blumeops/argocd/manifests/tailscale-operator/kustomization.yaml at 351528474c36eb7b594164ffd0a5c09c8617503f - eblume/blumeops - Forgejo: Beyond coding. We Forge.

eblume/blumeops

Erich Blume 351528474c Add ExternalSecrets for remaining k8s secrets

Migrate 10 secret templates to ESO ExternalSecrets with 1Password Connect:
- databases: eblume, borgmatic, teslamate passwords
- tailscale-operator: OAuth client credentials
- grafana-config: admin password, teslamate datasource
- teslamate: db password, encryption key
- forgejo-runner: runner registration token
- argocd: forge SSH credentials

All use creationPolicy: Merge for safe migration from existing secrets.

Skipped:
- miniflux/secret-db: Uses CNPG secret, not 1Password directly
- immich/secret-db: Requires 1Password item creation first
- 1password-connect: Bootstrap secret, must stay as template

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-28 19:50:38 -08:00

11 lines

202 B

YAML

Raw Blame History

 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: tailscale
 resources:
   - operator.yaml
   - proxyclass.yaml
   - dnsconfig.yaml
   - egress-forge.yaml
   - external-secret.yaml