Create app external-secrets-config

argocd-apps/external-secrets-config.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: external-secrets-config
+  namespace: argocd
+spec:
+  project: dev-tools
+  source:
+    repoURL: https://git.dvirlabs.com/dvirlabs/dev-tools.git
+    targetRevision: master
+    path: manifests/external-secrets
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: external-secrets
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

manifests/external-secrets/clustersecretstore.yaml

@@ -0,0 +1,15 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: vault-backend
+spec:
+  provider:
+    vault:
+      server: "http://vault.dev-tools.svc.cluster.local:8200"
+      path: "secret"
+      version: "v2"
+      auth:
+        tokenSecretRef:
+          name: vault-init
+          key: root-token
+          namespace: dev-tools

manifests/external-secrets/values.yaml

@@ -1,15 +1,25 @@
-apiVersion: external-secrets.io/v1beta1
+installCRDs: true
-kind: ClusterSecretStore
+
-metadata:
+image:
-  name: vault-backend
+  repository: ghcr.io/external-secrets/external-secrets
-spec:
+  tag: v0.9.19
-  provider:
+  pullPolicy: IfNotPresent
-    vault:
+  flavour: default
-      server: "http://vault.dev-tools.svc.cluster.local:8200"
+
-      path: "secret"
+webhook:
-      version: "v2"
+  enabled: true
-      auth:
+  image:
-        tokenSecretRef:
+    repository: ghcr.io/external-secrets/external-secrets
-          name: vault-init
+    tag: v0.9.19
-          key: root-token
+    flavour: webhook
-          namespace: dev-tools
+
+certController:
+  enabled: true
+  image:
+    repository: ghcr.io/external-secrets/external-secrets
+    tag: v0.9.19
+    flavour: cert-controller
+  certs:
+    duration: 8760h
+    renewBefore: 720h
+    selfSigned: true