External secrets operator (#65)

* replacing external-secrets with external-secrets-operator

* adjustments to sync waves to accommodate eso influence

gitops/components/argo/externalsecrets.yaml

@@ -1,53 +1,65 @@
-apiVersion: "kubernetes-client.io/v1"
+apiVersion: "external-secrets.io/v1alpha1"
 kind: ExternalSecret
 metadata:
   name: ci-secrets
 spec:
-  backendType: vault
-  vaultMountPoint: kubernetes/kubefirst
-  vaultRole: external-secrets
-  kvVersion: 2
+  target:
+    name: ci-secrets
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-secrets-backend
+  refreshInterval: 10s
   data:
     # username used for accessing git - this is the name of the personal access token, default is kubefirst
-    - name: USERNAME
-      key: secret/data/ci-secrets
-      property: USERNAME
+    - remoteRef:
+        key: ci-secrets
+        property: USERNAME
+      secretKey: USERNAME
     # personal access token associated with username above
-    - name: PERSONAL_ACCESS_TOKEN
-      key: secret/data/ci-secrets
-      property: PERSONAL_ACCESS_TOKEN
+    - remoteRef:
+        key: ci-secrets
+        property: PERSONAL_ACCESS_TOKEN
+      secretKey: PERSONAL_ACCESS_TOKEN
     # access key id to connect to aws
-    - name: AWS_ACCESS_KEY_ID
-      key: secret/data/ci-secrets
-      property: AWS_ACCESS_KEY_ID
+    - remoteRef:
+        key: ci-secrets
+        property: AWS_ACCESS_KEY_ID
+      secretKey: AWS_ACCESS_KEY_ID
     # access key to connect to aws
-    - name: AWS_SECRET_ACCESS_KEY
-      key: secret/data/ci-secrets
-      property: AWS_SECRET_ACCESS_KEY
+    - remoteRef:
+        key: ci-secrets
+        property: AWS_SECRET_ACCESS_KEY
+      secretKey: AWS_SECRET_ACCESS_KEY
     # chartmuseum admin username
-    - name: BASIC_AUTH_USER
-      key: secret/data/ci-secrets
-      property: BASIC_AUTH_USER
+    - remoteRef:
+        key: ci-secrets
+        property: BASIC_AUTH_USER
+      secretKey: BASIC_AUTH_USER
     # chartmuseum admin password
-    - name: BASIC_AUTH_PASS
-      key: secret/data/ci-secrets
-      property: BASIC_AUTH_PASS
+    - remoteRef:
+        key: ci-secrets
+        property: BASIC_AUTH_PASS
+      secretKey: BASIC_AUTH_PASS
 ---
-  apiVersion: "kubernetes-client.io/v1"
-  kind: ExternalSecret
-  metadata:
+apiVersion: "external-secrets.io/v1alpha1"
+kind: ExternalSecret
+metadata:
+  name: argo-secrets
+spec:
+  target:
     name: argo-secrets
-  spec:
-    backendType: vault
-    vaultMountPoint: kubernetes/kubefirst
-    vaultRole: external-secrets
-    kvVersion: 2
-    data:
-      # client-id used for oidc auth with keycloak
-      - name: client-id
-        key: secret/data/admin/oidc/argo
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-secrets-backend
+  refreshInterval: 10s
+  data:
+    # client-id used for oidc auth with keycloak
+    - remoteRef:
+        key: admin/oidc/argo
         property: application_id
-      # client-id used for oidc auth with keycloak
-      - name: client-secret
-        key: secret/data/admin/oidc/argo
-        property: secret
+      secretKey: client-id
+    # client-id used for oidc auth with keycloak
+    - remoteRef:
+        key: admin/oidc/argo
+        property: secret
+      secretKey: client-secret