refactor ceph-secret

ceph-secret.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: csi-rbd-secret
-  namespace: kube-system
-stringData:
-  userID: k8s
-  userKey: AQAVVqJprYZeFBAALRdX3gJGaN/5kRNnVVadHw==

secrets/ceph-secret.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: csi-rbd-secret
+  namespace: kube-system
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: bitwarden
+    kind: ClusterSecretStore
+  target:
+    name: csi-rbd-secret
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      mergePolicy: Merge
+      data:
+        userID: k8s
+  data:
+    - secretKey: userKey
+      remoteRef:
+        key: ceph-userkey

secrets/kustomization.yaml

@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - namespace.yaml
+- ceph-secret.yaml