Templates

Cilium Network Policy Config Map Deployment HTML Kustomization Service Monitor Service Vault Secret

vault_server: vault_mount: vault_secret: vault_field: k8s_cluster: k8s_secret:

    
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
  name: secret-store
spec:
  provider:
    vault:
      server: ${vault_server}
      path: ${vault_mount}
      auth:
        kubernetes:
          mountPath: ${k8s_cluster}
          role: ${vault_secret}
          secretRef:
            name: external-secrets-sa-token
            key: token
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: ${k8s_secret}
spec:
  refreshInterval: 1m
  secretStoreRef:
    name: secret-store
    kind: SecretStore
  data:
    - secretKey: ${vault_field}
      remoteRef:
        key: ${vault_mount}/${vault_secret}
        property: ${vault_field}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: external-secrets-sa
---
apiVersion: v1
kind: Secret
metadata:
  name: external-secrets-sa-token
  annotations:
    kubernetes.io/service-account.name: external-secrets-sa
type: kubernetes.io/service-account-token