feat: Provision ExternalSecrets

2025-11-08 22:01:21 +01:00 · 2025-11-08 22:01:21 +01:00 · dc268db7b4
commit dc268db7b4
parent 6ae3047867
4 changed files with 34 additions and 0 deletions
--- a/k8s-peterg/external-secrets-operator/kustomization.yaml
+++ b/k8s-peterg/external-secrets-operator/kustomization.yaml
@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - secretstore.yaml
+
+helmCharts:
+  - name: external-secrets
+    repo: https://charts.external-secrets.io
+    namespace: external-secrets
+    releaseName: external-secrets
+    version: 1.0.0
--- a/k8s-peterg/external-secrets-operator/namespace.yaml
+++ b/k8s-peterg/external-secrets-operator/namespace.yaml
@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: external-secrets
--- a/k8s-peterg/external-secrets-operator/secretstore.yaml
+++ b/k8s-peterg/external-secrets-operator/secretstore.yaml
@ -0,0 +1,14 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ClusterSecretStore
+metadata:
+  name: 1password-wheatley
+spec:
+  provider:
+    onepasswordSDK:
+      vault: wheatley
+      auth:
+        serviceAccountSecretRef:
+          namespace: external-secrets
+          name: 1password-token-wheatley
+          key: token
--- a/k8s-peterg/kustomization.yaml
+++ b/k8s-peterg/kustomization.yaml
@ -4,3 +4,4 @@ kind: Kustomization
 resources:
  - cilium-gatewayapi
  - argocd
+  - external-secrets-operator