alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity
Files
765d69e6c46df37d5e40bd7a2d0d45c2310e8bce
infrastructure/clusters/cl01tl/helm/vault/templates/external-secret.yaml
Alex Lebens 1ce8f18df7 feat: refactor apps
2026-04-08 01:39:02 +00:00

319 lines
8.5 KiB
YAML
Raw Blame History

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-snapshot-agent-token
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-snapshot-agent-token
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: VAULT_APPROLE_ROLE_ID
remoteRef:
key: /cl01tl/vault/snapshot
property: VAULT_APPROLE_ROLE_ID
- secretKey: VAULT_APPROLE_SECRET_ID
remoteRef:
key: /cl01tl/vault/snapshot
property: VAULT_APPROLE_SECRET_ID
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-s3cmd-local-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-s3cmd-local-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: .s3cfg
remoteRef:
key: /garage/home-infra/vault-backups
property: s3cfg-local
- secretKey: BUCKET
remoteRef:
key: /garage/home-infra/vault-backups
property: BUCKET
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-s3cmd-remote-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-s3cmd-remote-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: .s3cfg
remoteRef:
key: /garage/home-infra/vault-backups
property: s3cfg-remote
- secretKey: BUCKET
remoteRef:
key: /garage/home-infra/vault-backups
property: BUCKET
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-s3cmd-external-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-s3cmd-external-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: .s3cfg
remoteRef:
key: /digital-ocean/home-infra/vault-backup
property: s3cfg
- secretKey: BUCKET
remoteRef:
key: /digital-ocean/home-infra/vault-backup
property: BUCKET
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-backup-ntfy-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-backup-ntfy-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: NTFY_TOKEN
remoteRef:
key: /ntfy/user/cl01tl
property: token
- secretKey: NTFY_ENDPOINT
remoteRef:
key: /ntfy/user/cl01tl
property: endpoint
- secretKey: NTFY_TOPIC
remoteRef:
key: /cl01tl/vault/snapshot
property: NTFY_TOPIC
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-unseal-config-1
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-unseal-config-1
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ENVIRONMENT
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: MAX_CHECK_INTERVAL
- secretKey: NODES
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: TLS_SKIP_VERIFY
- secretKey: TOKENS
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: TOKENS
- secretKey: EMAIL_ENABLED
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: NOTIFY_QUEUE_DELAY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-unseal-config-2
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-unseal-config-2
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ENVIRONMENT
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: MAX_CHECK_INTERVAL
- secretKey: NODES
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: TLS_SKIP_VERIFY
- secretKey: TOKENS
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: TOKENS
- secretKey: EMAIL_ENABLED
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: NOTIFY_QUEUE_DELAY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-unseal-config-3
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-unseal-config-3
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ENVIRONMENT
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: MAX_CHECK_INTERVAL
- secretKey: NODES
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: TLS_SKIP_VERIFY
- secretKey: TOKENS
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: TOKENS
- secretKey: EMAIL_ENABLED
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: NOTIFY_QUEUE_DELAY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-token
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-token
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: token
remoteRef:
key: /cl01tl/vault/token
property: token
- secretKey: unseal_key_1
remoteRef:
key: /cl01tl/vault/token
property: unseal_key_1
- secretKey: unseal_key_2
remoteRef:
key: /cl01tl/vault/token
property: unseal_key_2
- secretKey: unseal_key_3
remoteRef:
key: /cl01tl/vault/token
property: unseal_key_3
- secretKey: unseal_key_4
remoteRef:
key: /cl01tl/vault/token
property: unseal_key_4
- secretKey: unseal_key_5
remoteRef:
key: /cl01tl/vault/token
property: unseal_key_5
Reference in New Issue View Git Blame Copy Permalink