---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: cloudflared-tunnel
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: cloudflared-tunnel-secret
    template:
      engineVersion: v2
      data:
        credentials.json: |
          {
            "AccountTag": "{{ .CLOUDFLARE_ACCOUNT_TAG }}",
            "TunnelSecret": "{{ .CLOUDFLARE_TUNNEL_SECRET }}",
            "TunnelID": "{{ .CLOUDFLARE_TUNNEL_ID }}"
          }
  dataFrom:
    - extract:
        key: cloudflare