fluxcd : adding repo example with some apps

2025-05-28 16:00:46 +02:00
parent 00a5e56c27
commit e5738c5c3f
111 changed files with 18051 additions and 0 deletions
--- a/fluxcd/repo/infrastructure/base/external-secrets/resources/kustomization.yaml
+++ b/fluxcd/repo/infrastructure/base/external-secrets/resources/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: infrastructure
+resources:
+    - vault-secret-store.yaml
+    - vault-secret-store-app.yaml
+    - registry-credentials.yaml
+    - longhorn-s3-backup-secret.yaml
--- a/fluxcd/repo/infrastructure/base/external-secrets/resources/longhorn-s3-backup-secret.yaml
+++ b/fluxcd/repo/infrastructure/base/external-secrets/resources/longhorn-s3-backup-secret.yaml
@@ -0,0 +1,24 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterExternalSecret
+metadata:
+  name: longhorn-s3-backup-secret
+spec:
+  externalSecretName: "longhorn-s3-backup-secret"
+  refreshTime: "1h"
+  namespaceSelector:
+    matchExpressions:
+      - key: kubernetes.io/metadata.name
+        operator: In
+        values:
+          - infrastructure
+  externalSecretSpec:
+    secretStoreRef:
+      name: vault-secret-store
+      kind: ClusterSecretStore
+    refreshInterval: "72h"
+    target:
+      name: longhorn-s3-backup-secret
+      deletionPolicy: Retain
+    dataFrom:
+      - extract:
+          key: kubernetes-secrets/longhorn/s3-backup-secret
--- a/fluxcd/repo/infrastructure/base/external-secrets/resources/registry-credentials.yaml
+++ b/fluxcd/repo/infrastructure/base/external-secrets/resources/registry-credentials.yaml
@@ -0,0 +1,31 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterExternalSecret
+metadata:
+  name: registry-credentials
+spec:
+  externalSecretName: "registry-credentials"
+  refreshTime: "1h"
+  namespaceSelector:
+    matchExpressions:
+      - key: kubernetes.io/metadata.name
+        operator: In
+        values:
+          - system
+          - flux-system
+          - namespace1
+  externalSecretSpec:
+    secretStoreRef:
+      name: vault-secret-store
+      kind: ClusterSecretStore
+    refreshInterval: "1h"
+    target:
+      name: registry-credentials
+      deletionPolicy: Retain
+      template:
+        type: kubernetes.io/dockerconfigjson
+        data:
+          .dockerconfigjson: "{{ .auths }}"
+    data:
+      - secretKey: auths
+        remoteRef:
+          key: kubernetes-secrets/registry-credentials
--- a/fluxcd/repo/infrastructure/base/external-secrets/resources/vault-secret-store-app.yaml
+++ b/fluxcd/repo/infrastructure/base/external-secrets/resources/vault-secret-store-app.yaml
@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: vault-secret-store-app
+spec:
+  provider:
+    vault:
+      server: "https://vault.example.com"
+      path: "app"
+      version: "v2"
+      auth:
+        appRole:
+          path: "approle"
+          roleId: "" # k8s-external-secrets
+          secretRef:
+            name: "vault-k8s-external-secrets"
+            namespace: infrastructure
+            key: "secret-id"
--- a/fluxcd/repo/infrastructure/base/external-secrets/resources/vault-secret-store.yaml
+++ b/fluxcd/repo/infrastructure/base/external-secrets/resources/vault-secret-store.yaml
@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: vault-secret-store
+spec:
+  provider:
+    vault:
+      server: "https://vault.example.com"
+      path: "kubernetes-secrets"
+      version: "v2"
+      auth:
+        appRole:
+          path: "approle"
+          roleId: ""
+          secretRef:
+            name: "vault-k8s-external-secrets"
+            namespace: infrastructure
+            key: "secret-id"