khuedoan-homelab/platform/external-secrets/templates/clustersecretstore.yaml

apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
  name: vault
spec:
  provider:
    vault:
      server: http://vault.vault:8200
      path: secret
      auth:
        tokenSecretRef:
          name: vault-token
          namespace: vault
          key: token
        # TODO switch to kubernetes auth
        # kubernetes:
        #   mountPath: "kubernetes"
        #   role: "demo"
        #   serviceAccountRef:
        #     name: "my-sa"
        #     namespace: "secret-admin"
        #   secretRef:
        #     name: "my-secret"
        #     namespace: "secret-admin"
        #     key: "vault"
---
# TODO switch to kubernetes auth
# and turn off vault dev mode
apiVersion: v1
kind: Secret
metadata:
  name: vault-token
  namespace: vault
data:
  token: cm9vdA==  # root
---
chore(external-secrets): upgrade API version to v1beta1 2022-05-07 23:49:16 +07:00			`apiVersion: external-secrets.io/v1beta1`
feat(external-secrets): add test secret store 2022-02-26 10:37:25 +07:00			`kind: ClusterSecretStore`
			`metadata:`
			`name: vault`
			`spec:`
			`provider:`
			`vault:`
			`server: http://vault.vault:8200`
			`path: secret`
			`auth:`
			`tokenSecretRef:`
			`name: vault-token`
			`namespace: vault`
			`key: token`
			`# TODO switch to kubernetes auth`
			`# kubernetes:`
			`# mountPath: "kubernetes"`
			`# role: "demo"`
			`# serviceAccountRef:`
			`# name: "my-sa"`
			`# namespace: "secret-admin"`
			`# secretRef:`
			`# name: "my-secret"`
			`# namespace: "secret-admin"`
			`# key: "vault"`
chore(external-secrets): add test vault token as well Will remove later 2022-02-27 13:20:00 +07:00			`---`
			`# TODO switch to kubernetes auth`
			`# and turn off vault dev mode`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: vault-token`
			`namespace: vault`
			`data:`
			`token: cm9vdA== # root`
chore(external-secrets): upgrade API version to v1beta1 2022-05-07 23:49:16 +07:00			`---`