External Secret Operator

REGION_CORD="us-east-1"
CLUSTER_NAME="hrdkorea-cluster"
POLICY_ARN=$(aws iam list-policies --query "Policies[?PolicyName=='secretsmanager-policy'].Arn"  --output text)

eksctl create iamserviceaccount \\
    --name external-secrets-cert-controller \\
    --region="$REGION_CORD" \\
    --cluster "$CLUSTER_NAME" \\
    --namespace=hrdkorea \\
    --attach-policy-arn "$POLICY_ARN" \\
    --override-existing-serviceaccounts \\
    --approve

helm repo add external-secrets <https://charts.external-secrets.io>

kubectl annotate serviceaccount external-secrets-cert-controller \\
  meta.helm.sh/release-name=external-secrets \\
  meta.helm.sh/release-namespace=hrdkorea \\
  -n hrdkorea \\
  --overwrite

kubectl label serviceaccount external-secrets-cert-controller \\
  app.kubernetes.io/managed-by=Helm \\
  -n hrdkorea \\
  --overwrite

cat > values.yaml <<EOF
{
  "installCRDs": true,
  "podLabels": {
    "skills/dedicated": "addon"
  },
  "webhook": {
    "podLabels": {
      "skills/dedicated": "addon"
    }
  },
  "certController": {
    "podLabels": {
      "skills/dedicated": "addon"
    }
  }
}
EOF

helm install external-secrets \\
   external-secrets/external-secrets \\
   -n hrdkorea \\
   -f values.yaml \\
   --set serviceAccount.create=false

apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
  name: aws-secrets
  namespace: hrdkorea
spec:
  provider:
    aws:
      service: SecretsManager
      region: us-east-1
      auth:
        jwt:
          serviceAccountRef:
            name: external-secrets-cert-controller

kubectl apply -f secretstore.yaml

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: rds-secaret
  namespace: hrdkorea
spec:
  refreshInterval: 24m
  secretStoreRef:
    name: aws-secrets
    kind: SecretStore
  target:
    name: db-credentials
    creationPolicy: Owner
  data:
    - secretKey: MYSQL_USER
      remoteRef:
        key: mysql/secret
        property: username
    - secretKey: MYSQL_PASSWORD
      remoteRef:
        key: mysql/secret
        property: password
    - secretKey: MYSQL_HOST
      remoteRef:
        key: mysql/secret
        property: host
    - secretKey: MYSQL_PORT
      remoteRef:
        key: mysql/secret
        property: port
    - secretKey: MYSQL_DBNAME
      remoteRef:
        key: mysql/secret
        property: dbname
    - secretKey: REGION
      remoteRef:
        key: mysql/secret
        property: aws_region