Install

CLUSTER_NAME=gmst-eks-cluster
REGION=ap-northeast-2
ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)

helm repo add external-secrets <https://charts.external-secrets.io>

helm install external-secrets \\
   external-secrets/external-secrets \\
    -n external-secrets \\
    --create-namespace

secret-policy.json

aws iam create-policy \\
  --policy-name skills-secretsmanager-policy \\
  --policy-document file://secret-policy.json

eksctl utils associate-iam-oidc-provider --cluster $CLUSTER_NAME --approve --region $REGION

eksctl create iamserviceaccount \\
  --cluster $CLUSTER_NAME \\
  --region $REGION \\
  --namespace skills \\
  --name aws-external-secret-manager \\
  --attach-policy-arn arn:aws:iam::003150130236:policy/skills-secretsmanager-policy \\
  --approve

external.yaml

시크릿 매니저가 KMS 사용하는 경우