fixup! ♻️ migration externalsecrets

2025-10-01 07:55:06 +02:00 · 2023-07-10 19:15:56 +02:00
parent fb3be5853f
commit f945aa99f8
49 changed files with 352 additions and 450 deletions
--- a/kubernetes/apps/default/mailrise/app/externalsecret.yaml
+++ b/kubernetes/apps/default/mailrise/app/externalsecret.yaml
@@ -0,0 +1,18 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mailrise
+  namespace: default
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: mailrise-secret
+    creationPolicy: Owner
+  dataFrom:
+    - extract:
+        # PUSHOVER_TRUENAS
+        key: mailrise
--- a/kubernetes/apps/default/mailrise/app/helmrelease.yaml
+++ b/kubernetes/apps/default/mailrise/app/helmrelease.yaml
@@ -6,7 +6,7 @@ metadata:
  name: &app mailrise
  namespace: default
 spec:
-  interval: 15m
+  interval: 30m
  chart:
    spec:
      chart: app-template
@@ -15,7 +15,7 @@ spec:
        kind: HelmRepository
        name: bjw-s
        namespace: flux-system
-  maxHistory: 3
+  maxHistory: 2
  install:
    createNamespace: true
    remediation:
@@ -39,7 +39,7 @@ spec:
      TZ: ${TIMEZONE}
    envFrom:
      - secretRef:
-          name: *app
+          name: mailrise-secret
    service:
      main:
        type: LoadBalancer
@@ -77,8 +77,6 @@ spec:
        labelSelector:
          matchLabels:
            app.kubernetes.io/name: *app
-    podAnnotations:
-      secret.reloader.stakater.com/reload: *app
    resources:
      requests:
        cpu: 10m
--- a/kubernetes/apps/default/mailrise/app/kustomization.yaml
+++ b/kubernetes/apps/default/mailrise/app/kustomization.yaml
@@ -4,8 +4,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: default
 resources:
+  - ./externalsecret.yaml
  - ./helmrelease.yaml
-  - ./secret.sops.yaml
 configMapGenerator:
  - name: mailrise-configmap
    files:
--- a/kubernetes/apps/default/mailrise/app/secret.sops.yaml
+++ b/kubernetes/apps/default/mailrise/app/secret.sops.yaml
@@ -1,29 +0,0 @@
-# yamllint disable
-apiVersion: v1
-kind: Secret
-metadata:
-    name: mailrise
-    namespace: default
-type: Opaque
-stringData:
-    PUSHOVER_TRUENAS: ENC[AES256_GCM,data:0sViJTQ7VNLccJLzJpwYQGbX0wP3oMCdMng/OFMW85Vfkejag0EEIP6HBCo/rOetq6VAtjvDoUNIx7I2HlHmm0uE7+oM,iv:bz43yn8QOG2/oWnxISTd5Y/JHVdhVfemcNWi62OGD2Q=,tag:YckZYWnKnhXB+0vUO9T5Tg==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
-            bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
-            VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
-            OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
-            LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-12-29T15:53:20Z"
-    mac: ENC[AES256_GCM,data:NwSRgt+Qr/suY+xca7c9hAAivYTPr9Uo9dJ5bzJzN8F1Tj4jxQcD/NHYvn+8OiPg9PCOlVDLzwcuuwUBwDc01diUMmkH5VTz50nQIO+CNlESJrVCDLEId8qgw3qU9AlBg9ik1lmNtggwl5X8NLduzrmYqS3mi+/jgt/3spZuLOA=,iv:FDe5+AEFs+76sP4PkwLIoofKcg0AbEqITp7nZKfab7o=,tag:zwcklTcIo4qeGxFLasidEw==,type:str]
-    pgp: []
-    encrypted_regex: ^(data|stringData)$
-    version: 3.7.3