---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: argocd-authentik-provider
  namespace: argocd
spec:
  secretStoreRef:
    name: vault-wheatley
    kind: ClusterSecretStore
  target:
    name: argocd-authentik-provider
    template:
      metadata:
        labels:
          app.kubernetes.io/part-of: argocd
  data:
    - secretKey: dex.authentik.issuer
      remoteRef:
        key: secrets/managed/argocd/authentik-oidc-credentials
        property: issuer
    - secretKey: dex.authentik.clientID
      remoteRef:
        key: secrets/managed/argocd/authentik-oidc-credentials
        property: clientID
    - secretKey: dex.authentik.clientSecret
      remoteRef:
        key: secrets/managed/argocd/authentik-oidc-credentials
        property: clientSecret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: k8s-wheatley-cluster
spec:
  secretStoreRef:
    name: vault-wheatley
    kind: ClusterSecretStore
  target:
    name: k8s-wheatley-cluster
    creationPolicy: Owner
    template:
      engineVersion: v2
      type: Opaque
      metadata:
        labels:
          argocd.argoproj.io/secret-type: cluster
      data:
        name: k8s-wheatley
        server: "{{ .endpoint }}"
        project: argocd
        config: "{{ .config }}"
  data:
    - secretKey: endpoint
      remoteRef:
        key: secrets/managed/argocd/clusters/k8s-wheatley
        property: endpoint
    - secretKey: config
      remoteRef:
        key: secrets/managed/argocd/clusters/k8s-wheatley
        property: config