140 lines
3.5 KiB
YAML
140 lines
3.5 KiB
YAML
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: openbao-snapshot-secret
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app.kubernetes.io/name: openbao-snapshot-secret
|
|
{{- include "custom.labels" . | nindent 4 }}
|
|
spec:
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: openbao
|
|
data:
|
|
- secretKey: AWS_ACCESS_KEY_ID
|
|
remoteRef:
|
|
key: /garage/home-infra/openbao-backups
|
|
property: ACCESS_KEY_ID
|
|
- secretKey: ACCESS_REGION
|
|
remoteRef:
|
|
key: /garage/home-infra/openbao-backups
|
|
property: ACCESS_REGION
|
|
- secretKey: AWS_SECRET_ACCESS_KEY
|
|
remoteRef:
|
|
key: /garage/home-infra/openbao-backups
|
|
property: ACCESS_SECRET_KEY
|
|
- secretKey: BUCKET
|
|
remoteRef:
|
|
key: /garage/home-infra/openbao-backups
|
|
property: BUCKET
|
|
|
|
---
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: openbao-unseal-config-1
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app.kubernetes.io/name: openbao-unseal-config-1
|
|
{{- include "custom.labels" . | nindent 4 }}
|
|
spec:
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: openbao
|
|
data:
|
|
- secretKey: ENVIRONMENT
|
|
remoteRef:
|
|
key: /cl01tl/openbao/unseal
|
|
property: environment
|
|
- secretKey: NODES
|
|
remoteRef:
|
|
key: /cl01tl/openbao/unseal
|
|
property: nodes
|
|
- secretKey: TOKENS
|
|
remoteRef:
|
|
key: /cl01tl/openbao/unseal
|
|
property: tokens-1
|
|
|
|
---
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: openbao-unseal-config-2
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app.kubernetes.io/name: openbao-unseal-config-2
|
|
{{- include "custom.labels" . | nindent 4 }}
|
|
spec:
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: openbao
|
|
data:
|
|
- secretKey: ENVIRONMENT
|
|
remoteRef:
|
|
key: /cl01tl/openbao/unseal
|
|
property: environment
|
|
- secretKey: NODES
|
|
remoteRef:
|
|
key: /cl01tl/openbao/unseal
|
|
property: nodes
|
|
- secretKey: TOKENS
|
|
remoteRef:
|
|
key: /cl01tl/openbao/unseal
|
|
property: tokens-2
|
|
|
|
---
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: openbao-unseal-config-3
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app.kubernetes.io/name: openbao-unseal-config-3
|
|
{{- include "custom.labels" . | nindent 4 }}
|
|
spec:
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: openbao
|
|
data:
|
|
- secretKey: ENVIRONMENT
|
|
remoteRef:
|
|
key: /cl01tl/openbao/unseal
|
|
property: environment
|
|
- secretKey: NODES
|
|
remoteRef:
|
|
key: /cl01tl/openbao/unseal
|
|
property: nodes
|
|
- secretKey: TOKENS
|
|
remoteRef:
|
|
key: /cl01tl/openbao/unseal
|
|
property: tokens-3
|
|
|
|
---
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: openbao-ntfy-unseal-config
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app.kubernetes.io/name: openbao-ntfy-unseal-config
|
|
{{- include "custom.labels" . | nindent 4 }}
|
|
spec:
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: openbao
|
|
target:
|
|
template:
|
|
mergePolicy: Merge
|
|
engineVersion: v2
|
|
data:
|
|
NOTIFY_QUEUE_URLS: "{{ `{{ .endpoint }}` }}/{{ `{{ .topic }}` }}/?priority=4&tags=vault,unseal&title=Vault+Unsealed"
|
|
data:
|
|
- secretKey: endpoint
|
|
remoteRef:
|
|
key: /cl01tl/ntfy/users/cl01tl
|
|
property: internal-endpoint-credential
|
|
- secretKey: topic
|
|
remoteRef:
|
|
key: /cl01tl/ntfy/topics
|
|
property: openbao
|