feat(atlantis): add external secret for terraform-gworkspace age key

kubernetes/talos-flux/apps/atlantis/atlantis/app/external-secret.yaml

@@ -0,0 +1,19 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.minuette.horse/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name terraform-gworkspace
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    name: vault-backend
+    kind: ClusterSecretStore
+  target:
+    name: *name
+    creationPolicy: Owner
+  data:
+    - secretKey: keys.txt
+      remoteRef:
+        key: infra/techtales/terraform-gworkspace
+        property: age

kubernetes/talos-flux/apps/atlantis/atlantis/app/kustomization.yaml

@@ -7,6 +7,7 @@ resources:
   - ./secret.sops.yaml
   - ./helm-release.yaml
   - ./ingress.yaml
+  - ./external-secret.yaml
 commonLabels:
   app.kubernetes.io/name: atlantis
   app.kubernetes.io/instance: atlantis

kubernetes/talos-flux/apps/atlantis/atlantis/flux-sync.yaml

@@ -17,6 +17,7 @@ spec:
     - name: apps-cert-manager
     - name: apps-rook-ceph-cluster
     - name: apps-traefik-forward-auth
+    - name: apps-external-secrets
 
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1beta2.json

kubernetes/talos-flux/apps/secops/external-secrets/stores/cluster-secret-store.yaml

@@ -1,4 +1,5 @@
 ---
+# yaml-language-server: $schema=https://kubernetes-schemas.minuette.horse/external-secrets.io/clustersecretstore_v1beta1.json
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore
 metadata: