Erich Blume
9114aac8f6
ESO now has full ownership of these secrets. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
29 lines
739 B
YAML
29 lines
739 B
YAML
# ExternalSecret for Tailscale Operator OAuth credentials
|
|
#
|
|
# Replaces the manual op inject workflow from secret.yaml.tpl
|
|
#
|
|
# 1Password item: "Tailscale K8s Operator OAuth" in blumeops vault
|
|
# Fields: "client-id", "client-secret"
|
|
#
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: operator-oauth
|
|
namespace: tailscale
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: onepassword-blumeops
|
|
target:
|
|
name: operator-oauth
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: client_id
|
|
remoteRef:
|
|
key: Tailscale K8s Operator OAuth
|
|
property: client-id
|
|
- secretKey: client_secret
|
|
remoteRef:
|
|
key: Tailscale K8s Operator OAuth
|
|
property: client-secret
|