kubernetes/k8s-peterg/argocd/secrets.yaml

---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: argocd-authentik-provider
  namespace: argocd
spec:
  secretStoreRef:
    name: vault-wheatley
    kind: ClusterSecretStore
  target:
    name: argocd-authentik-provider
    template:
      metadata:
        labels:
          app.kubernetes.io/part-of: argocd
  data:
    - secretKey: dex.authentik.issuer
      remoteRef:
        key: secrets/managed/argocd/authentik-oidc-credentials
        property: issuer
    - secretKey: dex.authentik.clientID
      remoteRef:
        key: secrets/managed/argocd/authentik-oidc-credentials
        property: clientID
    - secretKey: dex.authentik.clientSecret
      remoteRef:
        key: secrets/managed/argocd/authentik-oidc-credentials
        property: clientSecret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: k8s-wheatley-cluster
spec:
  secretStoreRef:
    name: vault-wheatley
    kind: ClusterSecretStore
  target:
    name: k8s-wheatley-cluster
    creationPolicy: Owner
    template:
      engineVersion: v2
      type: Opaque
      metadata:
        labels:
          argocd.argoproj.io/secret-type: cluster
      data:
        name: k8s-wheatley
        server: "{{ .endpoint }}"
        project: argocd
        config: "{{ .config }}"
  data:
    - secretKey: endpoint
      remoteRef:
        key: secrets/managed/argocd/clusters/k8s-wheatley
        property: endpoint
    - secretKey: config
      remoteRef:
        key: secrets/managed/argocd/clusters/k8s-wheatley
        property: config
feat(k8s-peterg): Add Authentik authentication to ArgoCD 2025-11-10 14:01:55 +01:00			`---`
fix: Use correct external-secret apiVersion 2025-11-10 14:03:44 +01:00			`apiVersion: external-secrets.io/v1`
feat(k8s-peterg): Add Authentik authentication to ArgoCD 2025-11-10 14:01:55 +01:00			`kind: ExternalSecret`
			`metadata:`
			`name: argocd-authentik-provider`
			`namespace: argocd`
			`spec:`
			`secretStoreRef:`
chore(k8s-peterg): Switch to Vault secretstore 2026-01-27 16:15:13 +01:00			`name: vault-wheatley`
feat(k8s-peterg): Add Authentik authentication to ArgoCD 2025-11-10 14:01:55 +01:00			`kind: ClusterSecretStore`
			`target:`
			`name: argocd-authentik-provider`
			`template:`
			`metadata:`
			`labels:`
			`app.kubernetes.io/part-of: argocd`
			`data:`
fix: Resourcenames are hard 2025-11-10 20:47:47 +01:00			`- secretKey: dex.authentik.issuer`
feat(k8s-peterg): Add Authentik authentication to ArgoCD 2025-11-10 14:01:55 +01:00			`remoteRef:`
chore(k8s-peterg): Switch to Vault secretstore 2026-01-27 16:15:13 +01:00			`key: secrets/managed/argocd/authentik-oidc-credentials`
			`property: issuer`
feat(k8s-peterg): Add Authentik authentication to ArgoCD 2025-11-10 14:01:55 +01:00			`- secretKey: dex.authentik.clientID`
			`remoteRef:`
chore(k8s-peterg): Switch to Vault secretstore 2026-01-27 16:15:13 +01:00			`key: secrets/managed/argocd/authentik-oidc-credentials`
			`property: clientID`
feat(k8s-peterg): Add Authentik authentication to ArgoCD 2025-11-10 14:01:55 +01:00			`- secretKey: dex.authentik.clientSecret`
			`remoteRef:`
chore(k8s-peterg): Switch to Vault secretstore 2026-01-27 16:15:13 +01:00			`key: secrets/managed/argocd/authentik-oidc-credentials`
			`property: clientSecret`
chore(argocd): Refactor to use helm chart 2026-03-26 15:57:18 +01:00			`---`
			`apiVersion: external-secrets.io/v1`
			`kind: ExternalSecret`
			`metadata:`
			`name: k8s-wheatley-cluster`
			`spec:`
			`secretStoreRef:`
			`name: vault-wheatley`
			`kind: ClusterSecretStore`
			`target:`
			`name: k8s-wheatley-cluster`
			`creationPolicy: Owner`
			`template:`
			`engineVersion: v2`
			`type: Opaque`
			`metadata:`
			`labels:`
			`argocd.argoproj.io/secret-type: cluster`
			`data:`
			`name: k8s-wheatley`
			`server: "{{ .endpoint }}"`
			`project: argocd`
			`config: "{{ .config }}"`
			`data:`
			`- secretKey: endpoint`
			`remoteRef:`
			`key: secrets/managed/argocd/clusters/k8s-wheatley`
			`property: endpoint`
			`- secretKey: config`
			`remoteRef:`
			`key: secrets/managed/argocd/clusters/k8s-wheatley`
			`property: config`