theshire/kubernetes/apps/observability/thanos/app/externalsecret.yaml

31 lines
807 B
YAML

---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: thanos
namespace: monitoring
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: thanos-s3-secret
creationPolicy: Owner
template:
engineVersion: v2
data:
objstore.yml: |-
type: s3
config:
access_key: {{ .s3_thanos_access_key }}
bucket: {{ .s3_thanos_bucket_name }}
endpoint: {{ .s3_homelab_endpoint }}
secret_key: {{ .s3_thanos_secret_key }}
dataFrom:
- extract:
key: Minio
rewrite:
- regexp:
source: "(.*)"
target: "s3_$1"