diff --git a/kubernetes/cluster-0/apps/authentication/authelia/helm-release.yaml b/kubernetes/cluster-0/apps/authentication/authelia/helm-release.yaml index 7d8c22e24..bffe5345f 100644 --- a/kubernetes/cluster-0/apps/authentication/authelia/helm-release.yaml +++ b/kubernetes/cluster-0/apps/authentication/authelia/helm-release.yaml @@ -32,12 +32,14 @@ spec: controller: replicas: 2 strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" image: repository: ghcr.io/authelia/authelia tag: 4.37.2 envFrom: - secretRef: - name: *app + name: authelia-secret enableServiceLinks: false service: main: @@ -84,13 +86,10 @@ spec: config: enabled: true type: configMap - name: *app + name: authelia-configmap subPath: configuration.yml mountPath: /config/configuration.yml readOnly: false - podAnnotations: - configmap.reloader.stakater.com/reload: *app - secret.reloader.stakater.com/reload: *app topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname diff --git a/kubernetes/cluster-0/apps/authentication/authelia/kustomization.yaml b/kubernetes/cluster-0/apps/authentication/authelia/kustomization.yaml index 891e18284..63824a470 100644 --- a/kubernetes/cluster-0/apps/authentication/authelia/kustomization.yaml +++ b/kubernetes/cluster-0/apps/authentication/authelia/kustomization.yaml @@ -9,7 +9,7 @@ patchesStrategicMerge: - patches/env.yaml - patches/postgres.yaml configMapGenerator: - - name: authelia + - name: authelia-configmap files: - config/configuration.yml generatorOptions: diff --git a/kubernetes/cluster-0/apps/authentication/authelia/patches/postgres.yaml b/kubernetes/cluster-0/apps/authentication/authelia/patches/postgres.yaml index ca2a2b43b..6d9857665 100644 --- a/kubernetes/cluster-0/apps/authentication/authelia/patches/postgres.yaml +++ b/kubernetes/cluster-0/apps/authentication/authelia/patches/postgres.yaml @@ -22,10 +22,10 @@ spec: - name: POSTGRES_USER valueFrom: secretKeyRef: - name: authelia + name: authelia-secret key: AUTHELIA_STORAGE_POSTGRES_USERNAME - name: POSTGRES_PASS valueFrom: secretKeyRef: - name: authelia + name: authelia-secret key: AUTHELIA_STORAGE_POSTGRES_PASSWORD diff --git a/kubernetes/cluster-0/apps/authentication/authelia/secret.sops.yaml b/kubernetes/cluster-0/apps/authentication/authelia/secret.sops.yaml index 7384707b8..6d72930fc 100644 --- a/kubernetes/cluster-0/apps/authentication/authelia/secret.sops.yaml +++ b/kubernetes/cluster-0/apps/authentication/authelia/secret.sops.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: authelia + name: authelia-secret namespace: default type: Opaque stringData: @@ -29,8 +29,8 @@ sops: Ny9OQ0l4ZXMrdW40NmRsbzgvZ0w5V3cKqTGvN5zk2TPgtxoVfwI7Wsz4N+lC9+Kq DCXTgTU/QXm9dvo4ErPPzeWFqdk4JchExhvSJV2JfM32O+3z+EGhNg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-09-13T21:14:03Z" - mac: ENC[AES256_GCM,data:ujW5w84/5GmwWvH8RdAoMdEXDNQptKhK0Whbd3Byg0o02NDA3SkQsMJsaSNG9Sp5CZnYxSBHdL1AT/1pldFsrxU7TcIpU1mh9zs4nf9B8x/9CEH/3fKSOZuHRKF56LHkqXLFbcC1o+GQHfg1zWlNFWBQ4ToPnqFlLneKFcHT/Sc=,iv:15KsYWcwbuCnsNOvjh7iMuv9gOsLnbvldUlUOl1l2eI=,tag:spHas6eWDLhcaK4cFStnww==,type:str] + lastmodified: "2022-12-01T22:11:20Z" + mac: ENC[AES256_GCM,data:XESKuMlJEXGzkbW1CnAoXxRONq3BqQT/Y9fi7Los+ILtHjo1lEHmj3yCSDhn7uVDQJALLu9pz/Ra36/gine7VUqJwooDV2OeWs7VvBmGTxLOxeH/24AipiAPnRYjXWQY0Zfh0/h0H88jJSB3D+bCMW+WpEWfdmHWMQ/Y54pQ3mQ=,iv:q0ALv44alplmtt2NKbRyVzy/yxoIQ9FUN1zLjEMViCU=,tag:Zq9r4Eo2UsGYTIscEdAMVQ==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 diff --git a/kubernetes/cluster-0/apps/authentication/glauth/helm-release.yaml b/kubernetes/cluster-0/apps/authentication/glauth/helm-release.yaml index c99ee0887..1f2adbf8f 100644 --- a/kubernetes/cluster-0/apps/authentication/glauth/helm-release.yaml +++ b/kubernetes/cluster-0/apps/authentication/glauth/helm-release.yaml @@ -25,6 +25,8 @@ spec: controller: replicas: 1 strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" image: repository: docker.io/glauth/glauth tag: v2.1.0 @@ -46,7 +48,7 @@ spec: config: enabled: true type: secret - name: *app + name: glauth-secret items: - key: server.toml path: server.toml @@ -54,8 +56,6 @@ spec: path: groups.toml - key: users.toml path: users.toml - podAnnotations: - secret.reloader.stakater.com/reload: *app resources: requests: cpu: 15m diff --git a/kubernetes/cluster-0/apps/authentication/glauth/kustomization.yaml b/kubernetes/cluster-0/apps/authentication/glauth/kustomization.yaml index f97aa7b1a..5424b642c 100644 --- a/kubernetes/cluster-0/apps/authentication/glauth/kustomization.yaml +++ b/kubernetes/cluster-0/apps/authentication/glauth/kustomization.yaml @@ -5,7 +5,7 @@ namespace: default resources: - helm-release.yaml secretGenerator: - - name: glauth + - name: glauth-secret files: - server.toml=config/server.sops.toml - groups.toml=config/groups.sops.toml diff --git a/kubernetes/cluster-0/apps/documentation/outline/helm-release.yaml b/kubernetes/cluster-0/apps/documentation/outline/helm-release.yaml index 66a9b075b..154fa2555 100644 --- a/kubernetes/cluster-0/apps/documentation/outline/helm-release.yaml +++ b/kubernetes/cluster-0/apps/documentation/outline/helm-release.yaml @@ -30,13 +30,20 @@ spec: controller: replicas: 1 strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" image: repository: docker.io/outlinewiki/outline tag: 0.66.3 envFrom: - secretRef: - name: *app - command: ["/bin/sh", "-c", "yarn db:migrate --env=production-ssl-disabled && yarn start --env=production-ssl-disabled"] + name: outline-secret + command: + [ + "/bin/sh", + "-c", + "yarn db:migrate --env=production-ssl-disabled && yarn start --env=production-ssl-disabled", + ] service: main: ports: @@ -54,8 +61,6 @@ spec: tls: - hosts: - *host - podAnnotations: - secret.reloader.stakater.com/reload: *app topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname diff --git a/kubernetes/cluster-0/apps/documentation/outline/patches/postgres.yaml b/kubernetes/cluster-0/apps/documentation/outline/patches/postgres.yaml index 2bedd2b1e..ea250655a 100644 --- a/kubernetes/cluster-0/apps/documentation/outline/patches/postgres.yaml +++ b/kubernetes/cluster-0/apps/documentation/outline/patches/postgres.yaml @@ -21,4 +21,4 @@ spec: key: password envFrom: - secretRef: - name: *app + name: outline-secret diff --git a/kubernetes/cluster-0/apps/documentation/outline/secret.sops.yaml b/kubernetes/cluster-0/apps/documentation/outline/secret.sops.yaml index 72ba56811..c9f3a82b3 100644 --- a/kubernetes/cluster-0/apps/documentation/outline/secret.sops.yaml +++ b/kubernetes/cluster-0/apps/documentation/outline/secret.sops.