apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: harbor-secret namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: harbor-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: HARBOR_ADMIN_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/config metadataPolicy: None property: admin-password - secretKey: secretKey remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/config metadataPolicy: None property: secretKey - secretKey: CSRF_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/core metadataPolicy: None property: CSRF_KEY - secretKey: secret remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/core metadataPolicy: None property: secret - secretKey: tls.crt remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/core metadataPolicy: None property: tls.crt - secretKey: tls.key remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/core metadataPolicy: None property: tls.key - secretKey: JOBSERVICE_SECRET remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/jobservice metadataPolicy: None property: JOBSERVICE_SECRET - secretKey: REGISTRY_HTTP_SECRET remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/registry metadataPolicy: None property: REGISTRY_HTTP_SECRET - secretKey: REGISTRY_REDIS_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/registry metadataPolicy: None property: REGISTRY_REDIS_PASSWORD - secretKey: REGISTRY_HTPASSWD remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/registry metadataPolicy: None property: REGISTRY_HTPASSWD - secretKey: REGISTRY_CREDENTIAL_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/registry metadataPolicy: None property: REGISTRY_CREDENTIAL_PASSWORD - secretKey: REGISTRY_PASSWD remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/registry metadataPolicy: None property: REGISTRY_CREDENTIAL_PASSWORD --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: harbor-nginx-secret namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: harbor-nginx-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ca.crt remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/nginx metadataPolicy: None property: ca.crt - secretKey: tls.crt remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/nginx metadataPolicy: None property: tls.crt - secretKey: tls.key remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/harbor/nginx metadataPolicy: None property: tls.key --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: harbor-postgresql-17-cluster-backup-secret namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: harbor-postgresql-17-cluster-backup-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/postgres-backups metadataPolicy: None property: access - secretKey: ACCESS_SECRET_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/postgres-backups metadataPolicy: None property: secret