---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
  name: cluster-name-external-secrets-config
  namespace: flux-system
spec:
  dependsOn:
  - name: cluster-name-external-secrets
  interval: 30s
  path: ./tools-config/external-secrets
  prune: true
  sourceRef:
    kind: GitRepository
    name: flux-system
  healthChecks:
  - kind: Secret
    apiVersion: v1
    name: sealed-secrets
    namespace: sealed-secrets
  - kind: ServiceAccount
    apiVersion: v1
    name: aws-secrets-manager
    namespace: sealed-secrets
  kubeConfig:
    secretRef:
      name: cluster-name-eks-connection
  validation: client
  timeout: 2m
  patches:
    - target:
        group: ""
        kind: ServiceAccount
        version: v1
        name: aws-secrets-manager
        namespace: sealed-secrets
      patch: |-
        - op: replace
          path: /metadata/annotations
          value:
            eks.amazonaws.com/role-arn: arn:aws:iam::${ACCOUNT_ID}:role/external-secrets-role-cluster-name
  postBuild:
    substituteFrom:
      - kind: ConfigMap
        name: cluster-info-cluster-name
        optional: false
---