fix: add esos

butler54 · butler54 · commit 1c1d32cb1b57 · 2025-09-01T14:16:07.000+10:00
Signed-off-by: Chris Butler &lt;chris.butler@redhat.com&gt;
diff --git a/charts/hub/trustee/templates/push-secret.yaml b/charts/hub/trustee/templates/push-secret.yaml
@@ -20,8 +20,8 @@ spec:
         remoteRef:
           remoteKey: "pushsecrets/kbs-tls-self-signed" # Remote reference (where the secret is going to be pushed)
           property:  key
-    # - match: 
-    #     secretKey: tls.crt # Source Kubernetes secret key to be pushed
-    #     remoteRef:
-    #       remoteKey: "hub/kbs-tls-self-signed"
-    #       property:  certificate # Remote reference (where the secret is going to be pushed 
+    - match: 
+        secretKey: tls.crt # Source Kubernetes secret key to be pushed
+        remoteRef:
+          remoteKey: "pushsecrets/kbs-tls-self-signed"
+          property:  certificate # Remote reference (where the secret is going to be pushed 
diff --git a/charts/hub/trustee/templates/tls-cert-eso.yaml b/charts/hub/trustee/templates/tls-cert-eso.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: ExternalSecret
+metadata: 
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+  name: tls-cert-eso
+  namespace: trustee-operator-system
+spec:
+  refreshInterval: 15s
+  secretStoreRef:
+    name: {{ .Values.secretStore.name }}
+    kind: {{ .Values.secretStore.kind }}
+  target:
+    name: kbs-https-certificate
+    template:
+      type: Opaque
+    data:
+      tls.crt: >-
+       {{ printf "{{ .data.TLSCERT | toString }} }}" }}
+  data:
+    - secretKey: TLSCERT
+      remoteRef:
+        key: 'secret/data/pushsecrets/kbs-tls-self-signed'
+        property: certificate
+
+
diff --git a/charts/hub/trustee/templates/tls-key-eso.yaml b/charts/hub/trustee/templates/tls-key-eso.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: ExternalSecret
+metadata: 
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+  name: tls-key-eso
+  namespace: trustee-operator-system
+spec:
+  refreshInterval: 15s
+  secretStoreRef:
+    name: {{ .Values.secretStore.name }}
+    kind: {{ .Values.secretStore.kind }}
+  target:
+    name: kbs-https-key
+    template:
+      type: Opaque
+    data:
+      tls.key: >-
+       {{ printf "{{ .data.TLSKEY | toString }} }}" }}
+  data:
+    - secretKey: TLSKEY
+      remoteRef:
+        key: 'secret/data/pushsecrets/kbs-tls-self-signed'
+        property: key
+
+
