From 2d8cc39df2e7a282b607f4310811d5ffd8f57606 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 00:34:53 +0000 Subject: [PATCH 1/2] feat: add ClusterSecretStore and ExternalSecret for Tailscale --- deployments/tailscale/cluster-secret-store.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 deployments/tailscale/cluster-secret-store.yaml diff --git a/deployments/tailscale/cluster-secret-store.yaml b/deployments/tailscale/cluster-secret-store.yaml new file mode 100644 index 0000000..9d4fa5d --- /dev/null +++ b/deployments/tailscale/cluster-secret-store.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1 +kind: ClusterSecretStore +metadata: + name: orion-vault + namespace: vault +spec: + provider: + vault: + server: "http://vault.vault.svc.cluster.local:8200" + path: "secret" + auth: + agentAuth: + path: "kubernetes" + namespace: "vault" -- 2.52.0 From 53e8a505bddbf9914211f5cb74a0c5b1dfe1a776 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Sun, 10 May 2026 00:34:53 +0000 Subject: [PATCH 2/2] feat: add ClusterSecretStore and ExternalSecret for Tailscale --- deployments/tailscale/external-secret.yaml | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 deployments/tailscale/external-secret.yaml diff --git a/deployments/tailscale/external-secret.yaml b/deployments/tailscale/external-secret.yaml new file mode 100644 index 0000000..7a13d02 --- /dev/null +++ b/deployments/tailscale/external-secret.yaml @@ -0,0 +1,23 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tailscale-auth + namespace: tailscale + labels: + app: tailscale + managed-by: orion +spec: + refreshInterval: "1h" + secretStoreRef: + name: orion-vault + kind: ClusterSecretStore + target: + name: tailscale-auth + creationPolicy: Owner + template: + type: Opaque + data: + - secretKey: TS_AUTH_KEY + remoteRef: + key: secret/data/tailscale + property: TS_AUTH_KEY -- 2.52.0