feat: Switch Most Secrets to External Secrets Operator

kubernetes/argocd/applications/bitwarden.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/bitwarden/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/cockroachdb.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/cockroachdb/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/container-security-operator.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/container-security/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/dragonfly-operator.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/dragonfly-operator/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/eclipse-che-operator.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/eclipse-che/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/external-secrets-operator.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/external-secrets-operator/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/grafana.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/grafana/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/heimdall.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/heimdall/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/homeassistant.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/homeassistant/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/homelab.yaml

@@ -17,8 +17,6 @@ spec:
     path: tekton/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/imagepuller.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/imagepuller/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/influxdb.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/influxdb/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/keep-alive.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/keep-alive/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/knative.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/knative/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/kube-eagle.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/kube-eagle/overlays/default
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/kube-vip.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/kube-vip/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/kyverno.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/kyverno/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/longhorn-system.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/longhorn/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/mariadb-galera.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/mariadb-galera/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/minio-operator.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/minio-operator/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/mongodb-operator.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/mongodb-operator/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/network-observability.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/network-observability/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/nextcloud.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/nextcloud/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/openshift-monitoring.yaml

@@ -17,5 +17,3 @@ spec:
     path: okd/openshift-monitoring/base
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize

kubernetes/argocd/applications/photoprism.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/photoprism/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/phpmyadmin.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/phpmyadmin/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/postgres.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/postgres/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/quay.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/quay/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/stackrox-central.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/stackrox-central/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/stackrox-secure.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/stackrox-secure/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/tekton.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/tekton/overlays/operator
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/traefik.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/traefik/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/unifi-network-application.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/unifi-network-application/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/uptime-kuma.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/uptime-kuma/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/vault.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/vault/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/version-checker.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/version-checker/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/argocd/applications/zitadel.yaml

@@ -17,8 +17,6 @@ spec:
     path: kubernetes/zitadel/overlays/okd
     repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
     targetRevision: HEAD
-    plugin:
-      name: argocd-vault-plugin-kustomize
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

kubernetes/external-secrets-operator/base/kustomization.yaml

@@ -7,3 +7,4 @@ resources:
   - ./operator-config.yaml
   - ./operator-group.yaml
   - ./subscription.yaml
+  - ./secret.yaml

kubernetes/external-secrets-operator/base/secret.yaml

@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: vault
+spec:
+  provider:
+    vault:
+      server: "https://vault.arthurvardevanyan.com"
+      path: "secret"
+      version: "v2"
+      auth:
+        kubernetes:
+          mountPath: "kubernetes"
+          role: "argocd"
+          serviceAccountRef:
+            name: "argocd-repo-server"
+            namespace: "argocd"

kubernetes/grafana/base/secret.yaml

@@ -12,4 +12,25 @@ stringData:
   GF_DATABASE_HOST: grafana-primary.postgres.svc
   GF_DATABASE_NAME: grafana
   GF_DATABASE_USER: grafana
-  GF_DATABASE_PASSWORD: <path:secret/data/homelab/postgres#grafana_password>
+  #GF_DATABASE_PASSWORD: <path:secret/data/homelab/postgres#grafana_password>
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: database
+  namespace: grafana
+  labels:
+    app.kubernetes.io/instance: grafana
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: database
+    creationPolicy: "Merge"
+  data:
+    - secretKey: GF_DATABASE_PASSWORD
+      remoteRef:
+        key: homelab/postgres
+        property: grafana_password