fix(volsync): replace ExternalSecret with direct SOPS secret

2026-02-26 16:36:09 +01:00
parent cddd7e98ff
commit 4e3c17c7c9
3 changed files with 8 additions and 31 deletions
--- a/kubernetes/components/volsync/external-secret.yaml
+++ b/kubernetes/components/volsync/external-secret.yaml
@@ -1,22 +0,0 @@
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: "${APP}-volsync"
-spec:
-  secretStoreRef:
-    kind: SecretStore
-    name: volsync-local
-
-  target:
-    name: "${APP}-volsync-secret"
-    template:
-      engineVersion: v2
-      data:
-        RESTIC_REPOSITORY: "{{ .RESTIC_REPOSITORY }}"
-        RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
-        AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}"
-        AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}"
-  dataFrom:
-    - extract:
-        key: volsync-sops-secret
--- a/kubernetes/components/volsync/kustomization.yaml
+++ b/kubernetes/components/volsync/kustomization.yaml
@@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1alpha1
 kind: Component

 resources:
-  - external-secret.yaml
  - replication-source.yaml
  - replication-destination.yaml
  - pvc.yaml
--- a/kubernetes/components/volsync/secrets.sops.yaml
+++ b/kubernetes/components/volsync/secrets.sops.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-    name: volsync-sops-secret
+    name: "${APP}-volsync-secret"
 stringData:
    RESTIC_REPOSITORY: ENC[AES256_GCM,data:IKeoMJMhqvBW9M0Et8st1DrcrkQuw9VH/Mdmz9OGorm7ECPIxKQseQ6J6IkW9LqOt9kXjNFbiA==,iv:DnSDCC82nlmoH5SliGbdbAZRcUyYpgWKfS2BhTXIy/0=,tag:jAd08ZsqUDFt/cd2H79QsA==,type:str]
    RESTIC_PASSWORD: ENC[AES256_GCM,data:DYOgxKL/isykzUPQeroucni999HArY8kp/2l6Fq2RLuI8LJRqTd0q/6qCeEe1G0=,iv:VPc1BW8q8yMnjOpL9ys0TloxeE12YL4IK0QdUhXyP8w=,tag:MlYI3TIDlSIOtgaP6k0myg==,type:str]
@@ -11,13 +11,13 @@ sops:
    age:
        - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRDRDT2JzZmF2RlcyREg5
-            aEgyZ0QwNTJQK2JYbDBrNjRhT3BNSzdFZGlzCndQVloyK1RUU281S1Q2YnI4eXQv
-            RVoxa0UxOFNEVkZwQzB3ZUhTNHBMTWcKLS0tIGZLMTZ3YUs3d2FHWVBtczJzdzhp
-            dUtWdGJ0cjhjREI5YnVzVDk5VGJJS0kKpa+N5XC8a5/V/eUgqZoosxrio9CJMTYS
-            TzhILOHxY59zNtl4Jw7QtIy27jWki4+318WnQ2XGHO5yPUitc1yPuA==
-            -----END AGE ENCRYPTED FILE-----
+              -----BEGIN AGE ENCRYPTED FILE-----
+              YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRDRDT2JzZmF2RlcyREg5
+              aEgyZ0QwNTJQK2JYbDBrNjRhT3BNSzdFZGlzCndQVloyK1RUU281S1Q2YnI4eXQv
+              RVoxa0UxOFNEVkZwQzB3ZUhTNHBMTWcKLS0tIGZLMTZ3YUs3d2FHWVBtczJzdzhp
+              dUtWdGJ0cjhjREI5YnVzVDk5VGJJS0kKpa+N5XC8a5/V/eUgqZoosxrio9CJMTYS
+              TzhILOHxY59zNtl4Jw7QtIy27jWki4+318WnQ2XGHO5yPUitc1yPuA==
+              -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-02-26T11:50:59Z"
    mac: ENC[AES256_GCM,data:Mc8yc/04WdQZIDUXIosrA0s6fFw42OF+q+FUxkrWQhT37w2NfdMq8PIWUT4TwlbWthoHZRfTP/vLW6/p6fvKYrc+bjFGdwa4CHSXq5CdhqTZEt0VBA1XyjYh06k01Sf7JFK0X4YlolR6qrmyloibh6reW25Sq7xjU+HI/x1mmWA=,iv:FbUCwU8lfpPebBXFngVhqOO+cc/u8/CT+cC2qBN+h6I=,tag:O1uAYkFi+TmrWO/EwJtUbg==,type:str]
    encrypted_regex: ^(data|stringData)$