feat: Add external-secrets

k8s/clusters/dolo/external-secrets/.gitignore

@@ -0,0 +1 @@
+universal-auth-credentials.yaml

k8s/clusters/dolo/external-secrets/cluster-secret-store.yaml

@@ -0,0 +1,28 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: infisical
+spec:
+  provider:
+    infisical:
+      auth:
+        universalAuthCredentials:
+          clientId:
+            key: clientId
+            namespace: external-secrets
+            name: universal-auth-credentials
+          clientSecret:
+            key: clientSecret
+            namespace: external-secrets
+            name: universal-auth-credentials
+      # Details to pull secrets from
+      secretsScope:
+        projectSlug: homelab-u12-k
+        environmentSlug: prod # "dev", "staging", "prod", etc..
+        # optional
+        secretsPath: /dolo # Root is "/"
+        # optional
+        recursive: true # Default is false
+      # optional
+      hostAPI: https://infisical.stingray.mnke.org
+

k8s/clusters/dolo/external-secrets/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: external-secrets

k8s/clusters/dolo/external-secrets/release.yaml

@@ -0,0 +1,15 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: external-secrets
+  namespace: external-secrets
+spec:
+  interval: 10m
+  chart:
+    spec:
+      chart: external-secrets
+      sourceRef:
+        kind: HelmRepository
+        name: external-secrets
+        namespace: flux-system
+      interval: 10m

k8s/clusters/dolo/external-secrets/repository.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: external-secrets
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: https://charts.external-secrets.io
+

k8s/clusters/dolo/kube-system/dns-configmap.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns
+  namespace: kube-system
+data:
+  Corefile: |
+    .:53 {
+        errors
+        health
+        ready
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+            pods insecure
+            fallthrough in-addr.arpa ip6.arpa
+        }
+        forward . 10.0.123.123
+        cache 30
+        loop
+        reload
+        loadbalance
+    }