Add external secrets
This commit is contained in:
parent
c98ba05772
commit
f7aca0f806
GPG key ID:
AF241B0AA237BBA2
|
|
@ -7,6 +7,8 @@ metadata:
|
|||
spec:
|
||||
interval: 10m0s
|
||||
path: ./flux/cluster/core
|
||||
dependsOn:
|
||||
- name: crds
|
||||
prune: false
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
|
|
|
|||
13
flux/cluster/base/crds.yaml
Normal file
13
flux/cluster/base/crds.yaml
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: crds
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 10m0s
|
||||
path: ./flux/cluster/crds
|
||||
prune: false
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: external-secrets-charts
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 15m
|
||||
url: https://charts.external-secrets.io
|
||||
4
flux/cluster/base/flux-system/charts/kustomization.yaml
Normal file
4
flux/cluster/base/flux-system/charts/kustomization.yaml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- external-secrets-charts.yaml
|
||||
|
|
@ -4,3 +4,4 @@ resources:
|
|||
- gotk-components.yaml
|
||||
- gotk-sync.yaml
|
||||
- notifications.yaml
|
||||
- charts
|
||||
|
|
|
|||
22
flux/cluster/core/external-secrets/helm.yaml
Normal file
22
flux/cluster/core/external-secrets/helm.yaml
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: external-secrets
|
||||
namespace: external-secrets
|
||||
spec:
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
chart: external-secrets
|
||||
version: 0.5.3
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: external-secrets-charts
|
||||
namespace: flux-system
|
||||
interval: 5m
|
||||
values:
|
||||
installCRDs: false
|
||||
install:
|
||||
crds: Skip
|
||||
upgrade:
|
||||
crds: Skip
|
||||
5
flux/cluster/core/external-secrets/kustomization.yaml
Normal file
5
flux/cluster/core/external-secrets/kustomization.yaml
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- helm.yaml
|
||||
- vault-secret-store.yaml
|
||||
26
flux/cluster/core/external-secrets/vault-secret-store.yaml
Normal file
26
flux/cluster/core/external-secrets/vault-secret-store.yaml
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ClusterSecretStore
|
||||
metadata:
|
||||
name: vault
|
||||
namespace: external-secrets
|
||||
spec:
|
||||
provider:
|
||||
vault:
|
||||
server: "http://10.42.42.6:8200"
|
||||
path: "k8s"
|
||||
version: "v2"
|
||||
auth:
|
||||
# VaultAppRole authenticates with Vault using the
|
||||
# App Role auth mechanism
|
||||
# https://www.vaultproject.io/docs/auth/approle
|
||||
appRole:
|
||||
# Path where the App Role authentication backend is mounted
|
||||
path: "approle"
|
||||
# RoleID configured in the App Role authentication backend
|
||||
roleId: "48a0e39d-e7e8-4ac2-529c-db99ffa1f6b0"
|
||||
# Reference to a key in a K8 Secret that contains the App Role SecretId
|
||||
# (not commited in git)
|
||||
secretRef:
|
||||
name: "vault-secret-id"
|
||||
namespace: "external-secrets"
|
||||
key: "secret-id"
|
||||
|
|
@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||
kind: Kustomization
|
||||
resources:
|
||||
- namespaces
|
||||
# - external-secrets
|
||||
|
|
|
|||
6
flux/cluster/core/namespaces/external-secrets.yaml
Normal file
6
flux/cluster/core/namespaces/external-secrets.yaml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
kind: Namespace
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: external-secrets
|
||||
labels:
|
||||
name: external-secrets
|
||||
29
flux/cluster/crds/external-secrets/crds.yaml
Normal file
29
flux/cluster/crds/external-secrets/crds.yaml
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: external-secrets-crd-source
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 30m
|
||||
url: https://github.com/external-secrets/external-secrets.git
|
||||
ref:
|
||||
tag: v0.5.3
|
||||
ignore: |
|
||||
# exclude all
|
||||
/*
|
||||
# path to crds
|
||||
!/deploy/crds/
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: external-secrets-crds
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 15m
|
||||
prune: false
|
||||
wait: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: external-secrets-crd-source
|
||||
4
flux/cluster/crds/external-secrets/kustomization.yaml
Normal file
4
flux/cluster/crds/external-secrets/kustomization.yaml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- crds.yaml
|
||||
4
flux/cluster/crds/kustomization.yaml
Normal file
4
flux/cluster/crds/kustomization.yaml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- external-secrets
|
||||
Loading…
Reference in a new issue