chore(k8s-wheatley): Use Vault SecretStore

k8s-wheatley/external-secrets-operator/clustersecrets.yaml

@@ -10,7 +10,7 @@ spec:
         kubernetes.io/metadata.name: kube-system
   externalSecretSpec:
     secretStoreRef:
-      name: 1password-wheatley
+      name: vault-wheatley
       kind: ClusterSecretStore
     target:
       name: tls-wildcard-wheatley-in
@@ -20,15 +20,17 @@ spec:
           tls.crt: "{{ .crt }}"
           tls.key: "{{ .key }}"
     data:
-      - secretKey: key
-        remoteRef:
-          key: tls-wildcard-wheatley-in/key
-          metadataPolicy: None
-          conversionStrategy: Default
-          decodingStrategy: None
       - secretKey: crt
         remoteRef:
-          key: tls-wildcard-wheatley-in/crt
+          key: secrets/provisioned/tls-wildcard-wheatley-in
-          metadataPolicy: None
+          property: crt
           conversionStrategy: Default
           decodingStrategy: None
+          metadataPolicy: None
+      - secretKey: key
+        remoteRef:
+          key: secrets/provisioned/tls-wildcard-wheatley-in
+          property: key
+          conversionStrategy: Default
+          decodingStrategy: None
+          metadataPolicy: None

k8s-wheatley/external-secrets-operator/kustomization.yaml

@@ -3,5 +3,13 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-  - ../../kustomize-bases/external-secrets-operator
+  - namespace.yaml
+  - secretstore.yaml
   - clustersecrets.yaml
+
+helmCharts:
+  - name: external-secrets
+    repo: https://charts.external-secrets.io
+    namespace: external-secrets
+    releaseName: external-secrets
+    version: 1.0.0

k8s-wheatley/external-secrets-operator/secretstore.yaml

@@ -0,0 +1,24 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ClusterSecretStore
+metadata:
+  name: vault-wheatley
+  namespace: external-secrets
+spec:
+  provider:
+    vault:
+      server: "https://vault.wheatley.in"
+      namespace: "wheatley"
+      path: "kv/k8s_wheatley"
+      version: "v2"
+      auth:
+        appRole:
+          path: approle
+          roleRef:
+            namespace: external-secrets
+            name: vault-wheatley-approle
+            key: approle_id
+          secretRef:
+            namespace: external-secrets
+            name: vault-wheatley-approle
+            key: approle_secret

kustomize-bases/external-secrets-operator/kustomization.yaml

@@ -1,14 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - namespace.yaml
-  - secretstore.yaml
-
-helmCharts:
-  - name: external-secrets
-    repo: https://charts.external-secrets.io
-    namespace: external-secrets
-    releaseName: external-secrets
-    version: 1.0.0

kustomize-bases/external-secrets-operator/secretstore.yaml

@@ -1,14 +0,0 @@
----
-apiVersion: external-secrets.io/v1
-kind: ClusterSecretStore
-metadata:
-  name: 1password-wheatley
-spec:
-  provider:
-    onepasswordSDK:
-      vault: wheatley
-      auth:
-        serviceAccountSecretRef:
-          namespace: external-secrets
-          name: 1password-token-wheatley
-          key: token