use external secrets for backup cloudflared + traefik

backup/cloudflared/cloudflared.yaml

@@ -68,3 +68,26 @@ data:
       path: /notifications/hub.*
       service: http://vaultwarden-service.vaultwarden.svc.cluster.local:3012
     - service: http_status:404
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: tunnel-credentials
+  namespace: kube-system
+spec:
+  target:
+    name: tunnel-credentials
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        credentials.json: |-
+          {{ .credentials }}
+  data:
+    - secretKey: credentials
+      sourceRef:
+        storeRef:
+          name: bitwarden-notes
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 4a0b91df-6fcb-4dc1-a0b7-b3f800730cc1

backup/traefik/external-secrets.yaml

@@ -0,0 +1,34 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: cloudflare-secrets
+  namespace: kube-system
+spec:
+  target:
+    name: cloudflare-secrets
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        email: |-
+          {{ .email }}
+        api-key: |-
+          {{ .apikey }}
+  data:
+    - secretKey: email
+      sourceRef:
+        storeRef:
+          name: bitwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 6bf20ac6-c5c5-4c72-96eb-b3f800752799
+        property: username
+    - secretKey: apikey
+      sourceRef:
+        storeRef:
+          name: bitwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 6bf20ac6-c5c5-4c72-96eb-b3f800752799
+        property: password