apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
    name: {{ include "..fullname" . }}-ex-gl-secret
    labels:
        {{- include "..labels" . | nindent 8 }}
spec:
  refreshInterval: 4h
  secretStoreRef:
    kind: ClusterSecretStore
    name: az-cluster-store
  target:
    name: global-secrets
    creationPolicy: Orphan
    template:
      metadata:
        labels:
          app.kubernetes.io/managed-by: External-Secrets
  data:
    - secretKey: COMPOSER_AUTH
      remoteRef:
        key: secret/GITLAB-COMPOSER-AUTH
    {{- if eq (.Values.email.smtpServer | default "smtp2go" ) "smtp2go" }}
    - secretKey: SMTP_USER
      remoteRef:
        key: secret/SMTP-USER
    - secretKey: SMTP_PASS
      remoteRef:
        key: secret/SMTP-PASSWORD
    - secretKey: SMTP_HOST
      remoteRef:
        key: secret/SMTP-HOST
    {{- else }}
    - secretKey: SMTP_USER
      remoteRef:
        key: secret/AWS-SMTP-USER
    - secretKey: SMTP_PASS
      remoteRef:
        key: secret/AWS-SMTP-PASSWORD
    - secretKey: SMTP_HOST
      remoteRef:
        key: secret/AWS-SMTP-HOST
    {{- end }}
    - secretKey: WPC_REGISTRATION_SECRET
      remoteRef:
        key: secret/WPC-REGISTRATION-SECRET
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: {{ include "..fullname" . }}-ex-pull-secret
  labels:
    {{- include "..labels" . | nindent 8 }}
spec:
  refreshInterval: 4h
  secretStoreRef:
    kind: ClusterSecretStore
    name: az-cluster-store
  target:
    name: pull-secret
    template:
      metadata:
        labels:
          app.kubernetes.io/managed-by: External-Secrets
      type: kubernetes.io/dockerconfigjson
      data:
        .dockerconfigjson: "{{`{{ .dockerconfig | toString }}`}}"
    creationPolicy: Orphan
  data:
    - secretKey: dockerconfig
      remoteRef:
        key: secret/CLDY-CR-PULL-TOKEN