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: outline + name: outline-secret namespace: default type: Opaque stringData: @@ -28,8 +28,8 @@ sops: eGsyL3NhNS8xdUp0VlNQbWRYbHFLYW8KeMc82BlegMJMtAF/WGMbXhpf2MVvUP5q ehHCSwpe3a8WwXEBNu1u5IPcnMO4Fo5HhjLbMx6H1Ynd6KdyDXUKEg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-11-21T21:57:24Z" - mac: ENC[AES256_GCM,data:lUzi0Nwt37OKpExOjG+CqQp4QauxmNvDeYnl58AmKht4KXkBHCDBVlndGHjefnEdRzpI8cZzXFGT9kti8opu5mVYDKHd2iNrhSJlll9PoX9WCVuel33N+PLDI0QhxJwnNIAGcy5etc/B9pYRFySPW1EhCe373y7NWGwqz8nlFdQ=,iv:DAcEuKfG9G8kEOl+uqGor6VKRnaoHEjzJK1ukiZe02E=,tag:Q1EGxq/XCu6KLJd4Sg1YEw==,type:str] + lastmodified: "2022-12-01T22:25:43Z" + mac: ENC[AES256_GCM,data:/zmgGjJRYcDt4iXpLyDN2MA0FWxuQmmZNRggw0UX+IPgUrvGKmLpLsC3+0zhHUAwjANgWtQ5pJWHMuz1R39lOOBEcUBM4Re/ZTnyClDZIkxVC0WUrmTsj4spz719v9iwORYmTQujPW6bO9a/1KFNL5KjKqz/7Qx8Iu9MsCNfIfE=,iv:iUD51jsCdT4uBnWiAS20DITCdN1lov0Ibz3EacXNQOs=,tag:46LubofEdvYErTrgsgUGxg==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 diff --git a/kubernetes/cluster-0/apps/networking/smtp-relay/helm-release.yaml b/kubernetes/cluster-0/apps/networking/smtp-relay/helm-release.yaml index 366b251b8..872fb79a1 100644 --- a/kubernetes/cluster-0/apps/networking/smtp-relay/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/smtp-relay/helm-release.yaml @@ -25,6 +25,8 @@ spec: controller: replicas: 1 strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" image: repository: ghcr.io/foxcpp/maddy tag: 0.6.2 @@ -36,7 +38,7 @@ spec: SMTP_PORT: "465" envFrom: - secretRef: - name: *app + name: smtp-relay-secret service: main: type: LoadBalancer @@ -61,7 +63,7 @@ spec: config: enabled: true type: configMap - name: *app + name: smtp-relay-configmap subPath: maddy.conf mountPath: /data/maddy.conf readOnly: true @@ -71,9 +73,6 @@ spec: medium: Memory sizeLimit: 1Gi mountPath: /dev/shm - podAnnotations: - configmap.reloader.stakater.com/reload: *app - secret.reloader.stakater.com/reload: *app topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname diff --git a/kubernetes/cluster-0/apps/networking/smtp-relay/kustomization.yaml b/kubernetes/cluster-0/apps/networking/smtp-relay/kustomization.yaml index 917d59d93..effc59b5e 100644 --- a/kubernetes/cluster-0/apps/networking/smtp-relay/kustomization.yaml +++ b/kubernetes/cluster-0/apps/networking/smtp-relay/kustomization.yaml @@ -6,7 +6,7 @@ resources: - secret.sops.yaml namespace: default configMapGenerator: - - name: smtp-relay + - name: smtp-relay-configmap files: - maddy.conf generatorOptions: diff --git a/kubernetes/cluster-0/apps/networking/smtp-relay/secret.sops.yaml b/kubernetes/cluster-0/apps/networking/smtp-relay/secret.sops.yaml index 131a41ac6..9cdb8f0eb 100644 --- a/kubernetes/cluster-0/apps/networking/smtp-relay/secret.sops.yaml +++ b/kubernetes/cluster-0/apps/networking/smtp-relay/secret.sops.yaml @@ -3,7 +3,7 @@ kind: Secret apiVersion: v1 type: Opaque metadata: - name: smtp-relay + name: smtp-relay-secret namespace: default stringData: SMTP_PASSWORD: ENC[AES256_GCM,data:Yf/FCPWceNJadwSaTvNXug==,iv:eErTrc6gWkClzoMmLgkz6xgaUA/W7cZoxhgGeCuHPyk=,tag:HYWJN3imrt/Umv4NREuQpg==,type:str] @@ -22,8 +22,8 @@ sops: U003SkswTXRYaUdWYzVRL2oxb2RGdEEKQojCy0af9JFKnKSYQhT2C1sXIBjfKjEz b7/1MAC99t37PRSsyh+ALf6DctqxysHKpG6Ku/RAchPqd2MwtIjWlQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-09-13T20:15:28Z" - mac: ENC[AES256_GCM,data:PwHnx7chnuV4lmmdZO+areDkucOHdR03xkk9DPiB3GT4NKGvO0lBBRr/KkrENRRoL8EwsYD2UH/o6SPdes76F0vFJYzP3Q33kBY4dRpIzTcbzKFwpvmQszzmDbFFZoUe25Fq0kDcMN2IC20MwvNHFQDJFwQJ4JkWLwRuP6rAIjQ=,iv:thrY5JxFdidqumX+APUxthqdcKrmozQ6zLnmGTzMrFk=,tag:KBXseUVIAMvIDTN2krEY5Q==,type:str] + lastmodified: "2022-12-01T22:33:34Z" + mac: ENC[AES256_GCM,data:guldqBejtXp67NO2A/B0kPCLlJmpE7OAp04IRnv8iaMyvo/TxBkgvC8PQ/oQesxf2KNlJ671ewlIU9IdDres8qAC6ytV+iWVZGusOQfXKZKO5EWygckXokvs7jIfxWI7TdztLCMXlzaVDyH4fnrg2x4luxc3PNrctDfzu/vEP3s=,iv:Z9XHDirjaOs5UU5hWakGWDAvzvadIbJvBp4QbXCiw24=,tag:9WLfHq0SIQRvJqUmNWrSXA==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3