbao

2026-04-19 20:02:09 -05:00
parent 10917de337
commit d40151ca3e
27 changed files with 78 additions and 100 deletions
--- a/clusters/cl01tl/helm/argocd/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/argocd/templates/external-secret.yaml
@@ -1,70 +1,42 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: argocd-oidc-secret
+  name: argocd-oidc-authentik
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: argocd-oidc-secret
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: secret
      remoteRef:
-        key: /authentik/oidc/argocd
+        key: /cl01tl/authentik/oidc/argocd
        property: secret
    - secretKey: client
      remoteRef:
-        key: /authentik/oidc/argocd
+        key: /cl01tk/authentik/oidc/argocd
        property: client

 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: argocd-notifications-secret
+  name: argocd-notifications-ntfy
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: argocd-notifications-secret
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: ntfy-token
      remoteRef:
-        key: /ntfy/user/cl01tl
+        key: /cl01tl/ntfy/users/cl01tl
        property: token
-
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: argocd-gitea-repo-infrastructure-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: type
-      remoteRef:
-        key: /cl01tl/argocd/credentials/repo/infrastructure
-        property: type
-    - secretKey: url
-      remoteRef:
-        key: /cl01tl/argocd/credentials/repo/infrastructure
-        property: url
-    - secretKey: sshPrivateKey
-      remoteRef:
-        key: /cl01tl/argocd/credentials/repo/infrastructure
-        property: sshPrivateKey