166 lines
4.7 KiB
YAML
166 lines
4.7 KiB
YAML
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: harbor-secret
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app.kubernetes.io/name: harbor-secret
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/part-of: {{ .Release.Name }}
|
|
spec:
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: vault
|
|
data:
|
|
- secretKey: HARBOR_ADMIN_PASSWORD
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/config
|
|
metadataPolicy: None
|
|
property: admin-password
|
|
- secretKey: secretKey
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/config
|
|
metadataPolicy: None
|
|
property: secretKey
|
|
- secretKey: CSRF_KEY
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/core
|
|
metadataPolicy: None
|
|
property: CSRF_KEY
|
|
- secretKey: secret
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/core
|
|
metadataPolicy: None
|
|
property: secret
|
|
- secretKey: tls.crt
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/core
|
|
metadataPolicy: None
|
|
property: tls.crt
|
|
- secretKey: tls.key
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/core
|
|
metadataPolicy: None
|
|
property: tls.key
|
|
- secretKey: JOBSERVICE_SECRET
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/jobservice
|
|
metadataPolicy: None
|
|
property: JOBSERVICE_SECRET
|
|
- secretKey: REGISTRY_HTTP_SECRET
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/registry
|
|
metadataPolicy: None
|
|
property: REGISTRY_HTTP_SECRET
|
|
- secretKey: REGISTRY_REDIS_PASSWORD
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/registry
|
|
metadataPolicy: None
|
|
property: REGISTRY_REDIS_PASSWORD
|
|
- secretKey: REGISTRY_HTPASSWD
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/registry
|
|
metadataPolicy: None
|
|
property: REGISTRY_HTPASSWD
|
|
- secretKey: REGISTRY_CREDENTIAL_PASSWORD
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/registry
|
|
metadataPolicy: None
|
|
property: REGISTRY_CREDENTIAL_PASSWORD
|
|
- secretKey: REGISTRY_PASSWD
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/registry
|
|
metadataPolicy: None
|
|
property: REGISTRY_CREDENTIAL_PASSWORD
|
|
|
|
---
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: harbor-nginx-secret
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app.kubernetes.io/name: harbor-nginx-secret
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/part-of: {{ .Release.Name }}
|
|
spec:
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: vault
|
|
data:
|
|
- secretKey: ca.crt
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/nginx
|
|
metadataPolicy: None
|
|
property: ca.crt
|
|
- secretKey: tls.crt
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/nginx
|
|
metadataPolicy: None
|
|
property: tls.crt
|
|
- secretKey: tls.key
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /cl01tl/harbor/nginx
|
|
metadataPolicy: None
|
|
property: tls.key
|
|
|
|
---
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: harbor-postgresql-17-cluster-backup-secret
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app.kubernetes.io/name: harbor-postgresql-17-cluster-backup-secret
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/part-of: {{ .Release.Name }}
|
|
spec:
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: vault
|
|
data:
|
|
- secretKey: ACCESS_KEY_ID
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /digital-ocean/home-infra/postgres-backups
|
|
metadataPolicy: None
|
|
property: access
|
|
- secretKey: ACCESS_SECRET_KEY
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /digital-ocean/home-infra/postgres-backups
|
|
metadataPolicy: None
|
|
property: secret
|