refactor: onepassword secret store #2526
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- kubernetes/apps/external-secrets/external-secrets/app Kustomization: flux-system/external-secrets HelmRelease: external-secrets/external-secrets
+++ kubernetes/apps/external-secrets/external-secrets/app Kustomization: flux-system/external-secrets HelmRelease: external-secrets/external-secrets
@@ -14,40 +14,19 @@
chart: external-secrets
sourceRef:
kind: HelmRepository
name: external-secrets
namespace: flux-system
version: 0.12.1
- dependsOn:
- - name: onepassword-connect
- namespace: external-secrets
install:
remediation:
retries: 3
interval: 30m
upgrade:
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
- values:
- certController:
- image:
- repository: ghcr.io/external-secrets/external-secrets
- serviceMonitor:
- enabled: true
- interval: 1m
- image:
- repository: ghcr.io/external-secrets/external-secrets
- installCRDs: true
- leaderElect: true
- replicaCount: 1
- serviceMonitor:
- enabled: true
- interval: 1m
- webhook:
- image:
- repository: ghcr.io/external-secrets/external-secrets
- serviceMonitor:
- enabled: true
- interval: 1m
+ valuesFrom:
+ - kind: ConfigMap
+ name: external-secrets-helm-values-h9g78hg67k
--- kubernetes/apps/external-secrets/external-secrets/app Kustomization: flux-system/external-secrets ConfigMap: external-secrets/external-secrets-helm-values-h9g78hg67k
+++ kubernetes/apps/external-secrets/external-secrets/app Kustomization: flux-system/external-secrets ConfigMap: external-secrets/external-secrets-helm-values-h9g78hg67k
@@ -0,0 +1,34 @@
+---
+apiVersion: v1
+data:
+ values.yaml: |
+ ---
+ installCRDs: true
+ replicaCount: 1
+ leaderElect: true
+ image:
+ repository: ghcr.io/external-secrets/external-secrets
+ webhook:
+ image:
+ repository: ghcr.io/external-secrets/external-secrets
+ serviceMonitor:
+ enabled: true
+ interval: 1m
+ certController:
+ image:
+ repository: ghcr.io/external-secrets/external-secrets
+ serviceMonitor:
+ enabled: true
+ interval: 1m
+ serviceMonitor:
+ enabled: true
+ interval: 1m
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: external-secrets
+ kustomize.toolkit.fluxcd.io/name: external-secrets
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: external-secrets-helm-values-h9g78hg67k
+ namespace: external-secrets
+
--- kubernetes/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance ExternalSecret: flux-system/github-token
+++ kubernetes/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance ExternalSecret: flux-system/github-token
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: flux
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: github-token-secret
template:
data:
token: '{{ .FLUX_GITHUB_TOKEN }}'
engineVersion: v2
--- kubernetes/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance ExternalSecret: flux-system/github-webhook-token
+++ kubernetes/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance ExternalSecret: flux-system/github-webhook-token
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: flux
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: github-webhook-token-secret
template:
data:
token: '{{ .FLUX_GITHUB_WEBHOOK_TOKEN }}'
engineVersion: v2
--- kubernetes/apps/selfhosted/hoarder/app Kustomization: flux-system/hoarder ExternalSecret: selfhosted/hoarder
+++ kubernetes/apps/selfhosted/hoarder/app Kustomization: flux-system/hoarder ExternalSecret: selfhosted/hoarder
@@ -13,13 +13,13 @@
- extract:
key: hoarder
- extract:
key: openai
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: hoarder-secret
template:
data:
MEILI_MASTER_KEY: '{{ .MEILI_MASTER_KEY }}'
NEXTAUTH_SECRET: '{{ .NEXTAUTH_SECRET }}'
--- kubernetes/apps/selfhosted/hoarder/app Kustomization: flux-system/hoarder ExternalSecret: selfhosted/hoarder-volsync
+++ kubernetes/apps/selfhosted/hoarder/app Kustomization: flux-system/hoarder ExternalSecret: selfhosted/hoarder-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: hoarder-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/hoarder
--- kubernetes/apps/selfhosted/hoarder/app Kustomization: flux-system/hoarder ExternalSecret: selfhosted/hoarder-volsync-r2
+++ kubernetes/apps/selfhosted/hoarder/app Kustomization: flux-system/hoarder ExternalSecret: selfhosted/hoarder-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: hoarder-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/external-secrets/onepassword-connect/app Kustomization: flux-system/onepassword-connect HelmRelease: external-secrets/onepassword-connect
+++ kubernetes/apps/external-secrets/onepassword-connect/app Kustomization: flux-system/onepassword-connect HelmRelease: external-secrets/onepassword-connect
@@ -1,145 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- labels:
- app.kubernetes.io/name: onepassword-connect
- kustomize.toolkit.fluxcd.io/name: onepassword-connect
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: onepassword-connect
- namespace: external-secrets
-spec:
- chart:
- spec:
- chart: app-template
- sourceRef:
- kind: HelmRepository
- name: bjw-s
- namespace: flux-system
- version: 3.6.1
- install:
- remediation:
- retries: 3
- interval: 30m
- upgrade:
- cleanupOnFail: true
- remediation:
- retries: 3
- strategy: rollback
- values:
- controllers:
- onepassword-connect:
- annotations:
- reloader.stakater.com/auto: 'true'
- containers:
- api:
- env:
- OP_BUS_PEERS: localhost:11221
- OP_BUS_PORT: 11220
- OP_HTTP_PORT: 80
- OP_SESSION:
- valueFrom:
- secretKeyRef:
- key: 1password-credentials.json
- name: onepassword-connect-secret
- XDG_DATA_HOME: /config
- image:
- repository: docker.io/1password/connect-api
- tag: 1.7.3@sha256:0601c7614e102eada268dbda6ba4b5886ce77713be2c332ec6a2fd0f028484ba
- probes:
- liveness:
- custom: true
- enabled: true
- spec:
- failureThreshold: 3
- httpGet:
- path: /heartbeat
- port: 80
- initialDelaySeconds: 15
- periodSeconds: 30
- readiness:
- custom: true
- enabled: true
- spec:
- httpGet:
- path: /health
- port: 80
- initialDelaySeconds: 15
- resources:
- limits:
- memory: 256M
- requests:
- cpu: 10m
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- sync:
- env:
- OP_BUS_PEERS: localhost:11220
