chore(k8s-wheatley): Use Vault SecretStore

2026-01-27 22:05:09 +01:00 · 2026-01-27 22:05:09 +01:00 · 22ae1a5f7f
commit 22ae1a5f7f
parent 764d642e9f
6 changed files with 44 additions and 38 deletions
--- a/k8s-wheatley/external-secrets-operator/clustersecrets.yaml
+++ b/k8s-wheatley/external-secrets-operator/clustersecrets.yaml
@ -10,7 +10,7 @@ spec:
        kubernetes.io/metadata.name: kube-system
  externalSecretSpec:
    secretStoreRef:
-      name: 1password-wheatley
+      name: vault-wheatley
      kind: ClusterSecretStore
    target:
      name: tls-wildcard-wheatley-in
@ -20,15 +20,17 @@ spec:
          tls.crt: "{{ .crt }}"
          tls.key: "{{ .key }}"
    data:
-      - secretKey: key
-        remoteRef:
-          key: tls-wildcard-wheatley-in/key
-          metadataPolicy: None
-          conversionStrategy: Default
-          decodingStrategy: None
      - secretKey: crt
        remoteRef:
-          key: tls-wildcard-wheatley-in/crt
-          metadataPolicy: None
+          key: secrets/provisioned/tls-wildcard-wheatley-in
+          property: crt
          conversionStrategy: Default
          decodingStrategy: None
+          metadataPolicy: None
+      - secretKey: key
+        remoteRef:
+          key: secrets/provisioned/tls-wildcard-wheatley-in
+          property: key
+          conversionStrategy: Default
+          decodingStrategy: None
+          metadataPolicy: None