fixup! ♻️ migration externalsecrets

2025-09-17 18:24:14 +02:00 · 2023-07-14 23:16:36 +02:00
parent 7029232412
commit 179b8d6d8c
26 changed files with 148 additions and 200 deletions
--- a/kubernetes/apps/flux-system/weave-gitops/app/externalsecret.yaml
+++ b/kubernetes/apps/flux-system/weave-gitops/app/externalsecret.yaml
@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: weave-gitops
+  namespace: flux-system
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: weave-gitops-secret
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        adminPassword: "{{ .WEAVE_GITOPS_ADMIN_PASSWORD }}"
+  dataFrom:
+    - extract:
+        key: flux
--- a/kubernetes/apps/flux-system/weave-gitops/app/kustomization.yaml
+++ b/kubernetes/apps/flux-system/weave-gitops/app/kustomization.yaml
@@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: flux-system
 resources:
+  - ./externalsecret.yaml
  - ./helmrelease.yaml
-  - ./secret.sops.yaml
--- a/kubernetes/apps/flux-system/weave-gitops/app/secret.sops.yaml
+++ b/kubernetes/apps/flux-system/weave-gitops/app/secret.sops.yaml
@@ -1,29 +0,0 @@
-# yamllint disable
-apiVersion: v1
-kind: Secret
-metadata:
-    name: weave-gitops
-    namespace: flux-system
-stringData:
-    adminPassword: ENC[AES256_GCM,data:StBu3tl/3/54rmGudER6nID4XEYLjumoMDptFBggSrrO/NJFrDAeUJilYY8AEuUBO6JHASPXS18hAlSx,iv:p8J+v7E7tktWquc1v/TotXxBZ9Fvx6UUV7+UunFZgSw=,tag:SXiYy43RvwmM2r6C+rztgQ==,type:str]
-type: Opaque
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTTE0aWVrY0cva0lzNEl0
-            T2d3aEs5clE2TWZZTXE4Ly8wcmpZVms5aDN3CjZoK0ptTjJXSmZiQ1RGMmk3ckJZ
-            RlA1YURROG9PRXNFd0UyUzlST1RydzAKLS0tIGJiVyt2elc0Q0FWaEVGN1A0bS9Z
-            WUlSN1lLaHh0cTVOaHBGblU3Tmh6ZUEK0jJjreF4xiwHMqhLaQKZFgeeikjeRRqg
-            KzsMDy93tQKSByzwSD3UFcKHW48iiQAy/J1Q12bEaXSFBkOd5mILZw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-11-19T10:51:30Z"
-    mac: ENC[AES256_GCM,data:1b3WHgY9H5yAxwxbHvjPKGFZWmJ1iu945G5illQs6mEfmSrR1ZPvlBKn8eMNuSv1VN18ZhGWicFPpiwwe3MVFRr1G5Vn4F2VtS9F2Ap5IvWDW+F0vJfOAp6OdpT/TOOinp1Es9Pspd4JTpkr+Pk8tGDvVtnZ0aLer+qLv4SYZKA=,iv:zr2ZuwaqNaihfcX3KUKz0yXuGqX6o9o0zXfrhIY5vv4=,tag:kNIuKQ7Z7CbwhSBqgv5F+Q==,type:str]
-    pgp: []
-    encrypted_regex: ^(data|stringData)$
-    version: 3.7.3