- OP_BUS_PORT: 11221
- OP_HTTP_PORT: 8081
- OP_SESSION:
- valueFrom:
- secretKeyRef:
- key: 1password-credentials.json
- name: onepassword-connect-secret
- XDG_DATA_HOME: /config
- image:
- repository: docker.io/1password/connect-sync
- tag: 1.7.3@sha256:2f17621c7eb27bbcb1f86bbc5e5a5198bf54ac3b9c2ffac38064d03c932b07d5
- probes:
- liveness:
- custom: true
- enabled: true
- spec:
- failureThreshold: 3
- httpGet:
- path: /heartbeat
- port: 8081
- initialDelaySeconds: 15
- periodSeconds: 30
- readiness:
- custom: true
- enabled: true
- spec:
- httpGet:
- path: /health
- port: 8081
- initialDelaySeconds: 15
- resources:
- limits:
- memory: 256M
- requests:
- cpu: 10m
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- replicas: 1
- strategy: RollingUpdate
- defaultPodOptions:
- securityContext:
- fsGroup: 999
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 999
- runAsNonRoot: true
- runAsUser: 999
- seccompProfile:
- type: RuntimeDefault
- persistence:
- config:
- globalMounts:
- - path: /config
- type: emptyDir
- service:
- app:
- controller: onepassword-connect
- ports:
- http:
- port: 80
-
--- kubernetes/apps/external-secrets/external-secrets/stores Kustomization: flux-system/external-secrets-stores ClusterSecretStore: external-secrets/onepassword-connect
+++ kubernetes/apps/external-secrets/external-secrets/stores Kustomization: flux-system/external-secrets-stores ClusterSecretStore: external-secrets/onepassword-connect
@@ -1,23 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
- labels:
- app.kubernetes.io/name: external-secrets-stores
- kustomize.toolkit.fluxcd.io/name: external-secrets-stores
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: onepassword-connect
- namespace: external-secrets
-spec:
- provider:
- onepassword:
- auth:
- secretRef:
- connectTokenSecretRef:
- key: token
- name: onepassword-connect-secret
- namespace: external-secrets
- connectHost: http://onepassword-connect.external-secrets.svc.cluster.local
- vaults:
- home-ops: 1
-
--- kubernetes/apps/media/plex/app Kustomization: flux-system/plex ExternalSecret: media/plex-volsync
+++ kubernetes/apps/media/plex/app Kustomization: flux-system/plex ExternalSecret: media/plex-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: plex-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/plex
--- kubernetes/apps/media/plex/app Kustomization: flux-system/plex ExternalSecret: media/plex-volsync-r2
+++ kubernetes/apps/media/plex/app Kustomization: flux-system/plex ExternalSecret: media/plex-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: plex-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/media/tautulli/app Kustomization: flux-system/tautulli ExternalSecret: media/tautulli-volsync
+++ kubernetes/apps/media/tautulli/app Kustomization: flux-system/tautulli ExternalSecret: media/tautulli-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: tautulli-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/tautulli
--- kubernetes/apps/media/tautulli/app Kustomization: flux-system/tautulli ExternalSecret: media/tautulli-volsync-r2
+++ kubernetes/apps/media/tautulli/app Kustomization: flux-system/tautulli ExternalSecret: media/tautulli-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: tautulli-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/media/xteve/app Kustomization: flux-system/xteve ExternalSecret: media/xteve-volsync
+++ kubernetes/apps/media/xteve/app Kustomization: flux-system/xteve ExternalSecret: media/xteve-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: xteve-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/xteve
--- kubernetes/apps/media/xteve/app Kustomization: flux-system/xteve ExternalSecret: media/xteve-volsync-r2
+++ kubernetes/apps/media/xteve/app Kustomization: flux-system/xteve ExternalSecret: media/xteve-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: xteve-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/selfhosted/memos/app Kustomization: flux-system/memos ExternalSecret: selfhosted/memos-volsync
+++ kubernetes/apps/selfhosted/memos/app Kustomization: flux-system/memos ExternalSecret: selfhosted/memos-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: memos-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/memos
--- kubernetes/apps/selfhosted/memos/app Kustomization: flux-system/memos ExternalSecret: selfhosted/memos-volsync-r2
+++ kubernetes/apps/selfhosted/memos/app Kustomization: flux-system/memos ExternalSecret: selfhosted/memos-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: memos-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/selfhosted/atuin/app Kustomization: flux-system/atuin ExternalSecret: selfhosted/atuin
+++ kubernetes/apps/selfhosted/atuin/app Kustomization: flux-system/atuin ExternalSecret: selfhosted/atuin
@@ -13,13 +13,13 @@
- extract:
key: atuin
- extract:
key: cloudnative-pg
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: atuin-secret
template:
data:
ATUIN_DB_URI: postgres://{{ .POSTGRES_USER }}:{{ .POSTGRES_PASS }}@postgres-rw.database.svc.cluster.local/atuin
INIT_POSTGRES_DBNAME: atuin
--- kubernetes/apps/selfhosted/atuin/app Kustomization: flux-system/atuin ExternalSecret: selfhosted/atuin-volsync
+++ kubernetes/apps/selfhosted/atuin/app Kustomization: flux-system/atuin ExternalSecret: selfhosted/atuin-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: atuin-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/atuin
--- kubernetes/apps/selfhosted/atuin/app Kustomization: flux-system/atuin ExternalSecret: selfhosted/atuin-volsync-r2
+++ kubernetes/apps/selfhosted/atuin/app Kustomization: flux-system/atuin ExternalSecret: selfhosted/atuin-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: atuin-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/selfhosted/actual/app Kustomization: flux-system/actual ExternalSecret: selfhosted/actual-volsync
+++ kubernetes/apps/selfhosted/actual/app Kustomization: flux-system/actual ExternalSecret: selfhosted/actual-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: actual-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/actual
--- kubernetes/apps/selfhosted/actual/app Kustomization: flux-system/actual ExternalSecret: selfhosted/actual-volsync-r2
