chore: add external-secrets back

Author: timtorChen

kubernetes/external-secrets/app/netpol.yaml

@@ -0,0 +1,3 @@
+---
+# TODO
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/cilium.io/ciliumnetworkpolicy_v2.json

kubernetes/archive/external-secrets/external-secrets.yaml renamed to kubernetes/external-secrets/app/release.yaml

@@ -1,14 +1,4 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/source.toolkit.fluxcd.io/helmrepository_v1.json
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
-  namespace: external-secrets
-  name: external-secrets
-spec:
-  url: https://charts.external-secrets.io
-  interval: 24h
----
 # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/helm.toolkit.fluxcd.io/helmrelease_v2.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
@@ -21,26 +11,37 @@ spec:
       sourceRef:
         kind: HelmRepository
         name: external-secrets
-      # disable renovate: registryUrl=https://charts.external-secrets.io
       chart: external-secrets
-      version: 0.9.4
+      version: 0.20.1
   install:
     crds: CreateReplace
   upgrade:
     crds: CreateReplace
   interval: 1h
   maxHistory: 1
+  timeout: 1m0s
   values:
     installCRDs: true
+    crds:
+      createClusterExternalSecret: false
+      createClusterSecretStore: false
+      createClusterGenerator: false
+      createClusterPushSecret: false
+      createPushSecret: true
 
     # -- controller
     replicaCount: 1
     processClusterExternalSecret: false
     processClusterStore: false
+    processClusterPushSecret: false
+    processClusterGenerator: false
+    processPushSecret: true
     securityContext: &securityContext
       runAsNonRoot: true
-      readOnlyRootFilesystem: true
+      runAsUser: 1000
+      runAsGroup: 1000
       allowPrivilegeEscalation: false
+      readOnlyRootFilesystem: true
       capabilities:
         drop: ["ALL"]
       seccompProfile:

kubernetes/external-secrets/app/repo.yaml

@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/source.toolkit.fluxcd.io/helmrepository_v1.json
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  namespace: external-secrets
+  name: external-secrets
+spec:
+  url: https://charts.external-secrets.io
+  interval: 24h

kubernetes/archive/external-secrets/_namespace.yaml renamed to kubernetes/external-secrets/base/ns.yaml

@@ -3,5 +3,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - _namespace.yaml
-  - external-secrets.yaml
+  - base/ns.yaml
+  - app/repo.yaml
+  - app/release.yaml
+  - app/netpol.yaml

kubernetes/archive/external-secrets/kustomization.yaml renamed to kubernetes/external-secrets/kustomization.yaml

@@ -120,6 +120,21 @@ spec:
   prune: true
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+## external-secrets
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  namespace: flux-system
+  name: 1-external-secrets
+spec:
+  sourceRef:
+    kind: GitRepository
+    name: homelab
+  interval: 10m0s
+  path: /kubernetes/external-secrets
+  prune: true
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 ## cloudflared
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization