From 4cc356275e887f21c74f633040b909d0602d10a8 Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 16 Feb 2024 15:43:55 -0500 Subject: [PATCH] feat: Switch Most Secrets to External Secrets Operator --- kubernetes/argocd/applications/bitwarden.yaml | 2 - .../argocd/applications/cockroachdb.yaml | 2 - .../container-security-operator.yaml | 2 - .../applications/dragonfly-operator.yaml | 2 - .../applications/eclipse-che-operator.yaml | 2 - .../external-secrets-operator.yaml | 2 - kubernetes/argocd/applications/grafana.yaml | 2 - kubernetes/argocd/applications/heimdall.yaml | 2 - .../argocd/applications/homeassistant.yaml | 2 - kubernetes/argocd/applications/homelab.yaml | 2 - .../argocd/applications/imagepuller.yaml | 2 - kubernetes/argocd/applications/influxdb.yaml | 2 - .../argocd/applications/keep-alive.yaml | 2 - kubernetes/argocd/applications/knative.yaml | 2 - .../argocd/applications/kube-eagle.yaml | 2 - kubernetes/argocd/applications/kube-vip.yaml | 2 - kubernetes/argocd/applications/kyverno.yaml | 2 - .../argocd/applications/longhorn-system.yaml | 2 - .../argocd/applications/mariadb-galera.yaml | 2 - .../argocd/applications/minio-operator.yaml | 2 - .../argocd/applications/mongodb-operator.yaml | 2 - .../applications/network-observability.yaml | 2 - kubernetes/argocd/applications/nextcloud.yaml | 2 - .../applications/openshift-monitoring.yaml | 2 - .../argocd/applications/photoprism.yaml | 2 - .../argocd/applications/phpmyadmin.yaml | 2 - kubernetes/argocd/applications/postgres.yaml | 2 - kubernetes/argocd/applications/quay.yaml | 2 - .../argocd/applications/stackrox-central.yaml | 2 - .../argocd/applications/stackrox-secure.yaml | 2 - kubernetes/argocd/applications/tekton.yaml | 2 - kubernetes/argocd/applications/traefik.yaml | 2 - .../unifi-network-application.yaml | 2 - .../argocd/applications/uptime-kuma.yaml | 2 - kubernetes/argocd/applications/vault.yaml | 2 - .../argocd/applications/version-checker.yaml | 2 - kubernetes/argocd/applications/zitadel.yaml | 2 - .../base/kustomization.yaml | 1 + .../base/secret.yaml | 17 +++++ kubernetes/grafana/base/secret.yaml | 23 +++++- kubernetes/longhorn/base/backup-secret.yaml | 29 +++++++- kubernetes/mariadb-galera/base/secret.yaml | 45 +++++++++-- kubernetes/photoprism/base/secret.yaml | 35 +++++++-- .../tekton/components/gosmee/deployment.yaml | 8 +- .../components/gosmee/kustomization.yaml | 1 + .../tekton/components/gosmee/secrets.yaml | 18 +++++ kubernetes/zitadel/base/secret.yaml | 74 ++++++++++++++----- 47 files changed, 216 insertions(+), 109 deletions(-) create mode 100644 kubernetes/external-secrets-operator/base/secret.yaml create mode 100644 kubernetes/tekton/components/gosmee/secrets.yaml diff --git a/kubernetes/argocd/applications/bitwarden.yaml b/kubernetes/argocd/applications/bitwarden.yaml index 586c44ef9..32f5318dd 100644 --- a/kubernetes/argocd/applications/bitwarden.yaml +++ b/kubernetes/argocd/applications/bitwarden.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/bitwarden/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/cockroachdb.yaml b/kubernetes/argocd/applications/cockroachdb.yaml index 1d34daed2..f532ccb68 100644 --- a/kubernetes/argocd/applications/cockroachdb.yaml +++ b/kubernetes/argocd/applications/cockroachdb.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/cockroachdb/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/container-security-operator.yaml b/kubernetes/argocd/applications/container-security-operator.yaml index 0531e2961..920d7335e 100644 --- a/kubernetes/argocd/applications/container-security-operator.yaml +++ b/kubernetes/argocd/applications/container-security-operator.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/container-security/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/dragonfly-operator.yaml b/kubernetes/argocd/applications/dragonfly-operator.yaml index a75fdf489..2edf4b270 100644 --- a/kubernetes/argocd/applications/dragonfly-operator.yaml +++ b/kubernetes/argocd/applications/dragonfly-operator.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/dragonfly-operator/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/eclipse-che-operator.yaml b/kubernetes/argocd/applications/eclipse-che-operator.yaml index e6bcec6eb..c67acfb12 100644 --- a/kubernetes/argocd/applications/eclipse-che-operator.yaml +++ b/kubernetes/argocd/applications/eclipse-che-operator.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/eclipse-che/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/external-secrets-operator.yaml b/kubernetes/argocd/applications/external-secrets-operator.yaml index 38cdf5e8a..ed2bd15e8 100644 --- a/kubernetes/argocd/applications/external-secrets-operator.yaml +++ b/kubernetes/argocd/applications/external-secrets-operator.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/external-secrets-operator/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/grafana.yaml b/kubernetes/argocd/applications/grafana.yaml index 408649ad1..5dfa6a552 100644 --- a/kubernetes/argocd/applications/grafana.yaml +++ b/kubernetes/argocd/applications/grafana.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/grafana/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/heimdall.yaml b/kubernetes/argocd/applications/heimdall.yaml index 37525ec37..025b9a794 100644 --- a/kubernetes/argocd/applications/heimdall.yaml +++ b/kubernetes/argocd/applications/heimdall.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/heimdall/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/homeassistant.yaml b/kubernetes/argocd/applications/homeassistant.yaml index 9af9d40b7..beb3a8081 100644 --- a/kubernetes/argocd/applications/homeassistant.yaml +++ b/kubernetes/argocd/applications/homeassistant.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/homeassistant/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/homelab.yaml b/kubernetes/argocd/applications/homelab.yaml index 9396906ba..f7fa7f64b 100644 --- a/kubernetes/argocd/applications/homelab.yaml +++ b/kubernetes/argocd/applications/homelab.yaml @@ -17,8 +17,6 @@ spec: path: tekton/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/imagepuller.yaml b/kubernetes/argocd/applications/imagepuller.yaml index f8ef11add..2fa8f4ece 100644 --- a/kubernetes/argocd/applications/imagepuller.yaml +++ b/kubernetes/argocd/applications/imagepuller.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/imagepuller/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/influxdb.yaml b/kubernetes/argocd/applications/influxdb.yaml index d9de4a713..d73eb6b6a 100644 --- a/kubernetes/argocd/applications/influxdb.yaml +++ b/kubernetes/argocd/applications/influxdb.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/influxdb/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/keep-alive.yaml b/kubernetes/argocd/applications/keep-alive.yaml index 7ba8b445c..d2155305b 100644 --- a/kubernetes/argocd/applications/keep-alive.yaml +++ b/kubernetes/argocd/applications/keep-alive.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/keep-alive/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/knative.yaml b/kubernetes/argocd/applications/knative.yaml index d332096f6..42244e230 100644 --- a/kubernetes/argocd/applications/knative.yaml +++ b/kubernetes/argocd/applications/knative.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/knative/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/kube-eagle.yaml b/kubernetes/argocd/applications/kube-eagle.yaml index 87f903f7a..d8a4d199f 100644 --- a/kubernetes/argocd/applications/kube-eagle.yaml +++ b/kubernetes/argocd/applications/kube-eagle.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/kube-eagle/overlays/default repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/kube-vip.yaml b/kubernetes/argocd/applications/kube-vip.yaml index 907a589f4..944838024 100644 --- a/kubernetes/argocd/applications/kube-vip.yaml +++ b/kubernetes/argocd/applications/kube-vip.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/kube-vip/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/kyverno.yaml b/kubernetes/argocd/applications/kyverno.yaml index a930811f4..a56302e83 100644 --- a/kubernetes/argocd/applications/kyverno.yaml +++ b/kubernetes/argocd/applications/kyverno.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/kyverno/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/longhorn-system.yaml b/kubernetes/argocd/applications/longhorn-system.yaml index aa20641d1..c9e81e466 100644 --- a/kubernetes/argocd/applications/longhorn-system.yaml +++ b/kubernetes/argocd/applications/longhorn-system.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/longhorn/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/mariadb-galera.yaml b/kubernetes/argocd/applications/mariadb-galera.yaml index 491e76689..f126ed494 100644 --- a/kubernetes/argocd/applications/mariadb-galera.yaml +++ b/kubernetes/argocd/applications/mariadb-galera.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/mariadb-galera/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/minio-operator.yaml b/kubernetes/argocd/applications/minio-operator.yaml index cc85a8456..c1083a559 100644 --- a/kubernetes/argocd/applications/minio-operator.yaml +++ b/kubernetes/argocd/applications/minio-operator.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/minio-operator/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/mongodb-operator.yaml b/kubernetes/argocd/applications/mongodb-operator.yaml index b8c04bf4a..ce62cab8b 100644 --- a/kubernetes/argocd/applications/mongodb-operator.yaml +++ b/kubernetes/argocd/applications/mongodb-operator.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/mongodb-operator/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/network-observability.yaml b/kubernetes/argocd/applications/network-observability.yaml index 210f67ef1..340ebc2bf 100644 --- a/kubernetes/argocd/applications/network-observability.yaml +++ b/kubernetes/argocd/applications/network-observability.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/network-observability/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/nextcloud.yaml b/kubernetes/argocd/applications/nextcloud.yaml index a5a58cc93..54d14bae8 100644 --- a/kubernetes/argocd/applications/nextcloud.yaml +++ b/kubernetes/argocd/applications/nextcloud.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/nextcloud/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/openshift-monitoring.yaml b/kubernetes/argocd/applications/openshift-monitoring.yaml index 9fbcd28c5..98b6fcc9c 100644 --- a/kubernetes/argocd/applications/openshift-monitoring.yaml +++ b/kubernetes/argocd/applications/openshift-monitoring.yaml @@ -17,5 +17,3 @@ spec: path: okd/openshift-monitoring/base repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize diff --git a/kubernetes/argocd/applications/photoprism.yaml b/kubernetes/argocd/applications/photoprism.yaml index 4bd0bc4a2..b93747899 100644 --- a/kubernetes/argocd/applications/photoprism.yaml +++ b/kubernetes/argocd/applications/photoprism.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/photoprism/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/phpmyadmin.yaml b/kubernetes/argocd/applications/phpmyadmin.yaml index 899a5a719..11284ab2d 100644 --- a/kubernetes/argocd/applications/phpmyadmin.yaml +++ b/kubernetes/argocd/applications/phpmyadmin.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/phpmyadmin/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/postgres.yaml b/kubernetes/argocd/applications/postgres.yaml index 11618fe36..a02eb6212 100644 --- a/kubernetes/argocd/applications/postgres.yaml +++ b/kubernetes/argocd/applications/postgres.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/postgres/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/quay.yaml b/kubernetes/argocd/applications/quay.yaml index 4c099c7e3..88c8970ec 100644 --- a/kubernetes/argocd/applications/quay.yaml +++ b/kubernetes/argocd/applications/quay.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/quay/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/stackrox-central.yaml b/kubernetes/argocd/applications/stackrox-central.yaml index 8a39169da..0a00490b6 100644 --- a/kubernetes/argocd/applications/stackrox-central.yaml +++ b/kubernetes/argocd/applications/stackrox-central.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/stackrox-central/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/stackrox-secure.yaml b/kubernetes/argocd/applications/stackrox-secure.yaml index f30c042d4..b64fabdb6 100644 --- a/kubernetes/argocd/applications/stackrox-secure.yaml +++ b/kubernetes/argocd/applications/stackrox-secure.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/stackrox-secure/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/tekton.yaml b/kubernetes/argocd/applications/tekton.yaml index afa1f8e63..9780281fd 100644 --- a/kubernetes/argocd/applications/tekton.yaml +++ b/kubernetes/argocd/applications/tekton.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/tekton/overlays/operator repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/traefik.yaml b/kubernetes/argocd/applications/traefik.yaml index 2a19d0a47..fa97c85e4 100644 --- a/kubernetes/argocd/applications/traefik.yaml +++ b/kubernetes/argocd/applications/traefik.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/traefik/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/unifi-network-application.yaml b/kubernetes/argocd/applications/unifi-network-application.yaml index 1e1a27765..2ca7fd619 100644 --- a/kubernetes/argocd/applications/unifi-network-application.yaml +++ b/kubernetes/argocd/applications/unifi-network-application.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/unifi-network-application/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/uptime-kuma.yaml b/kubernetes/argocd/applications/uptime-kuma.yaml index ec209735e..d87dd8a04 100644 --- a/kubernetes/argocd/applications/uptime-kuma.yaml +++ b/kubernetes/argocd/applications/uptime-kuma.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/uptime-kuma/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/vault.yaml b/kubernetes/argocd/applications/vault.yaml index 0eb7ca811..c4d151416 100644 --- a/kubernetes/argocd/applications/vault.yaml +++ b/kubernetes/argocd/applications/vault.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/vault/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/version-checker.yaml b/kubernetes/argocd/applications/version-checker.yaml index f931c80fc..af85ee2d3 100644 --- a/kubernetes/argocd/applications/version-checker.yaml +++ b/kubernetes/argocd/applications/version-checker.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/version-checker/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/zitadel.yaml b/kubernetes/argocd/applications/zitadel.yaml index e089a7573..367ee8f63 100644 --- a/kubernetes/argocd/applications/zitadel.yaml +++ b/kubernetes/argocd/applications/zitadel.yaml @@ -17,8 +17,6 @@ spec: path: kubernetes/zitadel/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD - plugin: - name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/external-secrets-operator/base/kustomization.yaml b/kubernetes/external-secrets-operator/base/kustomization.yaml index 08badb3b4..43427fc57 100644 --- a/kubernetes/external-secrets-operator/base/kustomization.yaml +++ b/kubernetes/external-secrets-operator/base/kustomization.yaml @@ -7,3 +7,4 @@ resources: - ./operator-config.yaml - ./operator-group.yaml - ./subscription.yaml + - ./secret.yaml diff --git a/kubernetes/external-secrets-operator/base/secret.yaml b/kubernetes/external-secrets-operator/base/secret.yaml new file mode 100644 index 000000000..178c08da5 --- /dev/null +++ b/kubernetes/external-secrets-operator/base/secret.yaml @@ -0,0 +1,17 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: vault +spec: + provider: + vault: + server: "https://vault.arthurvardevanyan.com" + path: "secret" + version: "v2" + auth: + kubernetes: + mountPath: "kubernetes" + role: "argocd" + serviceAccountRef: + name: "argocd-repo-server" + namespace: "argocd" diff --git a/kubernetes/grafana/base/secret.yaml b/kubernetes/grafana/base/secret.yaml index 6722d1307..5e404f746 100644 --- a/kubernetes/grafana/base/secret.yaml +++ b/kubernetes/grafana/base/secret.yaml @@ -12,4 +12,25 @@ stringData: GF_DATABASE_HOST: grafana-primary.postgres.svc GF_DATABASE_NAME: grafana GF_DATABASE_USER: grafana - GF_DATABASE_PASSWORD: + #GF_DATABASE_PASSWORD: +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: database + namespace: grafana + labels: + app.kubernetes.io/instance: grafana +spec: + refreshInterval: "1h" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: database + creationPolicy: "Merge" + data: + - secretKey: GF_DATABASE_PASSWORD + remoteRef: + key: homelab/postgres + property: grafana_password diff --git a/kubernetes/longhorn/base/backup-secret.yaml b/kubernetes/longhorn/base/backup-secret.yaml index c6b7171c4..a7a444f8d 100644 --- a/kubernetes/longhorn/base/backup-secret.yaml +++ b/kubernetes/longhorn/base/backup-secret.yaml @@ -7,6 +7,31 @@ metadata: app.kubernetes.io/instance: longhorn type: Opaque stringData: - AWS_ACCESS_KEY_ID: - AWS_SECRET_ACCESS_KEY: + # AWS_ACCESS_KEY_ID: + # AWS_SECRET_ACCESS_KEY: AWS_ENDPOINTS: http://10.0.0.3:9000 +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: truenas-secret + namespace: longhorn-system + labels: + app.kubernetes.io/instance: longhorn +spec: + refreshInterval: "1h" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: truenas-secret + creationPolicy: "Merge" + data: + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + key: homelab/minio + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + key: homelab/minio + property: access_key diff --git a/kubernetes/mariadb-galera/base/secret.yaml b/kubernetes/mariadb-galera/base/secret.yaml index 5a05a786c..78ad0784d 100644 --- a/kubernetes/mariadb-galera/base/secret.yaml +++ b/kubernetes/mariadb-galera/base/secret.yaml @@ -1,13 +1,42 @@ -apiVersion: v1 -kind: Secret +# apiVersion: v1 +# kind: Secret +# metadata: +# name: mariadb-galera +# namespace: mariadb-galera +# labels: +# app.kubernetes.io/name: mariadb-galera +# app.kubernetes.io/instance: mariadb-galera +# type: Opaque +# stringData: +# mariadb-root-password: +# mariadb-password: +# mariadb-galera-mariabackup-password: +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret metadata: name: mariadb-galera namespace: mariadb-galera labels: - app.kubernetes.io/name: mariadb-galera app.kubernetes.io/instance: mariadb-galera - type: Opaque -stringData: - mariadb-root-password: - mariadb-password: - mariadb-galera-mariabackup-password: +spec: + refreshInterval: "1h" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: mariadb-galera + #creationPolicy: "Merge" + data: + - secretKey: mariadb-root-password + remoteRef: + key: homelab/mariadb-galera + property: mariadb-root-password + - secretKey: mariadb-password + remoteRef: + key: homelab/mariadb-galera + property: mariadb-root-password + - secretKey: mariadb-galera-mariabackup-password + remoteRef: + key: homelab/mariadb-galera + property: mariadb-galera-mariabackup-password diff --git a/kubernetes/photoprism/base/secret.yaml b/kubernetes/photoprism/base/secret.yaml index 71b17c4cf..f0088c16e 100644 --- a/kubernetes/photoprism/base/secret.yaml +++ b/kubernetes/photoprism/base/secret.yaml @@ -1,10 +1,35 @@ -apiVersion: v1 -kind: Secret +# apiVersion: v1 +# kind: Secret +# metadata: +# name: photoprism-secrets +# namespace: photoprism +# labels: +# app.kubernetes.io/instance: photoprism +# stringData: +# PHOTOPRISM_ADMIN_PASSWORD: +# PHOTOPRISM_DATABASE_DSN: +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret metadata: name: photoprism-secrets namespace: photoprism labels: app.kubernetes.io/instance: photoprism -stringData: - PHOTOPRISM_ADMIN_PASSWORD: - PHOTOPRISM_DATABASE_DSN: +spec: + refreshInterval: "1h" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: photoprism-secrets + #creationPolicy: "Merge" + data: + - secretKey: PHOTOPRISM_ADMIN_PASSWORD + remoteRef: + key: homelab/photoprism + property: admin_password + - secretKey: PHOTOPRISM_DATABASE_DSN + remoteRef: + key: homelab/photoprism + property: db_url diff --git a/kubernetes/tekton/components/gosmee/deployment.yaml b/kubernetes/tekton/components/gosmee/deployment.yaml index d1be65e2d..5a91608a7 100644 --- a/kubernetes/tekton/components/gosmee/deployment.yaml +++ b/kubernetes/tekton/components/gosmee/deployment.yaml @@ -25,9 +25,15 @@ spec: - name: gosmeed image: ghcr.io/chmouel/gosmee:v0.20.2@sha256:3ad5dbb4653399a6e0f40924ac21435266cbba1c8a2ce1579c48c801b43ce863 imagePullPolicy: Always + env: + - name: GOSMEE_HASH + valueFrom: + secretKeyRef: + name: gosmee + key: GOSMEE_HASH args: - client - - "https://hook.pipelinesascode.com/" + - "https://hook.pipelinesascode.com/${GOSMEE_HASH}" - >- https://pipelines-as-code-controller-openshift-pipelines.apps.okd.arthurvardevanyan.com ports: diff --git a/kubernetes/tekton/components/gosmee/kustomization.yaml b/kubernetes/tekton/components/gosmee/kustomization.yaml index affc36b3d..15de728c7 100644 --- a/kubernetes/tekton/components/gosmee/kustomization.yaml +++ b/kubernetes/tekton/components/gosmee/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component resources: - deployment.yaml + - secret.yaml diff --git a/kubernetes/tekton/components/gosmee/secrets.yaml b/kubernetes/tekton/components/gosmee/secrets.yaml new file mode 100644 index 000000000..87154d54f --- /dev/null +++ b/kubernetes/tekton/components/gosmee/secrets.yaml @@ -0,0 +1,18 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: gosmee + namespace: openshift-pipelines +spec: + refreshInterval: "1h" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: gosmee + #creationPolicy: "Merge" + data: + - secretKey: GOSMEE_HASH + remoteRef: + key: homelab/tekton + property: gosmee_hash diff --git a/kubernetes/zitadel/base/secret.yaml b/kubernetes/zitadel/base/secret.yaml index faa20dfe6..fe89fedc0 100644 --- a/kubernetes/zitadel/base/secret.yaml +++ b/kubernetes/zitadel/base/secret.yaml @@ -14,24 +14,62 @@ metadata: stringData: masterkey: --- -# Source: zitadel/templates/secret_zitadel-secrets.yaml -apiVersion: v1 -kind: Secret -type: Opaque +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret metadata: - name: zitadel-secrets-yaml + name: zitadel-masterkey namespace: zitadel - labels: - helm.sh/chart: zitadel-6.2.0 - app.kubernetes.io/name: zitadel - app.kubernetes.io/instance: zitadel - app.kubernetes.io/version: "v2.43.5" - app.kubernetes.io/managed-by: Helm -stringData: - zitadel-secrets-yaml: |- +spec: + refreshInterval: "1h" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: zitadel-masterkey + #creationPolicy: "Merge" + data: + - secretKey: masterkey + remoteRef: + key: homelab/zitadel/config + property: masterkey +#--- +# # Source: zitadel/templates/secret_zitadel-secrets.yaml +# apiVersion: v1 +# kind: Secret +# type: Opaque +# metadata: +# name: zitadel-secrets-yaml +# namespace: zitadel +# labels: +# helm.sh/chart: zitadel-6.2.0 +# app.kubernetes.io/name: zitadel +# app.kubernetes.io/instance: zitadel +# app.kubernetes.io/version: "v2.43.5" +# app.kubernetes.io/managed-by: Helm +# stringData: +# zitadel-secrets-yaml: |- - Database: - cockroach: - Host: crdb-public - User: - Password: +# Database: +# cockroach: +# Host: crdb-public +# User: +# Password: +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: zitadel-secrets-yaml + namespace: zitadel +spec: + refreshInterval: "1h" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: zitadel-secrets-yaml + #creationPolicy: "Merge" + data: + - secretKey: zitadel-secrets-yaml + remoteRef: + key: homelab/zitadel/config + property: db-password-yaml