+++ kubernetes/apps/selfhosted/actual/app Kustomization: flux-system/actual ExternalSecret: selfhosted/actual-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: actual-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/gha-runner-scale-set-controller
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/gha-runner-scale-set-controller
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: gha-runner-scale-set-controller
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cert-manager-issuers
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cert-manager-issuers
@@ -10,13 +10,13 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: cert-manager-issuers
dependsOn:
- name: cert-manager
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/cert-manager/cert-manager/issuers
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cert-manager-tls
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cert-manager-tls
@@ -10,13 +10,13 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: cert-manager-tls
dependsOn:
- name: cert-manager-issuers
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/cert-manager/cert-manager/tls
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cloudnative-pg
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cloudnative-pg
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: cloudnative-pg
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/database/cloudnative-pg/app
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/emqx
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/emqx
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: emqx
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/database/emqx/app
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/external-secrets
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/external-secrets
@@ -16,8 +16,8 @@
prune: true
sourceRef:
kind: GitRepository
name: flux-system
targetNamespace: external-secrets
timeout: 5m
- wait: true
+ wait: false
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/external-secrets-stores
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/external-secrets-stores
@@ -1,25 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: external-secrets-stores
- namespace: flux-system
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: external-secrets-stores
- dependsOn:
- - name: external-secrets
- interval: 30m
- path: ./kubernetes/apps/external-secrets/external-secrets/stores
- prune: true
- sourceRef:
- kind: GitRepository
- name: flux-system
- targetNamespace: external-secrets
- timeout: 5m
- wait: true
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/onepassword-connect
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/onepassword-connect
@@ -1,23 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: onepassword-connect
- namespace: flux-system
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: onepassword-connect
- interval: 30m
- path: ./kubernetes/apps/external-secrets/onepassword-connect/app
- prune: true
- sourceRef:
- kind: GitRepository
- name: flux-system
- targetNamespace: external-secrets
- timeout: 5m
- wait: false
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/audiobookshelf
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/audiobookshelf
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: audiobookshelf
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/media/audiobookshelf/app
postBuild:
substitute:
APP: audiobookshelf
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/autobrr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/autobrr
@@ -10,13 +10,13 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: autobrr
dependsOn:
- name: cloudnative-pg-cluster
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/media/autobrr/app
postBuild:
substitute:
APP: autobrr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/bazarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/bazarr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: bazarr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/media/bazarr/app
postBuild:
substitute:
APP: bazarr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/jellyseerr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/jellyseerr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: jellyseerr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/media/jellyseerr/app
postBuild:
substitute:
APP: jellyseerr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/prowlarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/prowlarr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: prowlarr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/media/prowlarr/app
postBuild:
substitute:
APP: prowlarr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/qbittorrent
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/qbittorrent
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: qbittorrent
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/media/qbittorrent/app
postBuild:
substitute:
APP: qbittorrent
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/qbittorrent-tools
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/qbittorrent-tools
@@ -13,13 +13,13 @@
app.kubernetes.io/name: qbittorrent-tools
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/media/qbittorrent/tools
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/radarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/radarr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: radarr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/media/radarr/app
postBuild:
substitute:
APP: radarr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/readarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/readarr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: readarr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/media/readarr/app
postBuild:
substitute:
APP: readarr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/recyclarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/recyclarr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: recyclarr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/media/recyclarr/app
