From 772d907b432a7b39deb19d27e67e7e32b53c6330 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Sat, 4 Nov 2023 20:37:46 +0100 Subject: [PATCH] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20onepassword-connect=20app-?= =?UTF-8?q?template=20v2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../stores/kustomization.yaml | 6 +- .../{ => onepassword}/clustersecretstore.yaml | 1 - .../stores/{ => onepassword}/helmrelease.yaml | 60 ++++++++----------- .../stores/onepassword/kustomization.yaml | 9 +++ .../stores/onepassword/secret.sops.yaml | 30 ++++++++++ .../external-secrets/stores/secret.sops.yaml | 30 ---------- .../monitoring/gatus/app/helmrelease.yaml | 3 +- 7 files changed, 69 insertions(+), 70 deletions(-) rename kubernetes/apps/kube-system/external-secrets/stores/{ => onepassword}/clustersecretstore.yaml (95%) rename kubernetes/apps/kube-system/external-secrets/stores/{ => onepassword}/helmrelease.yaml (69%) create mode 100644 kubernetes/apps/kube-system/external-secrets/stores/onepassword/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/external-secrets/stores/onepassword/secret.sops.yaml delete mode 100644 kubernetes/apps/kube-system/external-secrets/stores/secret.sops.yaml diff --git a/kubernetes/apps/kube-system/external-secrets/stores/kustomization.yaml b/kubernetes/apps/kube-system/external-secrets/stores/kustomization.yaml index 449c82881..639170d49 100644 --- a/kubernetes/apps/kube-system/external-secrets/stores/kustomization.yaml +++ b/kubernetes/apps/kube-system/external-secrets/stores/kustomization.yaml @@ -1,9 +1,7 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json +# yaml-language-server: $schema=https://json.schemastore.org/kustomization apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kube-system resources: - - ./clustersecretstore.yaml - - ./helmrelease.yaml - - ./secret.sops.yaml + - ./onepassword diff --git a/kubernetes/apps/kube-system/external-secrets/stores/clustersecretstore.yaml b/kubernetes/apps/kube-system/external-secrets/stores/onepassword/clustersecretstore.yaml similarity index 95% rename from kubernetes/apps/kube-system/external-secrets/stores/clustersecretstore.yaml rename to kubernetes/apps/kube-system/external-secrets/stores/onepassword/clustersecretstore.yaml index a1ba67421..b72c8f5af 100644 --- a/kubernetes/apps/kube-system/external-secrets/stores/clustersecretstore.yaml +++ b/kubernetes/apps/kube-system/external-secrets/stores/onepassword/clustersecretstore.yaml @@ -4,7 +4,6 @@ apiVersion: external-secrets.io/v1beta1 kind: ClusterSecretStore metadata: name: onepassword-connect - namespace: kube-system spec: provider: onepassword: diff --git a/kubernetes/apps/kube-system/external-secrets/stores/helmrelease.yaml b/kubernetes/apps/kube-system/external-secrets/stores/onepassword/helmrelease.yaml similarity index 69% rename from kubernetes/apps/kube-system/external-secrets/stores/helmrelease.yaml rename to kubernetes/apps/kube-system/external-secrets/stores/onepassword/helmrelease.yaml index 0339969b3..19edb3c71 100644 --- a/kubernetes/apps/kube-system/external-secrets/stores/helmrelease.yaml +++ b/kubernetes/apps/kube-system/external-secrets/stores/onepassword/helmrelease.yaml @@ -26,21 +26,19 @@ spec: uninstall: keepHistory: false values: - defaultPodOptions: - enableServiceLinks: false - securityContext: - runAsUser: 999 - runAsGroup: 999 controllers: main: - replicas: 2 - strategy: RollingUpdate annotations: reloader.stakater.com/auto: "true" + pod: + securityContext: + runAsUser: 999 + runAsGroup: 999 containers: main: image: - repository: docker.io/1password/connect-api + # repository: docker.io/1password/connect-api + repository: ghcr.io/haraldkoch/onepassword-connect-api tag: 1.7.2 env: OP_BUS_PORT: "11220" @@ -50,7 +48,7 @@ spec: valueFrom: secretKeyRef: name: onepassword-connect-secret - key: 1password-credentials.json + key: onepassword-credentials.json probes: liveness: enabled: true @@ -79,37 +77,31 @@ spec: limits: memory: 100Mi sync: + # image: docker.io/1password/connect-sync:1.7.0 image: - repository: docker.io/1password/connect-sync + repository: ghcr.io/haraldkoch/onepassword-sync tag: 1.7.2 env: - OP_HTTP_PORT: &port 8081 - OP_BUS_PORT: 11221 - OP_BUS_PEERS: localhost:11220 - OP_SESSION: + - { name: OP_HTTP_PORT, value: &sport 8081 } + - { name: OP_BUS_PORT, value: "11221" } + - { name: OP_BUS_PEERS, value: "localhost:11220" } + - name: OP_SESSION valueFrom: secretKeyRef: name: onepassword-connect-secret - key: 1password-credentials.json - probes: - readinessProbe: - httpGet: - path: /health - port: *port - initialDelaySeconds: 15 - livenessProbe: - httpGet: - path: /heartbeat - port: *port - failureThreshold: 3 - periodSeconds: 30 - initialDelaySeconds: 15 - resources: - requests: - cpu: 5m - memory: 10Mi - limits: - memory: 100Mi + key: onepassword-credentials.json + readinessProbe: + httpGet: + path: /health + port: *sport + initialDelaySeconds: 15 + livenessProbe: + httpGet: + path: /heartbeat + port: *sport + failureThreshold: 3 + periodSeconds: 30 + initialDelaySeconds: 15 service: main: ports: diff --git a/kubernetes/apps/kube-system/external-secrets/stores/onepassword/kustomization.yaml b/kubernetes/apps/kube-system/external-secrets/stores/onepassword/kustomization.yaml new file mode 100644 index 000000000..449c82881 --- /dev/null +++ b/kubernetes/apps/kube-system/external-secrets/stores/onepassword/kustomization.yaml @@ -0,0 +1,9 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: + - ./clustersecretstore.yaml + - ./helmrelease.yaml + - ./secret.sops.yaml diff --git a/kubernetes/apps/kube-system/external-secrets/stores/onepassword/secret.sops.yaml b/kubernetes/apps/kube-system/external-secrets/stores/onepassword/secret.sops.yaml new file mode 100644 index 000000000..c7b20c5eb --- /dev/null +++ b/kubernetes/apps/kube-system/external-secrets/stores/onepassword/secret.sops.yaml @@ -0,0 +1,30 @@ +# yamllint disable +apiVersion: v1 +kind: Secret +metadata: + name: onepassword-connect-secret + namespace: kube-system +type: Opaque +stringData: + onepassword-credentials.json: ENC[AES256_GCM,data:vVOz94aHx8jMRGQNw1a0Sio0HI7AVNT9r0nkdaRyRop/20e4lvNU+PyfnlskTdya0Ty62mZNH78Uj2+vXIgh8z5ROzulLx61MKdKSEfQqwwnbZ5mPIgZT6QHTtG/pXHj2IUGW7m0v173avxtpq0PPr5sum9Eg1QNnTSqgSwmmD3D0Q0lY0mxbYA7x5ERd6354nTqV+93f2RHNZ0JIYG72L3xMn+TdaO4TfgmZRSjXsRGCOhfISdEg69d4/NHMAQOSkDT6eoAlbIco5Tel7n4BxGi8Je+EH4J/HdzeHNtQliJuAwXXsrYWS2qaJxoBXTPuBeuVZYohoRUcF2qH8uHYINDR7mrHiByCvtxxKXs33hLTbAHUhCnMUJ4hLqyWZ/tnH5w/EdsSlsMpPVEyBc6xOZZrmL40M4b4M+O++Hoah0Bv2zw3K9JR5EwP6fezuNq0YP6hb9nds9UfZ6RsIAsOKWDt7MaO/cLMRU/0eqCgKX4tnJUM3+t+ns/p27iKGyn4DFtj3HA7wPYmuPfTDhFmA0exG3PaSsV6ITVzbrScqtPyEU8QyWdk5IAUPccZlyWTRr7CKYXtXzbUeYCGmNNsa3VuVKMRoAXTpgT6+ww0h+BVkquednurlgtUNX+nPA7vzIzPuHoQUWZbDL/kGq1rEPHF3MGwkNjLyRvMbh412n5916eNQ+r+0ZN8SZ2SoWN4IRAfa99gXlcBmZ04zPvDIhKJtFwrLgtfnqiqi2FAcILZhNFBv2uxcEFlZ1iKDdJTmue/JPuG4L3hqMcVRuKWSjJSsdYBs4GY4YLy4u+vOeh1hqIzW8zHonh7ukOA/5UfUx/O8OQ+cXY/4bZQgBuLUXaGzT/CLsrdoWW2/Ks7tvcAgJBXxXWHk0PWjLo+OQYbmM5aIjHAJY3uGiq4rjKQbAtaJUUu5dzMDnGdOnh86TJet4bSt6jF6ainaNjYNc4MaJX5zVC7mj78iBvzFa7BfzSzp47hPo3w5OS3/XvJQ1ch15DmDpu2t7MEqxE0KL8qxM0IbcDdC5nVUEBsxqTNndBlwl2a6rPSoukCwf3VBQ5dzbTisxaHyWz5XFbxWhYCtaofrN0opxBH2Abh1oUu6bFFIOsD2iXgtL+GcD+w0LjpTqP54TXRXNXK/IEwNhxuCYQ2skCzBEwQIMd370GF8tGy4jo9ttH3KYR50C6Ugw5ZQc9PcbOEisMSdvOvXl99CDHCbpXdv2nnDSWZ1XZVeiPdymBClMAXzOigaWD/p8YjM8PXOW6Ik7pM4/nIhtzrBaZCehrzntnjevfxAOBgviu4FKWBO4JognerlP/MAjL49P3EDYoy0karHMlCL+UZu2FHkoixM40gG5bQx2bMGUZ9nkzYM1nJz4i2PDQMQi7Mxi0wRi4WOFsRgl9c7gH1Ws6c+Z0O3Uul4pN7NCLtd5hqmYtqUeXIa/egaR9Buv5gmkGnF5+kPu5g5x04yc2UUIGpsD/V05B8jIp3DmMmQSO4Sa3+8c6F4n91QCe74U7Q3zlN59PFYc/Cx9kal80vphAwJ/lRfvlws1OXPtOUKe7iy0VcjJblNAtZwJTpdYE/tJtCBteeIfah9/wPBKSqrzJ4kXz8DldPiCUmWyVcWqjakZT5kYqlgxlk6Nt8/Pu1Tgwpgkl4vzlRhyvuRLfq7jkb78iR0yhPJBT/gBO+RRG/NRZTeYYzGMr/ZRVsOUfPzjnhsTfZTZO5g5SIUT0oCmTnkN440tSGXtW61d/PNSJKH2Wutt6lV+cGkTuHmgRatmh7to0YohrfJcLq19IygUh3QckK0tLCo/DTRjbE7NH1UkqzvDew0NNY+GsrhHMA4wBixQ2UFr6D7Hqx5mkIn/UXTJyXbuLrTHnZ8XfDCZ9HHm5c4nP85vXHxP0f81P6aN4OPArLRKpiGhDdhmCDOFE0kDsjjN5JsXg,iv:6yAbNoRVVpX+IQjCbktN/ukB8a+bhOOAEd45rxgaJYQ=,tag:S3Mi7dKSyxW/OAzkE2GWtA==,type:str] + token: ENC[AES256_GCM,data:B495oipwauim95T+fQpk3nGP2xl4oJJK4ZMzoPrudodV7KbzMfkQ/HkPZuka/Vdodad7wMenCj7Knucbc7NTDZdtCjPeKDYdGr+wimhiRF9N0jKS3dxu1mwWcgU8V5xpqYeDv+kKZ1L62NUjDDCtSzL3mXEcFdeNzKLaD1y17ek2RYvL9fm0+7J8rdeoG0t1UDaTgh17Jgo3uLclUfy+uygmo8uqAk8nP3ZRYg+4o4O6phx/5uKh87kgIliFT3IvEZ4zWerlnNfPdn2U4GbgMFjlhtuGIWj+5PN13vKY9sUN+wT3fQKOBhz2J5wXOR9Mg51n3+d6cnMS7ubFssGGHlid0UE5r9LcFSfpuBooUv/jCHAgh8omSI4/D6l4SwiQloyxhJLEBze94t+IlClgv8/P2ZLYCc4OrbnhB9AtN9V97aKvDiOw5vEPMhz4QGZ+zO71+lHF22FNS9ZSqMMe1pJrzSyatkdVCWaiRSPEEShspad+3QbJIxIRXDwpxfL/wAk/To521LjeN22dIi0GvGhz3SRFwhMv1eRoZlaHOoX4/r6CnTkeVLxZJFzd2l06Yz+XybvgDusoRHB3v1ClJ1agg8BNdJW9au2XaqzQQm3bhlQWOmWFP+8WnE4ZyRnWEG3PiMVw882wb7IOZDGnuQBKFWC/NHL5TgJIOngeBer7KeIMnRo0tf5EQG05exB+C+bvHfHiIxCr+M9SAnszOjOR3c9U3U1a1gcWgz57Pe8IZdUQdmw+U5IQhathjpYhM7ba4MdZtz+q7iDj146ZbxkyrZDZFuLRXgtoWQI2fi/wiRJXhLO5KM5BoV1J8WaQH7W7uddSVohhjAYQYOLJBCrX,iv:9oUq1Z2LcmZoQUagqKcBMPU71w6PUKjgZVdZ/cW8yHI=,tag:uyvbfEDgsUcAEekz5DL32w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2 + bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC + VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw + OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+ + LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-11-04T20:05:48Z" + mac: ENC[AES256_GCM,data:lC84PU9/+I2xnJLgcYaso8EoQMqPWxM1jNubUy/iHFiF6zsqJ++xxghwnSPo5Qhdki2vtZE64Upq466/E8waZUoPwwYDDWdficu7r9rH+ToHjOX0LJd0j80wnuluu13hvABhanfS/nJAL7N21mFuSSMD2Duj+Qfzpp+NgQzmrbM=,iv:1P/SKfoAw/0gtiukbVvinNBk4wzhCxHGOe2GNfI1Xbc=,tag:BcTwlvsor9h1n6vM9gpLOw==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/apps/kube-system/external-secrets/stores/secret.sops.yaml b/kubernetes/apps/kube-system/external-secrets/stores/secret.sops.yaml deleted file mode 100644 index c1fd196b6..000000000 --- a/kubernetes/apps/kube-system/external-secrets/stores/secret.sops.