fixup! ♻️ migration externalsecrets

2025-09-17 18:24:14 +02:00 · 2023-07-13 18:33:28 +02:00
parent 4021dac4df
commit eacff455da
125 changed files with 1061 additions and 1474 deletions
--- a/kubernetes/apps/default/sharry/app/externalsecret.yaml
+++ b/kubernetes/apps/default/sharry/app/externalsecret.yaml
@@ -0,0 +1,28 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: sharry
+  namespace: default
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: sharry-secret
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        # Postgres Init
+        INIT_POSTGRES_DBNAME: sharry
+        INIT_POSTGRES_HOST: postgres-rw.default.svc.cluster.local
+        INIT_POSTGRES_USER: "{{ .POSTGRES_USERNAME }}"
+        INIT_POSTGRES_PASS: "{{ .POSTGRES_PASSWORD }}"
+        INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
+  dataFrom:
+    - extract:
+        key: cloudnative-pg
+    - extract:
+        key: sharry
--- a/kubernetes/apps/default/sharry/app/helmrelease.yaml
+++ b/kubernetes/apps/default/sharry/app/helmrelease.yaml
@@ -6,7 +6,7 @@ metadata:
  name: &app sharry
  namespace: default
 spec:
-  interval: 15m
+  interval: 30m
  chart:
    spec:
      chart: app-template
@@ -15,7 +15,7 @@ spec:
        kind: HelmRepository
        name: bjw-s
        namespace: flux-system
-  maxHistory: 3
+  maxHistory: 2
  install:
    createNamespace: true
    remediation:
@@ -27,9 +27,16 @@ spec:
  uninstall:
    keepHistory: false
  values:
+    initContainers:
+      01-init-db:
+        image: ghcr.io/onedr0p/postgres-init:14.8
+        imagePullPolicy: IfNotPresent
+        envFrom: &envFrom
+          - secretRef:
+              name: &secret sharry-secret
    controller:
-      replicas: 1
-      strategy: Recreate
+      annotations:
+        reloader.stakater.com/auto: "true"
    image:
      repository: eikek0/sharry
      tag: v1.12.1
@@ -56,9 +63,6 @@ spec:
        tls:
          - hosts:
              - *host
-    podAnnotations:
-      configMap.reloader.stakater.com/reload: *app
-      secret.reloader.stakater.com/reload: *app
    resources:
      requests:
        cpu: 50m
@@ -69,6 +73,6 @@ spec:
      config:
        enabled: true
        type: configMap
-        name: sharry
+        name: sharry-configmap
        mountPath: /opt/sharry.conf
        subPath: sharry.conf
--- a/kubernetes/apps/default/sharry/app/kustomization.yaml
+++ b/kubernetes/apps/default/sharry/app/kustomization.yaml
@@ -4,11 +4,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: default
 resources:
+  - ./externalsecret.yaml
  - ./helmrelease.yaml
-patchesStrategicMerge:
-  - ./patches/postgres.yaml
 configMapGenerator:
-  - name: sharry
+  - name: sharry-configmap
    files:
      - ./config/sharry.conf
 generatorOptions:
--- a/kubernetes/apps/default/sharry/app/patches/postgres.yaml
+++ b/kubernetes/apps/default/sharry/app/patches/postgres.yaml
@@ -1,26 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: sharry
-  namespace: default
-spec:
-  values:
-    initContainers:
-      init-db:
-        image: ghcr.io/onedr0p/postgres-initdb:14.8
-        env:
-          - name: POSTGRES_HOST
-            value: ${POSTGRES_HOST}
-          - name: POSTGRES_DB
-            value: sharry
-          - name: POSTGRES_SUPER_PASS
-            valueFrom:
-              secretKeyRef:
-                name: postgres-superuser
-                key: password
-          - name: POSTGRES_USER
-            value: ${SECRET_SHARRY_DB_USERNAME}
-          - name: POSTGRES_PASS
-            value: ${SECRET_SHARRY_DB_PASSWORD}