postBuild:
substitute:
APP: recyclarr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/sonarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/sonarr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: sonarr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/media/sonarr/app
postBuild:
substitute:
APP: sonarr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/unpackerr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/unpackerr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: unpackerr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/media/unpackerr/app
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cloudflared
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cloudflared
@@ -10,13 +10,13 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: cloudflared
dependsOn:
- name: external-dns-cloudflare
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/network/cloudflared/app
prune: false
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/external-dns-cloudflare
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/external-dns-cloudflare
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: external-dns-cloudflare
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/network/external-dns/cloudflare
prune: false
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/external-dns-unifi
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/external-dns-unifi
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: external-dns-unifi
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/network/external-dns/unifi
prune: false
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/gatus
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/gatus
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: gatus
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/observability/gatus/app
postBuild:
substitute:
APP: gatus
GATUS_SUBDOMAIN: status
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/grafana
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/grafana
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: grafana
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/observability/grafana/app
postBuild:
substitute:
APP: grafana
prune: true
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/kube-prometheus-stack
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/kube-prometheus-stack
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: kube-prometheus-stack
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/observability/kube-prometheus-stack/app
postBuild:
substitute:
APP: kube-prometheus-stack
GATUS_SUBDOMAIN: prometheus
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/unpoller
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/unpoller
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: unpoller
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/observability/unpoller/app
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/rook-ceph
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/rook-ceph
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: rook-ceph
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/rook-ceph/rook-ceph/app
prune: false
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/rook-ceph-cluster
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/rook-ceph-cluster
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: rook-ceph-cluster
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/rook-ceph/rook-ceph/cluster
postBuild:
substitute:
APP: rook-ceph-cluster
GATUS_SUBDOMAIN: rook
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/authentik
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/authentik
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: authentik
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/selfhosted/authentik/app
postBuild:
substitute:
APP: authentik
GATUS_SUBDOMAIN: auth
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/home-assistant
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/home-assistant
@@ -10,13 +10,13 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: home-assistant
dependsOn:
- name: emqx-cluster
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/selfhosted/home-assistant/app
postBuild:
substitute:
APP: home-assistant
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/immich
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/immich
@@ -10,13 +10,13 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: immich
dependsOn:
- name: cloudnative-pg-cluster
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/selfhosted/immich/app
postBuild:
substitute:
APP: immich
GATUS_SUBDOMAIN: photos
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/miniflux
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/miniflux
@@ -10,13 +10,13 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: miniflux
dependsOn:
- name: cloudnative-pg-cluster
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/selfhosted/miniflux/app
postBuild:
substitute:
APP: miniflux
prune: true
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/paperless
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/paperless
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: paperless
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/selfhosted/paperless/app
postBuild:
substitute:
APP: paperless
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/vikunja
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/vikunja
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: vikunja
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/selfhosted/vikunja/app
postBuild:
substitute:
APP: vikunja
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/onepassword
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/onepassword
@@ -0,0 +1,23 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: onepassword
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: onepassword
+ interval: 30m
+ path: ./kubernetes/apps/external-secrets/onepassword/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: flux-system
+ targetNamespace: external-secrets
+ timeout: 5m
+ wait: true
+
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/onepassword-store
