feat(external-secrets): add External Secrets Operator

2025-08-29 23:08:15 +09:00
parent 00009ab192
commit 8d38cf5bd8
3 changed files with 78 additions and 0 deletions
--- a/external-secrets/vault-secret-store.gomplate.yaml
+++ b/external-secrets/vault-secret-store.gomplate.yaml
@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1
+kind: ClusterSecretStore
+metadata:
+  name: vault-secret-store
+spec:
+  provider:
+    vault:
+      server: http://vault.{{ .Env.K8S_VAULT_NAMESPACE }}:8200
+      path: secret
+      version: v2
+      auth:
+        kubernetes:
+          role: external-secrets
+          mountPath: kubernetes
+          serviceAccountRef:
+            name: external-secrets
+            namespace: {{ .Env.EXTERNAL_SECRETS_NAMESPACE }}
+  refreshInterval: {{ .Env.EXTERNAL_SECRETS_REFRESH_INTERVAL }}