applications/headlamp/manifests/external-secret.yaml

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: headlamp-oidc
  namespace: headlamp
spec:
  refreshInterval: 1h
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault-backend
  target:
    name: headlamp-oidc
    creationPolicy: Owner
    template:
      engineVersion: v2
      data:
        OIDC_CLIENT_ID: headlamp
        OIDC_CLIENT_SECRET: "{{ .clientSecret }}"
        OIDC_ISSUER_URL: https://auth0213.kro.kr
        OIDC_SCOPES: "openid profile email"
        OIDC_VALIDATOR_CLIENT_ID: headlamp
        OIDC_VALIDATOR_ISSUER_URL: https://auth0213.kro.kr
  data:
    - secretKey: clientSecret
      remoteRef:
        key: security/authelia
        property: HEADLAMP_CLIENT_SECRET