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/onepassword-store
@@ -0,0 +1,25 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: onepassword-store
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: onepassword-store
+ dependsOn:
+ - name: onepassword
+ interval: 30m
+ path: ./kubernetes/apps/external-secrets/onepassword/store
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: flux-system
+ targetNamespace: external-secrets
+ timeout: 5m
+ wait: true
+
--- kubernetes/apps/network/external-dns/cloudflare Kustomization: flux-system/external-dns-cloudflare ExternalSecret: network/external-dns-cloudflare
+++ kubernetes/apps/network/external-dns/cloudflare Kustomization: flux-system/external-dns-cloudflare ExternalSecret: network/external-dns-cloudflare
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: cloudflare
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: external-dns-cloudflare-secret
template:
data:
CF_API_EMAIL: '{{ .CLOUDFLARE_EMAIL }}'
CF_API_KEY: '{{ .CLOUDFLARE_API_KEY }}'
--- kubernetes/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/cert-manager-issuers ExternalSecret: cert-manager/cloudflare-issuer
+++ kubernetes/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/cert-manager-issuers ExternalSecret: cert-manager/cloudflare-issuer
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: cloudflare
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: cloudflare-issuer-secret
template:
data:
CLOUDFLARE_API_KEY: '{{ .CLOUDFLARE_API_KEY }}'
engineVersion: v2
--- kubernetes/apps/observability/grafana/app Kustomization: flux-system/grafana ExternalSecret: observability/grafana-admin
+++ kubernetes/apps/observability/grafana/app Kustomization: flux-system/grafana ExternalSecret: observability/grafana-admin
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: grafana
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: grafana-admin-secret
template:
data:
admin-password: '{{ .GRAFANA_ADMIN_PASSWORD }}'
admin-user: '{{ .GRAFANA_ADMIN_USERNAME }}'
--- kubernetes/apps/database/cloudnative-pg/app Kustomization: flux-system/cloudnative-pg ExternalSecret: database/cloudnative-pg
+++ kubernetes/apps/database/cloudnative-pg/app Kustomization: flux-system/cloudnative-pg ExternalSecret: database/cloudnative-pg
@@ -29,13 +29,13 @@
- remoteRef:
key: cloudflare
property: CLOUDFLARE_ACCOUNT_TAG
secretKey: CLOUDFLARE_ACCOUNT_TAG
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: cloudnative-pg-secret
template:
engineVersion: v2
metadata:
labels:
--- kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app Kustomization: flux-system/gha-runner-scale-set-controller ExternalSecret: actions-runner-system/actions-runner-controller-auth
+++ kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app Kustomization: flux-system/gha-runner-scale-set-controller ExternalSecret: actions-runner-system/actions-runner-controller-auth
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: actions-runner-controller
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: actions-runner-controller-auth-secret
template:
data:
ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID: '{{ .ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID
}}'
--- kubernetes/apps/selfhosted/authentik/app Kustomization: flux-system/authentik ExternalSecret: selfhosted/authentik
+++ kubernetes/apps/selfhosted/authentik/app Kustomization: flux-system/authentik ExternalSecret: selfhosted/authentik
@@ -15,13 +15,13 @@
- extract:
key: cloudnative-pg
- extract:
key: cloudflare
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: authentik-secret
template:
data:
AUTHENTIK_EMAIL__HOST: smtp.office365.com
AUTHENTIK_EMAIL__PASSWORD: '{{ .AUTHENTIK_EMAIL__PASSWORD }}'
--- kubernetes/apps/network/external-dns/unifi Kustomization: flux-system/external-dns-unifi ExternalSecret: network/external-dns-unifi
+++ kubernetes/apps/network/external-dns/unifi Kustomization: flux-system/external-dns-unifi ExternalSecret: network/external-dns-unifi
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: external-dns-unifi
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: external-dns-unifi-secret
template:
data:
EXTERNAL_DNS_UNIFI_API_KEY: '{{ .EXTERNAL_DNS_UNIFI_API_KEY }}'
engineVersion: v2
--- kubernetes/apps/observability/kube-prometheus-stack/app Kustomization: flux-system/kube-prometheus-stack ExternalSecret: observability/alertmanager
+++ kubernetes/apps/observability/kube-prometheus-stack/app Kustomization: flux-system/kube-prometheus-stack ExternalSecret: observability/alertmanager
@@ -14,13 +14,13 @@
key: pushover
- extract:
key: alertmanager
refreshInterval: 5m
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: alertmanager-secret
template:
data:
ALERTMANAGER_HEARTBEAT_URL: '{{ .ALERTMANAGER_HEARTBEAT_URL }}'
ALERTMANAGER_PUSHOVER_TOKEN: '{{ .ALERTMANAGER_PUSHOVER_TOKEN }}'
--- kubernetes/apps/media/bazarr/app Kustomization: flux-system/bazarr ExternalSecret: media/bazarr
+++ kubernetes/apps/media/bazarr/app Kustomization: flux-system/bazarr ExternalSecret: media/bazarr
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: plex
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: bazarr-secret
template:
data:
PLEX_TOKEN: '{{ .PLEX_TOKEN }}'
engineVersion: v2
--- kubernetes/apps/media/bazarr/app Kustomization: flux-system/bazarr ExternalSecret: media/bazarr-volsync
+++ kubernetes/apps/media/bazarr/app Kustomization: flux-system/bazarr ExternalSecret: media/bazarr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: bazarr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/bazarr
--- kubernetes/apps/media/bazarr/app Kustomization: flux-system/bazarr ExternalSecret: media/bazarr-volsync-r2
+++ kubernetes/apps/media/bazarr/app Kustomization: flux-system/bazarr ExternalSecret: media/bazarr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: bazarr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/media/recyclarr/app Kustomization: flux-system/recyclarr ExternalSecret: media/recyclarr
+++ kubernetes/apps/media/recyclarr/app Kustomization: flux-system/recyclarr ExternalSecret: media/recyclarr
@@ -13,13 +13,13 @@
- extract:
key: radarr
