From 30be24b3e6059f3071804b80665f477adec0c20a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nils=20M=C3=BCller?= <tyriis@users.noreply.github.com>
Date: Wed, 27 Dec 2023 23:07:05 +0100
Subject: [PATCH] feat(atlantis): add external secret for terraform-gworkspace
 age key

---
 .../atlantis/app/external-secret.yaml         | 19 +++++++++++++++++++
 .../atlantis/atlantis/app/kustomization.yaml  |  1 +
 .../apps/atlantis/atlantis/flux-sync.yaml     |  1 +
 .../stores/cluster-secret-store.yaml          |  1 +
 4 files changed, 22 insertions(+)
 create mode 100644 kubernetes/talos-flux/apps/atlantis/atlantis/app/external-secret.yaml

diff --git a/kubernetes/talos-flux/apps/atlantis/atlantis/app/external-secret.yaml b/kubernetes/talos-flux/apps/atlantis/atlantis/app/external-secret.yaml
new file mode 100644
index 000000000..c583c551d
--- /dev/null
+++ b/kubernetes/talos-flux/apps/atlantis/atlantis/app/external-secret.yaml
@@ -0,0 +1,19 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.minuette.horse/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name terraform-gworkspace
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    name: vault-backend
+    kind: ClusterSecretStore
+  target:
+    name: *name
+    creationPolicy: Owner
+  data:
+    - secretKey: keys.txt
+      remoteRef:
+        key: infra/techtales/terraform-gworkspace
+        property: age
diff --git a/kubernetes/talos-flux/apps/atlantis/atlantis/app/kustomization.yaml b/kubernetes/talos-flux/apps/atlantis/atlantis/app/kustomization.yaml
index 0e15fd213..c1813b6af 100644
--- a/kubernetes/talos-flux/apps/atlantis/atlantis/app/kustomization.yaml
+++ b/kubernetes/talos-flux/apps/atlantis/atlantis/app/kustomization.yaml
@@ -7,6 +7,7 @@ resources:
   - ./secret.sops.yaml
   - ./helm-release.yaml
   - ./ingress.yaml
+  - ./external-secret.yaml
 commonLabels:
   app.kubernetes.io/name: atlantis
   app.kubernetes.io/instance: atlantis
diff --git a/kubernetes/talos-flux/apps/atlantis/atlantis/flux-sync.yaml b/kubernetes/talos-flux/apps/atlantis/atlantis/flux-sync.yaml
index 2865a8d11..ca271622a 100644
--- a/kubernetes/talos-flux/apps/atlantis/atlantis/flux-sync.yaml
+++ b/kubernetes/talos-flux/apps/atlantis/atlantis/flux-sync.yaml
@@ -17,6 +17,7 @@ spec:
     - name: apps-cert-manager
     - name: apps-rook-ceph-cluster
     - name: apps-traefik-forward-auth
+    - name: apps-external-secrets
 
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1beta2.json
diff --git a/kubernetes/talos-flux/apps/secops/external-secrets/stores/cluster-secret-store.yaml b/kubernetes/talos-flux/apps/secops/external-secrets/stores/cluster-secret-store.yaml
index 41718a633..d0e1656c8 100644
--- a/kubernetes/talos-flux/apps/secops/external-secrets/stores/cluster-secret-store.yaml
+++ b/kubernetes/talos-flux/apps/secops/external-secrets/stores/cluster-secret-store.yaml
@@ -1,4 +1,5 @@
 ---
+# yaml-language-server: $schema=https://kubernetes-schemas.minuette.horse/external-secrets.io/clustersecretstore_v1beta1.json
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore
 metadata: