ext-secrets initial

09_ExternalSecrets/vault-secret-store.gomplate.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1
+kind: ClusterSecretStore
+metadata:
+  name: vault-secret-store
+spec:
+  provider:
+    vault:
+      server: http://vault.{{ .Env.K8S_VAULT_NAMESPACE }}:8200
+      path: secret
+      version: v2
+      auth:
+        kubernetes:
+          role: external-secrets
+          mountPath: kubernetes
+          serviceAccountRef:
+            name: external-secrets
+            namespace: {{ .Env.EXTERNAL_SECRETS_NAMESPACE }}
+            # Audience must match the audience configured in Vault Kubernetes auth role
+            # Required for Vault 1.21+ compatibility
+            audiences:
+              - vault
+  refreshInterval: {{ .Env.EXTERNAL_SECRETS_REFRESH_INTERVAL }}