ThomasBuchinger
commented
2 years ago - Remove unused Secrets after moving Vault from external to internal storage
- Document how to rotate PublicKey for SealedSecrets
- Add Cert-Manager with Cloudflare DNS challenge
- Move Applications to HTTPS
- Add ExternalSecrets ClusterSecretStore to move Secrets between Namespaces
- Remove explicit dependencies between Flux Objects (faster, when dependency did not change, but fails when depencendy has a required change)
- Move components that install CRDs to a common infra-resource
- Tested on a fresh cluster
- Drastically improve Vault Startup-Secrets
- Add ability store Secrets in Vault on the fly, instead of Startup only
- Vault no longer has a root-token, as it is not necessary with local backend and kubernetes auth