add charts/secrets and secrets-ai-stack values

argocd-apps/raw-resources-ai-stack.yaml

@@ -10,7 +10,7 @@ spec:
   source:
     repoURL: 'ssh://git@gitea-ssh.dev-tools.svc.cluster.local:2222/dvirlabs/ai-stack.git'
     targetRevision: HEAD
-    path: manifests/raw
+    path: manifests/raw-resources-ai-stack
     directory:
       recurse: true
   destination:

argocd-apps/secrets-ai-stack.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: secrets-ai-stack
+  namespace: argocd
+spec:
+  project: ai-stack
+  source:
+    repoURL: ssh://git@gitea-ssh.dev-tools.svc.cluster.local:2222/dvirlabs/ai-stack.git
+    targetRevision: master
+    path: charts/secrets
+    helm:
+      valueFiles:
+        - ../../manifests/secrets-ai-stack/values.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ai-stack
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

charts/secrets/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: secrets
+description: Generic ExternalSecret resources chart
+type: application
+version: 0.1.0
+appVersion: "1.0.0"

charts/secrets/templates/external-secret.yaml

@@ -0,0 +1,23 @@
+{{- range .Values.externalSecrets }}
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: {{ .name }}
+  namespace: {{ .namespace }}
+spec:
+  refreshInterval: {{ .refreshInterval | default "1h" }}
+  secretStoreRef:
+    name: {{ $.Values.secretStore.name }}
+    kind: {{ $.Values.secretStore.kind }}
+  target:
+    name: {{ .targetName }}
+    creationPolicy: {{ .creationPolicy | default "Owner" }}
+  data:
+{{- range .data }}
+    - secretKey: {{ .secretKey }}
+      remoteRef:
+        key: {{ .remoteKey }}
+        property: {{ .property }}
+{{- end }}
+{{- end }}

manifests/secrets-ai-stack/values.yaml

@@ -0,0 +1,5 @@
+secretStore:
+  name: vault
+  kind: ClusterSecretStore
+
+externalSecrets: []