zoe/autojanet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
autojanet/k8s/externalsecrets/agent-approles.yaml
Zoë d3a6252ed5
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
fix: ExternalSecret/ClusterSecretStore apiVersion v1beta1 -> v1
2026-05-30 15:58:07 -07:00

512 lines
No EOL
13 KiB
YAML
Raw Permalink Blame History

---
# ExternalSecret: agent-pm
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-pm-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-pm-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/pm/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/pm/approle
property: secret_id
---
---
# ExternalSecret: agent-coder
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-coder-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-coder-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/coder/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/coder/approle
property: secret_id
---
---
# ExternalSecret: agent-code-reviewer
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-code-reviewer-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-code-reviewer-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/code-reviewer/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/code-reviewer/approle
property: secret_id
---
---
# ExternalSecret: agent-test-engineer
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-test-engineer-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-test-engineer-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/test-engineer/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/test-engineer/approle
property: secret_id
---
---
# ExternalSecret: agent-devsecops
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-devsecops-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-devsecops-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/devsecops/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/devsecops/approle
property: secret_id
---
---
# ExternalSecret: agent-secops
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-secops-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-secops-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/secops/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/secops/approle
property: secret_id
---
---
# ExternalSecret: agent-sre
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-sre-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-sre-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/sre/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/sre/approle
property: secret_id
---
---
# ExternalSecret: agent-kubernetes-pilot
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-kubernetes-pilot-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-kubernetes-pilot-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/kubernetes-pilot/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/kubernetes-pilot/approle
property: secret_id
---
---
# ExternalSecret: agent-linux-admin
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-linux-admin-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-linux-admin-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/linux-admin/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/linux-admin/approle
property: secret_id
---
---
# ExternalSecret: agent-systems-engineer
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-systems-engineer-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-systems-engineer-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/systems-engineer/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/systems-engineer/approle
property: secret_id
---
---
# ExternalSecret: agent-networking
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-networking-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-networking-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/networking/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/networking/approle
property: secret_id
---
---
# ExternalSecret: agent-dba
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-dba-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-dba-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/dba/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/dba/approle
property: secret_id
---
---
# ExternalSecret: agent-prometheus-expert
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-prometheus-expert-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-prometheus-expert-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/prometheus-expert/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/prometheus-expert/approle
property: secret_id
---
---
# ExternalSecret: agent-tofu-engineer
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-tofu-engineer-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-tofu-engineer-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/tofu-engineer/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/tofu-engineer/approle
property: secret_id
---
---
# ExternalSecret: agent-release-manager
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-release-manager-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-release-manager-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/release-manager/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/release-manager/approle
property: secret_id
---
---
# ExternalSecret: agent-doc-updater
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-doc-updater-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-doc-updater-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/doc-updater/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/doc-updater/approle
property: secret_id
---
---
# ExternalSecret: agent-doc-writer
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-doc-writer-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-doc-writer-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/doc-writer/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/doc-writer/approle
property: secret_id
---
---
# ExternalSecret: agent-technical-writer
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-technical-writer-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-technical-writer-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/technical-writer/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/technical-writer/approle
property: secret_id
---
---
# ExternalSecret: agent-cost-optimizer
# Pulls AppRole credentials from OpenBao into a k8s Secret
# so the Job can authenticate and fetch runtime secrets.
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: agent-cost-optimizer-approle
namespace: autojanet
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: agent-cost-optimizer-approle
creationPolicy: Owner
data:
- secretKey: role_id
remoteRef:
key: autojanet/cost-optimizer/approle
property: role_id
- secretKey: secret_id
remoteRef:
key: autojanet/cost-optimizer/approle
property: secret_id
Reference in a new issue View git blame Copy permalink