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# yamllint disable -apiVersion: v1 -kind: Secret -metadata: - name: onepassword-connect-secret - namespace: kube-system -type: Opaque -stringData: - 1password-credentials.json: ENC[AES256_GCM,data:CVn/+8EPvY4PS1K7HAV6jnaswdOh3qwhhv/w3tusoGnFBR9OjydtpyvHB8q2uVuPMbpeQLh/2e0Ln3aK+3MLAuCtapvb235g85foRmxV7CbFWOsBRtXncMg62pfARz6+2qu2G5/Xk20tQXPRF+N3848DHIyrIk7XNtwnxAaTn6Wkg2lM+mnPW0TnaO8V7MbZe7ukPsEIOTYfyf8Yh0JXr559O79jzEwt8LQHEpEDYVHW+P0r2I11ZbKQoyrGkbzIbo+jPeQ1QXPUcjB2me8YAsY0swSg+3yfN0eA7Kxtzy3hSf+DNo8sIYxQyTD6sj2+vwVkxzrUA5YOghTOyNMh791mXdNGQ7NPtH4nmBClHSBO2vOPK6EevJ9KfAtuXiMVYDk9nKijcdTopTMD04ifZMTLe+b/2ZLE8oi81NkYyqzBk7Kw6ggBx0GoNebx/BbznrS5cDTp4GbLLz51Xg8G8OZi44+L2xqcMnrePp4/nVbOZAf6OJva084zl5sTxSXox2RMYbsfyXK/RdacCX+G2PQjWOzj8ibxJEYLxAj8l6LmnjfGe4kFu1D4qR+adyVxGQPPVgmq4N7g/qRCYhCEivtb1YDYjo5NleZrsrFR0Km/23hX56e/49laRmuluFQJ5jocKCstkYUx1Txk6d5hEYCm5BZ5Ir8+OdmpBaN2ejBR8L9vT4zUwj2NN5mxps6RTvS8Vx1jk0sDvNYYBuZ7LGgnBBvRrSjHc3dxoADxS4aWyfGE7ApqZUlTsaSqdxvEeoSjdCLLlS5Bg3fc+5h0EB/wZIgPbKz8Gcnx51JsDdQVlUT79oDCS636D30t41tHAmFy5DwnaB2fjlNDb6urdPrtql7sczatJ+d1hZLqBpKxTp1jUaKz2gsDTGoMN0EAKZIgcHZbFddnM0QfR1T66VWalxmJ+BQYKEHEvCt7gatAJDRtDQreE1pGRmNfyk96DWGi8L1phsuVKf/oH77BQR3qC9VbrvoTEXlJfZ+n3nMuEw/DKJDA3enhu1FhhI7VJfV7sLLs7gnXlWuP7wxTswrSvzpavnz18jHRsquX36oUQIL169BElAm1GyOER1IXKe3p5vLVovww0v3CF1HUtL4Laqa8ntq7UWjUKsmXmTMttsQMne8XiejYrZ0EkMekTZEFfrOU4uFgQ32xdZy3sK0mWNX82J64WmsFGEgQYvBgZLcAIzAnNbwcZoUFbtFYRZKXmSbA6ycjny4DXgQGgSQxKMbT7lRJKhu3zaAG5sUg7RxvuyNBHwCLLNCLYlQcJKUWeVl0rpmo8kLrTfP0jDZCVuG1KNRpofppYTGS6eeg60Nu7u7PgBcenQuZu4nilrMOKXlhbpY0Yx2ICCqywqJ78iK6j/Q/OoygPI2nNkyz2iloy3Zl4D3aWQbFrXTVbZn6bsqVD3hGyAzv/M5lAv/XIFUlg46nSjquqlQ7R/H6fMKOktwCHq2m8sGr6/EyL7tuWze2F2WWLFo90vjaFZzI7kQr5/pza7egLLKwR0MmjMJmr1Z58cznyO3cWCsVdAd3k8rK3nxaE534SQKjILWf+ba+2Vya8cChl5YmQXIYt/TWDS+pm1S700uJWriJ0mHhJIyJj0qS3SC7D6GuusR+KuCG/ivtUQUTmDKPQOYxuAvrFYSBAdGq5+JsJdOUdwrsNUdVqkLaLMgQhpz+vcDkZDtAxetHVX8+zD0Wectld+GmTX7UuKz28WIMKReicThTWZd0sAw4y+9HL7B5oiiBzNF3dDl6blx+zqjZ379aIkjVMM+JvFxlxZHyhq9GmWQcrhl78No/gquIQfVky8kuTGGBvJVfkiPUr5jSQllSLAFro85f6N115/bx1FBwMdNQudm72EmOsoyBHPDUfZNbr55H94f//byapLA58z6AbpGX7Y9+azRgKnXedsYkpCqDy4tfGuTXZWSe,iv:YNrdv6G3GDUf3CSnagRjB6Jh/SyYC74t/GTHgFQ93oM=,tag:qgr9oUt9OQR0AaKi04lCVQ==,type:str] - token: