blumeops/argocd/manifests/databases/kustomization.yaml at 85e36cd807a8772adff8543bbc8ea1f1ad99d7ca - eblume/blumeops - Forgejo: Beyond coding. We Forge.

eblume/blumeops

Erich Blume 351528474c Add ExternalSecrets for remaining k8s secrets

Migrate 10 secret templates to ESO ExternalSecrets with 1Password Connect:
- databases: eblume, borgmatic, teslamate passwords
- tailscale-operator: OAuth client credentials
- grafana-config: admin password, teslamate datasource
- teslamate: db password, encryption key
- forgejo-runner: runner registration token
- argocd: forge SSH credentials

All use creationPolicy: Merge for safe migration from existing secrets.

Skipped:
- miniflux/secret-db: Uses CNPG secret, not 1Password directly
- immich/secret-db: Requires 1Password item creation first
- 1password-connect: Bootstrap secret, must stay as template

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-28 19:50:38 -08:00

13 lines

302 B

YAML

Raw Blame History

 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: databases
 resources:
   - blumeops-pg.yaml
   - immich-pg.yaml
   - service-tailscale.yaml
   - service-metrics-tailscale.yaml
   - external-secret-eblume.yaml
   - external-secret-borgmatic.yaml
   - external-secret-teslamate.yaml