apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: alertmanager-smtp namespace: alertmanager spec: refreshInterval: 1h secretStoreRef: kind: ClusterSecretStore name: vault-backend target: name: alertmanager-smtp creationPolicy: Owner data: - secretKey: smtp_auth_password remoteRef: key: monitoring/alertmanager property: SMTP_PASSWORD --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: alertmanager-config namespace: alertmanager spec: refreshInterval: 1h secretStoreRef: kind: ClusterSecretStore name: vault-backend target: name: alertmanager-config creationPolicy: Owner template: engineVersion: v2 data: alertmanager.yml: | global: resolve_timeout: 5m smtp_smarthost: "smtp.mail.me.com:587" smtp_from: "bluemayne0213@icloud.com" smtp_auth_username: "bluemayne0213@icloud.com" smtp_auth_password: "{{ .smtp_password }}" smtp_require_tls: true route: group_by: ["alertname", "cluster", "service"] group_wait: 30s group_interval: 5m repeat_interval: 4h receiver: "email" routes: - match: severity: critical receiver: "email" group_wait: 10s repeat_interval: 1h - match: severity: warning receiver: "email" group_wait: 1m repeat_interval: 4h - match: alertname: Watchdog receiver: "null" receivers: - name: "email" email_configs: - to: "bluemayne0213@icloud.com" send_resolved: true headers: subject: "[{{ "{{" }} .Status | toUpper {{ "}}" }}] {{ "{{" }} .CommonLabels.alertname {{ "}}" }}" - name: "null" inhibit_rules: - source_match: severity: "critical" target_match: severity: "warning" equal: ["alertname", "cluster", "service"] data: - secretKey: smtp_password remoteRef: key: monitoring/alertmanager property: SMTP_PASSWORD