apiVersion: v1 data: license: J3t9Jw== kind: Secret metadata: creationTimestamp: null name: kong-enterprise-license namespace: kong --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: kong-cluster-cert spec: secretStoreRef: name: vault-kong kind: SecretStore target: name: kong-cluster-cert data: - secretKey: tls.crt remoteRef: key: secrets/kong/tls property: cert - secretKey: tls.key remoteRef: key: secrets/kong/tls property: key --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: kong-config-secret spec: secretStoreRef: name: vault-kong kind: SecretStore target: name: kong-config-secret data: - secretKey: admin_gui_session_conf remoteRef: key: secrets/kong/config property: admin_gui_session_conf - secretKey: kong_admin_password remoteRef: key: secrets/kong/config property: kong_admin_password - secretKey: password remoteRef: key: secrets/kong/postgres property: password - secretKey: pg_host remoteRef: key: secrets/kong/config property: pg_host - secretKey: portal_session_conf remoteRef: key: secrets/kong/config property: portal_session_conf --- apiVersion: external-secrets.io/v1beta1 kind: SecretStore metadata: name: vault-kong spec: provider: vault: server: "http://vault.vault.svc.cluster.local:8200" path: "secrets" version: "v2" auth: kubernetes: mountPath: "kubernetes" role: "external-secrets" --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: kong-postgresql spec: secretStoreRef: name: vault-kong kind: SecretStore target: name: kong-postgresql data: - secretKey: postgres-username remoteRef: key: secrets/kong/postgres property: username - secretKey: postgres-password remoteRef: key: secrets/kong/postgres property: password - secretKey: postgres-database remoteRef: key: secrets/kong/postgres property: database - secretKey: password remoteRef: key: secrets/kong/postgres property: password