Deploy monitoring stack
This commit is contained in:
@@ -1,10 +1,9 @@
|
||||
# ------------------------------------------------------------------------------
|
||||
# ExternalSecret — Authentik OIDC credentials for ArgoCD
|
||||
# Pulled from 1Password via Connect Server, materialized as argocd-oidc-secret
|
||||
# in the argocd namespace.
|
||||
#
|
||||
# 1Password item: "argocd-oidc" in the "mk-labs" vault
|
||||
# Fields: client-id, client-secret
|
||||
# Targets argocd-secret directly — ArgoCD reads oidc.authentik.* keys
|
||||
# from its own secret. ESO merges these fields into the existing secret
|
||||
# without overwriting admin.password etc. (creationPolicy: Merge)
|
||||
# ------------------------------------------------------------------------------
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
@@ -17,14 +16,14 @@ spec:
|
||||
name: onepassword-connect
|
||||
refreshInterval: "1h"
|
||||
target:
|
||||
name: argocd-oidc-secret
|
||||
creationPolicy: Owner
|
||||
name: argocd-secret
|
||||
creationPolicy: Merge
|
||||
data:
|
||||
- secretKey: client-id
|
||||
- secretKey: oidc.authentik.clientID
|
||||
remoteRef:
|
||||
key: argocd-oidc
|
||||
property: client-id
|
||||
- secretKey: client-secret
|
||||
- secretKey: oidc.authentik.clientSecret
|
||||
remoteRef:
|
||||
key: argocd-oidc
|
||||
property: client-secret
|
||||
|
||||
Reference in New Issue
Block a user