apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: ghost-credentials-secret namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: ghost-credentials-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: web app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ghost-password remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/ghost/config/credentials metadataPolicy: None property: ghost-password --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: ghost-cloudflared-secret namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: ghost-cloudflared-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: web app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: cf-tunnel-token remoteRef: conversionStrategy: Default decodingStrategy: None key: /cloudflare/tunnels/ghost metadataPolicy: None property: token --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: ghost-backup-secret namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: ghost-backup-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: backup app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ghost/ghost" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/volsync/restic/config metadataPolicy: None property: S3_BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/volsync/restic/config metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/volsync/restic/config metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /aws/keys/cl01tl-volsync-backups metadataPolicy: None property: access_key - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /aws/keys/cl01tl-volsync-backups metadataPolicy: None property: secret_key --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: ghost-mysql-credentials-secret namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: ghost-mysql-credentials-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: web app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: root remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/ghost/mysql/credentials metadataPolicy: None property: root - secretKey: xtrabackup remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/ghost/mysql/credentials metadataPolicy: None property: xtrabackup - secretKey: monitor remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/ghost/mysql/credentials metadataPolicy: None property: monitor - secretKey: clustercheck remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/ghost/mysql/credentials metadataPolicy: None property: clustercheck - secretKey: proxyadmin remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/ghost/mysql/credentials metadataPolicy: None property: proxyadmin - secretKey: pmmserverkey remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/ghost/mysql/credentials metadataPolicy: None property: pmmserverkey - secretKey: pmmserver remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/ghost/mysql/credentials metadataPolicy: None property: pmmserver - secretKey: operator remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/ghost/mysql/credentials metadataPolicy: None property: operator - secretKey: replication remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/ghost/mysql/credentials metadataPolicy: None property: replication - secretKey: mysql-password remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/ghost/mysql/credentials metadataPolicy: None property: ghost-password --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: ghost-mysql-backup-credentials-secret namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: ghost-mysql-backup-credentials-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: web app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /aws/keys/cl01tl-ghost-mysql metadataPolicy: None property: access_key - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /aws/keys/cl01tl-ghost-mysql metadataPolicy: None property: secret_key