---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: thanos
  namespace: monitoring
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: thanos-s3-secret
    creationPolicy: Owner
    template:
      engineVersion: v2
      data:
        objstore.yml: |-
          type: s3
          config:
            access_key: {{ .minio_thanos_access_key }}
            bucket: thanos
            endpoint: {{ .minio_s3_host }}
            region: us-east-1
            secret_key: {{ .minio_thanos_secret_key }}
  dataFrom:
    - extract:
        key: minio
      rewrite:
        - regexp:
            source: "(.*)"
            target: "minio_$1"