ENC[AES256_GCM,data:B495oipwauim95T+fQpk3nGP2xl4oJJK4ZMzoPrudodV7KbzMfkQ/HkPZuka/Vdodad7wMenCj7Knucbc7NTDZdtCjPeKDYdGr+wimhiRF9N0jKS3dxu1mwWcgU8V5xpqYeDv+kKZ1L62NUjDDCtSzL3mXEcFdeNzKLaD1y17ek2RYvL9fm0+7J8rdeoG0t1UDaTgh17Jgo3uLclUfy+uygmo8uqAk8nP3ZRYg+4o4O6phx/5uKh87kgIliFT3IvEZ4zWerlnNfPdn2U4GbgMFjlhtuGIWj+5PN13vKY9sUN+wT3fQKOBhz2J5wXOR9Mg51n3+d6cnMS7ubFssGGHlid0UE5r9LcFSfpuBooUv/jCHAgh8omSI4/D6l4SwiQloyxhJLEBze94t+IlClgv8/P2ZLYCc4OrbnhB9AtN9V97aKvDiOw5vEPMhz4QGZ+zO71+lHF22FNS9ZSqMMe1pJrzSyatkdVCWaiRSPEEShspad+3QbJIxIRXDwpxfL/wAk/To521LjeN22dIi0GvGhz3SRFwhMv1eRoZlaHOoX4/r6CnTkeVLxZJFzd2l06Yz+XybvgDusoRHB3v1ClJ1agg8BNdJW9au2XaqzQQm3bhlQWOmWFP+8WnE4ZyRnWEG3PiMVw882wb7IOZDGnuQBKFWC/NHL5TgJIOngeBer7KeIMnRo0tf5EQG05exB+C+bvHfHiIxCr+M9SAnszOjOR3c9U3U1a1gcWgz57Pe8IZdUQdmw+U5IQhathjpYhM7ba4MdZtz+q7iDj146ZbxkyrZDZFuLRXgtoWQI2fi/wiRJXhLO5KM5BoV1J8WaQH7W7uddSVohhjAYQYOLJBCrX,iv:9oUq1Z2LcmZoQUagqKcBMPU71w6PUKjgZVdZ/cW8yHI=,tag:uyvbfEDgsUcAEekz5DL32w==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2 - bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC - VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw - OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+ - LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-08T20:16:14Z" - mac: ENC[AES256_GCM,data:tqmsruedE0vkv2Ueb33p5623Fwhp801fB17I9S+qf+DoGge7JHd4gy1T7eCdL9LjOQNw9uCaKBn6tXH8QQNBpfyfTViHOW/K+nQa3CaQf4lc/Y1IUEaX+/8WRGBm5lAVRpzTHyZ8ytotDXUmyVvgfFLu7UPbyGBOtz0CDp1UIVE=,iv:1DsenhxEQkuSxvUAvo9aFBgwx9026nqack627dH0yzs=,tag:Ha/Trnl9Ndyi1pWpGUsObA==,type:str] - pgp: [] - encrypted_regex: ^(data|stringData)$ - version: 3.7.3 diff --git a/kubernetes/apps/monitoring/gatus/app/helmrelease.yaml b/kubernetes/apps/monitoring/gatus/app/helmrelease.yaml index 82f8fddd1..135bbd2fc 100644 --- a/kubernetes/apps/monitoring/gatus/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/gatus/app/helmrelease.yaml @@ -41,7 +41,7 @@ spec: envFrom: &envFrom - secretRef: name: gatus-secret - config-sync: + init-config: order: 2 image: &configSyncImage repository: ghcr.io/kiwigrid/k8s-sidecar @@ -69,6 +69,7 @@ spec: GATUS_CONFIG_PATH: /config CUSTOM_WEB_PORT: &port 8080 SECRET_CLUSTER_DOMAIN: ${SECRET_CLUSTER_DOMAIN} + envFrom: *envFrom resources: requests: cpu: 10m