a3f25456e4
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
- .woodpecker.yaml: build+push agent and dispatcher images to Harbor on mainline/tag - k8s/argocd-app.yaml: ArgoCD Application syncing k8s/ from mainline - k8s/externalsecrets/: ExternalSecret manifests for all 19 agent AppRole creds + dispatcher - ArgoCD app applied to cluster, Woodpecker repo enabled with harbor secrets
512 lines
No EOL
13 KiB
YAML
512 lines
No EOL
13 KiB
YAML
---
|
|
# ExternalSecret: agent-pm
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-pm-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-pm-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/pm/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/pm/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-coder
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-coder-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-coder-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/coder/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/coder/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-code-reviewer
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-code-reviewer-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-code-reviewer-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/code-reviewer/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/code-reviewer/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-test-engineer
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-test-engineer-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-test-engineer-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/test-engineer/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/test-engineer/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-devsecops
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-devsecops-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-devsecops-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/devsecops/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/devsecops/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-secops
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-secops-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-secops-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/secops/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/secops/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-sre
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-sre-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-sre-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/sre/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/sre/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-kubernetes-pilot
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-kubernetes-pilot-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-kubernetes-pilot-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/kubernetes-pilot/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/kubernetes-pilot/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-linux-admin
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-linux-admin-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-linux-admin-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/linux-admin/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/linux-admin/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-systems-engineer
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-systems-engineer-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-systems-engineer-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/systems-engineer/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/systems-engineer/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-networking
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-networking-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-networking-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/networking/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/networking/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-dba
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-dba-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-dba-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/dba/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/dba/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-prometheus-expert
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-prometheus-expert-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-prometheus-expert-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/prometheus-expert/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/prometheus-expert/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-tofu-engineer
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-tofu-engineer-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-tofu-engineer-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/tofu-engineer/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/tofu-engineer/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-release-manager
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-release-manager-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-release-manager-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/release-manager/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/release-manager/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-doc-updater
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-doc-updater-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-doc-updater-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/doc-updater/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/doc-updater/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-doc-writer
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-doc-writer-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-doc-writer-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/doc-writer/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/doc-writer/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-technical-writer
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-technical-writer-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-technical-writer-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/technical-writer/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/technical-writer/approle
|
|
property: secret_id
|
|
---
|
|
---
|
|
# ExternalSecret: agent-cost-optimizer
|
|
# Pulls AppRole credentials from OpenBao into a k8s Secret
|
|
# so the Job can authenticate and fetch runtime secrets.
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: agent-cost-optimizer-approle
|
|
namespace: autojanet
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: agent-cost-optimizer-approle
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: role_id
|
|
remoteRef:
|
|
key: autojanet/cost-optimizer/approle
|
|
property: role_id
|
|
- secretKey: secret_id
|
|
remoteRef:
|
|
key: autojanet/cost-optimizer/approle
|
|
property: secret_id |