- extract:
key: sonarr
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: recyclarr-secret
template:
data:
RADARR_API_KEY: '{{ .RADARR_API_KEY }}'
SONARR_API_KEY: '{{ .SONARR_API_KEY }}'
--- kubernetes/apps/media/recyclarr/app Kustomization: flux-system/recyclarr ExternalSecret: media/recyclarr-volsync
+++ kubernetes/apps/media/recyclarr/app Kustomization: flux-system/recyclarr ExternalSecret: media/recyclarr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: recyclarr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/recyclarr
--- kubernetes/apps/media/recyclarr/app Kustomization: flux-system/recyclarr ExternalSecret: media/recyclarr-volsync-r2
+++ kubernetes/apps/media/recyclarr/app Kustomization: flux-system/recyclarr ExternalSecret: media/recyclarr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: recyclarr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/observability/gatus/app Kustomization: flux-system/gatus ExternalSecret: observability/gatus
+++ kubernetes/apps/observability/gatus/app Kustomization: flux-system/gatus ExternalSecret: observability/gatus
@@ -13,13 +13,13 @@
- extract:
key: gatus
- extract:
key: pushover
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: gatus-secret
template:
data:
PUSHOVER_TOKEN: '{{ .GATUS_PUSHOVER_TOKEN }}'
PUSHOVER_USER_KEY: '{{ .PUSHOVER_USER_KEY }}'
--- kubernetes/apps/media/audiobookshelf/app Kustomization: flux-system/audiobookshelf ExternalSecret: media/audiobookshelf-volsync
+++ kubernetes/apps/media/audiobookshelf/app Kustomization: flux-system/audiobookshelf ExternalSecret: media/audiobookshelf-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: audiobookshelf-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/audiobookshelf
--- kubernetes/apps/media/audiobookshelf/app Kustomization: flux-system/audiobookshelf ExternalSecret: media/audiobookshelf-volsync-r2
+++ kubernetes/apps/media/audiobookshelf/app Kustomization: flux-system/audiobookshelf ExternalSecret: media/audiobookshelf-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: audiobookshelf-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/database/emqx/app Kustomization: flux-system/emqx ExternalSecret: database/emqx
+++ kubernetes/apps/database/emqx/app Kustomization: flux-system/emqx ExternalSecret: database/emqx
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: emqx
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: emqx-secret
template:
data:
EMQX_DASHBOARD__DEFAULT_PASSWORD: '{{ .EMQX_DASHBOARD__DEFAULT_PASSWORD }}'
EMQX_DASHBOARD__DEFAULT_USERNAME: '{{ .EMQX_DASHBOARD__DEFAULT_USERNAME }}'
--- kubernetes/apps/database/emqx/app Kustomization: flux-system/emqx ExternalSecret: database/emqx-init-user
+++ kubernetes/apps/database/emqx/app Kustomization: flux-system/emqx ExternalSecret: database/emqx-init-user
@@ -12,13 +12,13 @@
dataFrom:
- extract:
key: emqx
refreshInterval: 5m
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: emqx-init-user-secret
template:
data:
init-user.json: |
[{"user_id": "{{ .X_EMQX_MQTT_USERNAME }}", "password": "{{ .X_EMQX_MQTT_PASSWORD }}", "is_superuser": true}]
--- kubernetes/apps/selfhosted/paperless/app Kustomization: flux-system/paperless ExternalSecret: selfhosted/paperless
+++ kubernetes/apps/selfhosted/paperless/app Kustomization: flux-system/paperless ExternalSecret: selfhosted/paperless
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: paperless
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: paperless-secret
template:
data:
PAPERLESS_ADMIN_PASSWORD: '{{ .PAPERLESS_ADMIN_PASSWORD }}'
PAPERLESS_ADMIN_USER: '{{ .PAPERLESS_ADMIN_USER }}'
--- kubernetes/apps/selfhosted/paperless/app Kustomization: flux-system/paperless ExternalSecret: selfhosted/paperless-volsync
+++ kubernetes/apps/selfhosted/paperless/app Kustomization: flux-system/paperless ExternalSecret: selfhosted/paperless-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: paperless-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/paperless
--- kubernetes/apps/selfhosted/paperless/app Kustomization: flux-system/paperless ExternalSecret: selfhosted/paperless-volsync-r2
+++ kubernetes/apps/selfhosted/paperless/app Kustomization: flux-system/paperless ExternalSecret: selfhosted/paperless-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: paperless-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/media/prowlarr/app Kustomization: flux-system/prowlarr ExternalSecret: media/prowlarr
+++ kubernetes/apps/media/prowlarr/app Kustomization: flux-system/prowlarr ExternalSecret: media/prowlarr
@@ -13,13 +13,13 @@
- extract:
key: prowlarr
- extract:
key: cloudnative-pg
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: prowlarr-secret
template:
data:
PROWLARR__AUTH__APIKEY: '{{ .PROWLARR_API_KEY }}'
engineVersion: v2
--- kubernetes/apps/media/prowlarr/app Kustomization: flux-system/prowlarr ExternalSecret: media/prowlarr-volsync
+++ kubernetes/apps/media/prowlarr/app Kustomization: flux-system/prowlarr ExternalSecret: media/prowlarr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: prowlarr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/prowlarr
--- kubernetes/apps/media/prowlarr/app Kustomization: flux-system/prowlarr ExternalSecret: media/prowlarr-volsync-r2
+++ kubernetes/apps/media/prowlarr/app Kustomization: flux-system/prowlarr ExternalSecret: media/prowlarr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: prowlarr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/media/readarr/app Kustomization: flux-system/readarr ExternalSecret: media/readarr
+++ kubernetes/apps/media/readarr/app Kustomization: flux-system/readarr ExternalSecret: media/readarr
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: readarr
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: readarr-secret
template:
data:
READARR__AUTH__APIKEY: '{{ .READARR_API_KEY }}'
engineVersion: v2
--- kubernetes/apps/media/readarr/app Kustomization: flux-system/readarr ExternalSecret: media/readarr-volsync
+++ kubernetes/apps/media/readarr/app Kustomization: flux-system/readarr ExternalSecret: media/readarr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: readarr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/readarr
