Add external secrets

This commit is contained in:
Julius 2022-05-23 00:02:30 +02:00
parent c98ba05772
commit f7aca0f806
Signed by: j00lz
GPG key ID: AF241B0AA237BBA2
13 changed files with 125 additions and 0 deletions

View file

@ -7,6 +7,8 @@ metadata:
spec:
interval: 10m0s
path: ./flux/cluster/core
dependsOn:
- name: crds
prune: false
sourceRef:
kind: GitRepository

View file

@ -0,0 +1,13 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: crds
namespace: flux-system
spec:
interval: 10m0s
path: ./flux/cluster/crds
prune: false
sourceRef:
kind: GitRepository
name: flux-system

View file

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: external-secrets-charts
namespace: flux-system
spec:
interval: 15m
url: https://charts.external-secrets.io

View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- external-secrets-charts.yaml

View file

@ -4,3 +4,4 @@ resources:
- gotk-components.yaml
- gotk-sync.yaml
- notifications.yaml
- charts

View file

@ -0,0 +1,22 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: external-secrets
namespace: external-secrets
spec:
interval: 5m
chart:
spec:
chart: external-secrets
version: 0.5.3
sourceRef:
kind: HelmRepository
name: external-secrets-charts
namespace: flux-system
interval: 5m
values:
installCRDs: false
install:
crds: Skip
upgrade:
crds: Skip

View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm.yaml
- vault-secret-store.yaml

View file

@ -0,0 +1,26 @@
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: vault
namespace: external-secrets
spec:
provider:
vault:
server: "http://10.42.42.6:8200"
path: "k8s"
version: "v2"
auth:
# VaultAppRole authenticates with Vault using the
# App Role auth mechanism
# https://www.vaultproject.io/docs/auth/approle
appRole:
# Path where the App Role authentication backend is mounted
path: "approle"
# RoleID configured in the App Role authentication backend
roleId: "48a0e39d-e7e8-4ac2-529c-db99ffa1f6b0"
# Reference to a key in a K8 Secret that contains the App Role SecretId
# (not commited in git)
secretRef:
name: "vault-secret-id"
namespace: "external-secrets"
key: "secret-id"

View file

@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespaces
# - external-secrets

View file

@ -0,0 +1,6 @@
kind: Namespace
apiVersion: v1
metadata:
name: external-secrets
labels:
name: external-secrets

View file

@ -0,0 +1,29 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: external-secrets-crd-source
namespace: flux-system
spec:
interval: 30m
url: https://github.com/external-secrets/external-secrets.git
ref:
tag: v0.5.3
ignore: |
# exclude all
/*
# path to crds
!/deploy/crds/
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: external-secrets-crds
namespace: flux-system
spec:
interval: 15m
prune: false
wait: true
sourceRef:
kind: GitRepository
name: external-secrets-crd-source

View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- crds.yaml

View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- external-secrets