external-secrets: add vault store

cluster/core/external-secrets/external-secrets/kustomization.yaml

@@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - helm-release.yaml
+  - vault-secret-store

cluster/core/external-secrets/external-secrets/vault-secret-store.yaml

@@ -0,0 +1,26 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: ClusterSecretStore
+metadata:
+  name: vault
+  namespace: external-secrets
+spec:
+  provider:
+    vault:
+      server: "http://10.42.42.6:8200"
+      path: "k8s"
+      version: "v2"
+      auth:
+        # VaultAppRole authenticates with Vault using the
+        # App Role auth mechanism
+        # https://www.vaultproject.io/docs/auth/approle
+        appRole:
+          # Path where the App Role authentication backend is mounted
+          path: "approle"
+          # RoleID configured in the App Role authentication backend
+          roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0"
+          # Reference to a key in a K8 Secret that contains the App Role SecretId
+          # (not commited in git)
+          secretRef:
+            name: "vault-secret-id"
+            namespace: "external-secrets"
+            key: "secret-id"