--- kubernetes/apps/media/readarr/app Kustomization: flux-system/readarr ExternalSecret: media/readarr-volsync-r2
+++ kubernetes/apps/media/readarr/app Kustomization: flux-system/readarr ExternalSecret: media/readarr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: readarr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/media/qbittorrent/app Kustomization: flux-system/qbittorrent ExternalSecret: media/qbittorrent-volsync
+++ kubernetes/apps/media/qbittorrent/app Kustomization: flux-system/qbittorrent ExternalSecret: media/qbittorrent-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: qbittorrent-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/qbittorrent
--- kubernetes/apps/media/qbittorrent/app Kustomization: flux-system/qbittorrent ExternalSecret: media/qbittorrent-volsync-r2
+++ kubernetes/apps/media/qbittorrent/app Kustomization: flux-system/qbittorrent ExternalSecret: media/qbittorrent-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: qbittorrent-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/media/radarr/app Kustomization: flux-system/radarr ExternalSecret: media/radarr
+++ kubernetes/apps/media/radarr/app Kustomization: flux-system/radarr ExternalSecret: media/radarr
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: radarr
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: radarr-secret
template:
data:
RADARR__AUTH__APIKEY: '{{ .RADARR_API_KEY }}'
engineVersion: v2
--- kubernetes/apps/media/radarr/app Kustomization: flux-system/radarr ExternalSecret: media/radarr-volsync
+++ kubernetes/apps/media/radarr/app Kustomization: flux-system/radarr ExternalSecret: media/radarr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: radarr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/radarr
--- kubernetes/apps/media/radarr/app Kustomization: flux-system/radarr ExternalSecret: media/radarr-volsync-r2
+++ kubernetes/apps/media/radarr/app Kustomization: flux-system/radarr ExternalSecret: media/radarr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: radarr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/media/jellyseerr/app Kustomization: flux-system/jellyseerr ExternalSecret: media/jellyseerr
+++ kubernetes/apps/media/jellyseerr/app Kustomization: flux-system/jellyseerr ExternalSecret: media/jellyseerr
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: jellyseerr
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: jellyseerr-secret
template:
data:
API_KEY: '{{ .JELLYSEERR_API_KEY }}'
engineVersion: v2
--- kubernetes/apps/media/jellyseerr/app Kustomization: flux-system/jellyseerr ExternalSecret: media/jellyseerr-volsync
+++ kubernetes/apps/media/jellyseerr/app Kustomization: flux-system/jellyseerr ExternalSecret: media/jellyseerr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: jellyseerr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/jellyseerr
--- kubernetes/apps/media/jellyseerr/app Kustomization: flux-system/jellyseerr ExternalSecret: media/jellyseerr-volsync-r2
+++ kubernetes/apps/media/jellyseerr/app Kustomization: flux-system/jellyseerr ExternalSecret: media/jellyseerr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: jellyseerr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/rook-ceph/rook-ceph/app Kustomization: flux-system/rook-ceph ExternalSecret: rook-ceph/rook-ceph-dashboard
+++ kubernetes/apps/rook-ceph/rook-ceph/app Kustomization: flux-system/rook-ceph ExternalSecret: rook-ceph/rook-ceph-dashboard
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: rook-ceph
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: rook-ceph-dashboard-password
template:
data:
password: '{{ .ROOK_DASHBOARD_PASSWORD }}'
engineVersion: v2
--- kubernetes/apps/observability/unpoller/app Kustomization: flux-system/unpoller ExternalSecret: observability/unpoller
+++ kubernetes/apps/observability/unpoller/app Kustomization: flux-system/unpoller ExternalSecret: observability/unpoller
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: unpoller
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: unpoller-secret
template:
data:
UP_UNIFI_DEFAULT_PASS: '{{ .UP_UNIFI_DEFAULT_PASS }}'
UP_UNIFI_DEFAULT_USER: '{{ .UP_UNIFI_DEFAULT_USER }}'
--- kubernetes/apps/media/unpackerr/app Kustomization: flux-system/unpackerr ExternalSecret: media/unpackerr
+++ kubernetes/apps/media/unpackerr/app Kustomization: flux-system/unpackerr ExternalSecret: media/unpackerr
@@ -13,13 +13,13 @@
- extract:
key: radarr
- extract:
key: sonarr
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: unpackerr-secret
template:
data:
UN_RADARR_0_API_KEY: '{{ .RADARR_API_KEY }}'
UN_SONARR_0_API_KEY: '{{ .SONARR_API_KEY }}'
--- kubernetes/apps/media/sonarr/app Kustomization: flux-system/sonarr ExternalSecret: media/sonarr
+++ kubernetes/apps/media/sonarr/app Kustomization: flux-system/sonarr ExternalSecret: media/sonarr
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: sonarr
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: sonarr-secret
template:
data:
SONARR__AUTH__APIKEY: '{{ .SONARR_API_KEY }}'
engineVersion: v2
--- kubernetes/apps/media/sonarr/app Kustomization: flux-system/sonarr ExternalSecret: media/sonarr-volsync
+++ kubernetes/apps/media/sonarr/app Kustomization: flux-system/sonarr ExternalSecret: media/sonarr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: sonarr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/sonarr
--- kubernetes/apps/media/sonarr/app Kustomization: flux-system/sonarr ExternalSecret: media/sonarr-volsync-r2
+++ kubernetes/apps/media/sonarr/app Kustomization: flux-system/sonarr ExternalSecret: media/sonarr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: sonarr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/selfhosted/vikunja/app Kustomization: flux-system/vikunja ExternalSecret: selfhosted/vikunja
+++ kubernetes/apps/selfhosted/vikunja/app Kustomization: flux-system/vikunja ExternalSecret: selfhosted/vikunja
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: vikunja
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: vikunja-secret
template:
data:
VIKUNJA_OAUTH_AUTH_URL: '{{ .VIKUNJA_OAUTH_AUTH_URL }}'
