54 lines
1.7 KiB
YAML
54 lines
1.7 KiB
YAML
# External Secrets Operator Installation
|
|
# This installs the External Secrets Operator which syncs secrets from external providers
|
|
# into Kubernetes Secrets.
|
|
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: external-secrets-system
|
|
labels:
|
|
name: external-secrets-system
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: external-secrets
|
|
namespace: external-secrets-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: external-secrets
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["secrets", "configmaps"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["serviceaccounts"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["external-secrets.io"]
|
|
resources: ["externalsecrets", "secretstores", "clustersecretstores"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: external-secrets
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: external-secrets
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: external-secrets
|
|
namespace: external-secrets-system
|
|
---
|
|
# Note: For production, use the official Helm chart:
|
|
# helm repo add external-secrets https://charts.external-secrets.io
|
|
# helm install external-secrets external-secrets/external-secrets -n external-secrets-system
|
|
#
|
|
# This manifest is a simplified version for reference.
|
|
# For the full installation, use:
|
|
# kubectl apply -f https://raw.githubusercontent.com/external-secrets/external-secrets/main/deploy/charts/external-secrets/crds/bundle.yaml
|
|
# helm install external-secrets external-secrets/external-secrets -n external-secrets-system
|
|
|