Add external secrets
This commit is contained in:
parent
c98ba05772
commit
f7aca0f806
GPG key ID:
AF241B0AA237BBA2
|
|
@ -7,6 +7,8 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
interval: 10m0s
|
interval: 10m0s
|
||||||
path: ./flux/cluster/core
|
path: ./flux/cluster/core
|
||||||
|
dependsOn:
|
||||||
|
- name: crds
|
||||||
prune: false
|
prune: false
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
|
|
|
||||||
13
flux/cluster/base/crds.yaml
Normal file
13
flux/cluster/base/crds.yaml
Normal file
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: crds
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
path: ./flux/cluster/crds
|
||||||
|
prune: false
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
|
@ -0,0 +1,8 @@
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: external-secrets-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
url: https://charts.external-secrets.io
|
||||||
4
flux/cluster/base/flux-system/charts/kustomization.yaml
Normal file
4
flux/cluster/base/flux-system/charts/kustomization.yaml
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- external-secrets-charts.yaml
|
||||||
|
|
@ -4,3 +4,4 @@ resources:
|
||||||
- gotk-components.yaml
|
- gotk-components.yaml
|
||||||
- gotk-sync.yaml
|
- gotk-sync.yaml
|
||||||
- notifications.yaml
|
- notifications.yaml
|
||||||
|
- charts
|
||||||
|
|
|
||||||
22
flux/cluster/core/external-secrets/helm.yaml
Normal file
22
flux/cluster/core/external-secrets/helm.yaml
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: external-secrets
|
||||||
|
namespace: external-secrets
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: external-secrets
|
||||||
|
version: 0.5.3
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: external-secrets-charts
|
||||||
|
namespace: flux-system
|
||||||
|
interval: 5m
|
||||||
|
values:
|
||||||
|
installCRDs: false
|
||||||
|
install:
|
||||||
|
crds: Skip
|
||||||
|
upgrade:
|
||||||
|
crds: Skip
|
||||||
5
flux/cluster/core/external-secrets/kustomization.yaml
Normal file
5
flux/cluster/core/external-secrets/kustomization.yaml
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- helm.yaml
|
||||||
|
- vault-secret-store.yaml
|
||||||
26
flux/cluster/core/external-secrets/vault-secret-store.yaml
Normal file
26
flux/cluster/core/external-secrets/vault-secret-store.yaml
Normal file
|
|
@ -0,0 +1,26 @@
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: external-secrets
|
||||||
|
spec:
|
||||||
|
provider:
|
||||||
|
vault:
|
||||||
|
server: "http://10.42.42.6:8200"
|
||||||
|
path: "k8s"
|
||||||
|
version: "v2"
|
||||||
|
auth:
|
||||||
|
# VaultAppRole authenticates with Vault using the
|
||||||
|
# App Role auth mechanism
|
||||||
|
# https://www.vaultproject.io/docs/auth/approle
|
||||||
|
appRole:
|
||||||
|
# Path where the App Role authentication backend is mounted
|
||||||
|
path: "approle"
|
||||||
|
# RoleID configured in the App Role authentication backend
|
||||||
|
roleId: "48a0e39d-e7e8-4ac2-529c-db99ffa1f6b0"
|
||||||
|
# Reference to a key in a K8 Secret that contains the App Role SecretId
|
||||||
|
# (not commited in git)
|
||||||
|
secretRef:
|
||||||
|
name: "vault-secret-id"
|
||||||
|
namespace: "external-secrets"
|
||||||
|
key: "secret-id"
|
||||||
|
|
@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- namespaces
|
- namespaces
|
||||||
|
# - external-secrets
|
||||||
|
|
|
||||||
6
flux/cluster/core/namespaces/external-secrets.yaml
Normal file
6
flux/cluster/core/namespaces/external-secrets.yaml
Normal file
|
|
@ -0,0 +1,6 @@
|
||||||
|
kind: Namespace
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: external-secrets
|
||||||
|
labels:
|
||||||
|
name: external-secrets
|
||||||
29
flux/cluster/crds/external-secrets/crds.yaml
Normal file
29
flux/cluster/crds/external-secrets/crds.yaml
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: GitRepository
|
||||||
|
metadata:
|
||||||
|
name: external-secrets-crd-source
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://github.com/external-secrets/external-secrets.git
|
||||||
|
ref:
|
||||||
|
tag: v0.5.3
|
||||||
|
ignore: |
|
||||||
|
# exclude all
|
||||||
|
/*
|
||||||
|
# path to crds
|
||||||
|
!/deploy/crds/
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: external-secrets-crds
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
prune: false
|
||||||
|
wait: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: external-secrets-crd-source
|
||||||
4
flux/cluster/crds/external-secrets/kustomization.yaml
Normal file
4
flux/cluster/crds/external-secrets/kustomization.yaml
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- crds.yaml
|
||||||
4
flux/cluster/crds/kustomization.yaml
Normal file
4
flux/cluster/crds/kustomization.yaml
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- external-secrets
|
||||||
Loading…
Reference in a new issue