odoo-tower/cluster-platform-v3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ff7eb9fafcc78490af7ae484dac4e5a89c2ae1bf
cluster-platform-v3/templates/cloudflare-api-token-externalsecret.yaml
OdooSky v3 ff7eb9fafc fix(eso): chart 0.7.1 — explicit CRD defaults to clear ArgoCD OutOfSync 
ArgoCD was reporting all 6 ExternalSecrets as OutOfSync because the
live CRs had conversionStrategy/decodingStrategy/metadataPolicy fields
filled in by the CRD defaults that werent in the chart manifests.
Stamping them explicitly so the diff is clean. Tower UI will now show
Provisioning state correctly transition to Ready.
2026-05-07 21:47:00 +03:00

36 lines
1.2 KiB
YAML
Raw Blame History

{{- if .Values.externalSecrets.enabled }}
{{- if .Values.externalSecrets.openbao.mountPath }}
{{- if and .Values.tenant.id .Values.tenant.slug }}
# cloudflare-api-token-<slug> — per-tenant CF token used by cert-manager's
# DNS-01 solver. Pulled from OpenBao path v3/tenants/<id>/cloudflare-token,
# field api_token, exposed as Secret key "api-token" (matches what the
# ClusterIssuer references via secretKeyRef.key in cluster-issuer.yaml).
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: cloudflare-api-token-{{ .Values.tenant.slug }}
namespace: odoosky-system
labels:
app.kubernetes.io/managed-by: cluster-platform-v3
odoosky.io/tenant: {{ .Values.tenant.id | quote }}
spec:
refreshInterval: "1h"
secretStoreRef:
name: openbao-platform
kind: ClusterSecretStore
target:
name: cloudflare-api-token-{{ .Values.tenant.slug }}
creationPolicy: Owner
deletionPolicy: Retain
data:
- secretKey: api-token
remoteRef:
key: tenants/{{ .Values.tenant.id }}/cloudflare-token
property: api_token
conversionStrategy: Default
decodingStrategy: None
metadataPolicy: None
{{- end }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink