From 4e3c17c7c955996d6b8f330da8576f1a05123788 Mon Sep 17 00:00:00 2001 From: Laur IVAN Date: Thu, 26 Feb 2026 16:36:09 +0100 Subject: [PATCH] fix(volsync): replace ExternalSecret with direct SOPS secret --- .../components/volsync/external-secret.yaml | 22 ------------------- .../components/volsync/kustomization.yaml | 1 - .../components/volsync/secrets.sops.yaml | 16 +++++++------- 3 files changed, 8 insertions(+), 31 deletions(-) delete mode 100644 kubernetes/components/volsync/external-secret.yaml diff --git a/kubernetes/components/volsync/external-secret.yaml b/kubernetes/components/volsync/external-secret.yaml deleted file mode 100644 index 79b2854..0000000 --- a/kubernetes/components/volsync/external-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: "${APP}-volsync" -spec: - secretStoreRef: - kind: SecretStore - name: volsync-local - - target: - name: "${APP}-volsync-secret" - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ .RESTIC_REPOSITORY }}" - RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" - AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" - AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" - dataFrom: - - extract: - key: volsync-sops-secret diff --git a/kubernetes/components/volsync/kustomization.yaml b/kubernetes/components/volsync/kustomization.yaml index 713bafe..f54ff4c 100644 --- a/kubernetes/components/volsync/kustomization.yaml +++ b/kubernetes/components/volsync/kustomization.yaml @@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component resources: - - external-secret.yaml - replication-source.yaml - replication-destination.yaml - pvc.yaml diff --git a/kubernetes/components/volsync/secrets.sops.yaml b/kubernetes/components/volsync/secrets.sops.yaml index e50cf30..d7e1d12 100644 --- a/kubernetes/components/volsync/secrets.sops.yaml +++ b/kubernetes/components/volsync/secrets.sops.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: volsync-sops-secret + name: "${APP}-volsync-secret" stringData: RESTIC_REPOSITORY: ENC[AES256_GCM,data:IKeoMJMhqvBW9M0Et8st1DrcrkQuw9VH/Mdmz9OGorm7ECPIxKQseQ6J6IkW9LqOt9kXjNFbiA==,iv:DnSDCC82nlmoH5SliGbdbAZRcUyYpgWKfS2BhTXIy/0=,tag:jAd08ZsqUDFt/cd2H79QsA==,type:str] RESTIC_PASSWORD: ENC[AES256_GCM,data:DYOgxKL/isykzUPQeroucni999HArY8kp/2l6Fq2RLuI8LJRqTd0q/6qCeEe1G0=,iv:VPc1BW8q8yMnjOpL9ys0TloxeE12YL4IK0QdUhXyP8w=,tag:MlYI3TIDlSIOtgaP6k0myg==,type:str] @@ -11,13 +11,13 @@ sops: age: - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRDRDT2JzZmF2RlcyREg5 - aEgyZ0QwNTJQK2JYbDBrNjRhT3BNSzdFZGlzCndQVloyK1RUU281S1Q2YnI4eXQv - RVoxa0UxOFNEVkZwQzB3ZUhTNHBMTWcKLS0tIGZLMTZ3YUs3d2FHWVBtczJzdzhp - dUtWdGJ0cjhjREI5YnVzVDk5VGJJS0kKpa+N5XC8a5/V/eUgqZoosxrio9CJMTYS - TzhILOHxY59zNtl4Jw7QtIy27jWki4+318WnQ2XGHO5yPUitc1yPuA== - -----END AGE ENCRYPTED FILE----- + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRDRDT2JzZmF2RlcyREg5 + aEgyZ0QwNTJQK2JYbDBrNjRhT3BNSzdFZGlzCndQVloyK1RUU281S1Q2YnI4eXQv + RVoxa0UxOFNEVkZwQzB3ZUhTNHBMTWcKLS0tIGZLMTZ3YUs3d2FHWVBtczJzdzhp + dUtWdGJ0cjhjREI5YnVzVDk5VGJJS0kKpa+N5XC8a5/V/eUgqZoosxrio9CJMTYS + TzhILOHxY59zNtl4Jw7QtIy27jWki4+318WnQ2XGHO5yPUitc1yPuA== + -----END AGE ENCRYPTED FILE----- lastmodified: "2026-02-26T11:50:59Z" mac: ENC[AES256_GCM,data:Mc8yc/04WdQZIDUXIosrA0s6fFw42OF+q+FUxkrWQhT37w2NfdMq8PIWUT4TwlbWthoHZRfTP/vLW6/p6fvKYrc+bjFGdwa4CHSXq5CdhqTZEt0VBA1XyjYh06k01Sf7JFK0X4YlolR6qrmyloibh6reW25Sq7xjU+HI/x1mmWA=,iv:FbUCwU8lfpPebBXFngVhqOO+cc/u8/CT+cC2qBN+h6I=,tag:O1uAYkFi+TmrWO/EwJtUbg==,type:str] encrypted_regex: ^(data|stringData)$