From 81f2e754edcdd54c7f1fae7eaf9d90704207e91b Mon Sep 17 00:00:00 2001 From: Jan Novak Date: Wed, 7 Jan 2026 22:05:31 +0100 Subject: [PATCH] gitops/external-secrets: set deployment replicas to 1 and add cloudsecretstore --- .../cloudsecretstore-vault.yaml | 18 ++++++++++++++++++ .../external-secrets/helmrelease.yaml | 6 +++--- 2 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 gitops/home-kubernetes/external-secrets/cloudsecretstore-vault.yaml diff --git a/gitops/home-kubernetes/external-secrets/cloudsecretstore-vault.yaml b/gitops/home-kubernetes/external-secrets/cloudsecretstore-vault.yaml new file mode 100644 index 0000000..79e51c4 --- /dev/null +++ b/gitops/home-kubernetes/external-secrets/cloudsecretstore-vault.yaml @@ -0,0 +1,18 @@ +apiVersion: external-secrets.io/v1 +kind: ClusterSecretStore +metadata: + name: vault-backend + namespace: external-secrets +spec: + provider: + vault: + server: "https://vault.hrajfrisbee.cz:8200" + path: "secret" + version: "v2" + auth: + appRole: + path: "approle" + roleId: "8833d0f8-d35d-d7ea-658b-c27837d121ab" # or reference a secret + secretRef: + name: vault-approle + key: secret-id \ No newline at end of file diff --git a/gitops/home-kubernetes/external-secrets/helmrelease.yaml b/gitops/home-kubernetes/external-secrets/helmrelease.yaml index 70491cc..747d1f0 100644 --- a/gitops/home-kubernetes/external-secrets/helmrelease.yaml +++ b/gitops/home-kubernetes/external-secrets/helmrelease.yaml @@ -21,7 +21,7 @@ spec: remediation: retries: 3 values: - replicaCount: 2 + replicaCount: 1 leaderElect: true # Resources (adjust to your cluster) @@ -33,7 +33,7 @@ spec: memory: 256Mi webhook: - replicaCount: 2 + replicaCount: 1 resources: requests: cpu: 25m @@ -45,7 +45,7 @@ spec: minAvailable: 1 certController: - replicaCount: 2 + replicaCount: 1 resources: requests: cpu: 25m