REFACTOR(repo): move vault/ to manifests/

- Move ExternalSecret files from vault/ to manifests/secret.yaml
- Merge multiple secrets with --- separator (immich)
- Update kustomization.yaml references
- Remove vault/ folders

Apps: umami, immich, code-server

code-server/kustomization.yaml

@@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: code-server
 resources:
-- vault/code-server-password.yaml
+- manifests/secret.yaml
 - manifests/rbac.yaml

immich/kustomization.yaml

@@ -2,6 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - manifests/pvc.yaml
-- vault/immich-postgres-password.yaml
+- manifests/secret.yaml
-- vault/immich-oidc.yaml
 namespace: immich

immich/manifests/secret.yaml

@@ -1,5 +1,25 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
+metadata:
+  name: immich-postgres-password
+  namespace: immich
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: immich-postgres-password
+    creationPolicy: Owner
+  data:
+    - secretKey: password
+      remoteRef:
+        key: databases/postgresql
+        property: PASSWORD
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
 metadata:
   name: immich-oidc
   namespace: immich

immich/vault/immich-postgres-password.yaml

@@ -1,18 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: immich-postgres-password
-  namespace: immich
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault-backend
-  target:
-    name: immich-postgres-password
-    creationPolicy: Owner
-  data:
-    - secretKey: password
-      remoteRef:
-        key: databases/postgresql
-        property: PASSWORD

umami/kustomization.yaml

@@ -1,5 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- vault/umami-password.yaml
+- manifests/secret.yaml
 - manifests/ingress.yaml