feat: move external-secrets to own namespace on storage cluster

Signed-off-by: Devin Buhl <[email protected]>

.vscode/settings.json

@@ -40,6 +40,7 @@
         "cert-manager": "guard",
         "default": "home",
         "digester-system": "hook",
+        "external-secrets": "secure",
         "flux-system": "pipe",
         "kube-system": "kubernetes",
         "monitoring": "event",

kubernetes/storage/apps/kube-system/external-secrets/ks.yaml → kubernetes/storage/apps/external-secrets/external-secrets/ks.yaml

@@ -6,11 +6,11 @@ metadata:
   name: &app external-secrets
   namespace: flux-system
 spec:
-  targetNamespace: kube-system
+  targetNamespace: external-secrets
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  path: ./kubernetes/storage/apps/kube-system/external-secrets/app
+  path: ./kubernetes/storage/apps/external-secrets/external-secrets/app
   prune: true
   sourceRef:
     kind: GitRepository
@@ -27,13 +27,13 @@ metadata:
   name: &app external-secrets-stores
   namespace: flux-system
 spec:
-  targetNamespace: kube-system
+  targetNamespace: external-secrets
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
     - name: external-secrets
-  path: ./kubernetes/storage/apps/kube-system/external-secrets/stores
+  path: ./kubernetes/storage/apps/external-secrets/external-secrets/stores
   prune: true
   sourceRef:
     kind: GitRepository

kubernetes/storage/apps/kube-system/external-secrets/stores/onepassword/clustersecretstore.yaml → kubernetes/storage/apps/external-secrets/external-secrets/stores/onepassword/clustersecretstore.yaml

@@ -8,12 +8,12 @@ spec:
   provider:
     onepassword:
       connectHost: http://onepassword-connect.turbo.ac
-      # connectHost: http://onepassword-connect.kube-system.svc.cluster.local
+      # connectHost: http://onepassword-connect.external-secrets.svc.cluster.local
       vaults:
         Kubernetes: 1
       auth:
         secretRef:
           connectTokenSecretRef:
             name: onepassword-connect-secret
             key: token
-            namespace: kube-system
+            namespace: external-secrets

kubernetes/storage/apps/external-secrets/kustomization.yaml

@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  # Pre Flux-Kustomizations
+  - ./namespace.yaml
+  # Flux-Kustomizations
+  - ./external-secrets/ks.yaml

kubernetes/storage/apps/external-secrets/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: external-secrets
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled

kubernetes/storage/apps/kube-system/kustomization.yaml

@@ -6,5 +6,4 @@ resources:
   # Pre Flux-Kustomizations
   - ./namespace.yaml
   # Flux-Kustomizations
-  - ./external-secrets/ks.yaml
   - ./metrics-server/ks.yaml