VIKUNJA_OAUTH_CLIENT_ID: '{{ .VIKUNJA_OAUTH_CLIENT_ID }}'
--- kubernetes/apps/selfhosted/vikunja/app Kustomization: flux-system/vikunja ExternalSecret: selfhosted/vikunja-configmap
+++ kubernetes/apps/selfhosted/vikunja/app Kustomization: flux-system/vikunja ExternalSecret: selfhosted/vikunja-configmap
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: vikunja
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: vikunja-configmap-secret
template:
templateFrom:
- configMap:
items:
--- kubernetes/apps/selfhosted/vikunja/app Kustomization: flux-system/vikunja ExternalSecret: selfhosted/vikunja-volsync
+++ kubernetes/apps/selfhosted/vikunja/app Kustomization: flux-system/vikunja ExternalSecret: selfhosted/vikunja-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: vikunja-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/vikunja
--- kubernetes/apps/selfhosted/vikunja/app Kustomization: flux-system/vikunja ExternalSecret: selfhosted/vikunja-volsync-r2
+++ kubernetes/apps/selfhosted/vikunja/app Kustomization: flux-system/vikunja ExternalSecret: selfhosted/vikunja-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: vikunja-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/cert-manager/cert-manager/tls Kustomization: flux-system/cert-manager-tls PushSecret: cert-manager/rodent-cc-tls
+++ kubernetes/apps/cert-manager/cert-manager/tls Kustomization: flux-system/cert-manager-tls PushSecret: cert-manager/rodent-cc-tls
@@ -19,13 +19,13 @@
remoteRef:
property: tls.key
remoteKey: rodent-cc-tls
secretKey: tls.key
secretStoreRefs:
- kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
selector:
secret:
name: rodent-cc-tls
template:
data:
tls.crt: '{{ index . "tls.crt" | b64enc }}'
--- kubernetes/apps/network/cloudflared/app Kustomization: flux-system/cloudflared ExternalSecret: network/cloudflared-tunnel
+++ kubernetes/apps/network/cloudflared/app Kustomization: flux-system/cloudflared ExternalSecret: network/cloudflared-tunnel
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: cloudflare
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: cloudflared-tunnel-secret
template:
data:
credentials.json: |
{
--- kubernetes/apps/selfhosted/miniflux/app Kustomization: flux-system/miniflux ExternalSecret: selfhosted/miniflux
+++ kubernetes/apps/selfhosted/miniflux/app Kustomization: flux-system/miniflux ExternalSecret: selfhosted/miniflux
@@ -13,13 +13,13 @@
- extract:
key: miniflux
- extract:
key: cloudnative-pg
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: miniflux-secret
template:
data:
ADMIN_PASSWORD: '{{ .MINIFLUX_ADMIN_PASSWORD }}'
ADMIN_USERNAME: '{{ .MINIFLUX_ADMIN_USERNAME }}'
--- kubernetes/apps/selfhosted/home-assistant/app Kustomization: flux-system/home-assistant ExternalSecret: selfhosted/home-assistant
+++ kubernetes/apps/selfhosted/home-assistant/app Kustomization: flux-system/home-assistant ExternalSecret: selfhosted/home-assistant
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: home-assistant
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: home-assistant-secret
template:
data:
HASS_ELEVATION: '{{ .HASS_ELEVATION }}'
HASS_GOOGLE_PROJECT_ID: '{{ .HASS_GOOGLE_PROJECT_ID }}'
--- kubernetes/apps/selfhosted/home-assistant/app Kustomization: flux-system/home-assistant ExternalSecret: selfhosted/home-assistant-volsync
+++ kubernetes/apps/selfhosted/home-assistant/app Kustomization: flux-system/home-assistant ExternalSecret: selfhosted/home-assistant-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: home-assistant-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/home-assistant
--- kubernetes/apps/selfhosted/home-assistant/app Kustomization: flux-system/home-assistant ExternalSecret: selfhosted/home-assistant-volsync-r2
+++ kubernetes/apps/selfhosted/home-assistant/app Kustomization: flux-system/home-assistant ExternalSecret: selfhosted/home-assistant-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: home-assistant-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/selfhosted/immich/app Kustomization: flux-system/immich ExternalSecret: selfhosted/immich
+++ kubernetes/apps/selfhosted/immich/app Kustomization: flux-system/immich ExternalSecret: selfhosted/immich
@@ -13,13 +13,13 @@
- extract:
key: immich
- extract:
key: cloudnative-pg
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: immich-secret
template:
data:
DB_DATABASE_NAME: immich
DB_HOSTNAME: postgres-immich-rw.database.svc.cluster.local
--- kubernetes/apps/network/nginx/external Kustomization: flux-system/nginx-external ExternalSecret: network/nginx-external
+++ kubernetes/apps/network/nginx/external Kustomization: flux-system/nginx-external ExternalSecret: network/nginx-external
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: maxmind
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: nginx-external-maxmind-secret
template:
data:
MAXMIND_LICENSE_KEY: '{{ .MAXMIND_LICENSE_KEY }}'
engineVersion: v2
--- kubernetes/apps/media/autobrr/app Kustomization: flux-system/autobrr ExternalSecret: media/autobrr
+++ kubernetes/apps/media/autobrr/app Kustomization: flux-system/autobrr ExternalSecret: media/autobrr
@@ -13,13 +13,13 @@
- extract:
key: autobrr
- extract:
key: cloudnative-pg
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: autobrr-secret
template:
data:
AUTOBRR__DATABASE_TYPE: postgres
AUTOBRR__POSTGRES_DATABASE: autobrr
--- kubernetes/apps/media/autobrr/app Kustomization: flux-system/autobrr ExternalSecret: media/autobrr-volsync
+++ kubernetes/apps/media/autobrr/app Kustomization: flux-system/autobrr ExternalSecret: media/autobrr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: autobrr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/autobrr
--- kubernetes/apps/media/autobrr/app Kustomization: flux-system/autobrr ExternalSecret: media/autobrr-volsync-r2
+++ kubernetes/apps/media/autobrr/app Kustomization: flux-system/autobrr ExternalSecret: media/autobrr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: autobrr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/external-secrets/onepassword/app Kustomization: flux-system/onepassword HelmRelease: external-secrets/onepassword
+++ kubernetes/apps/external-secrets/onepassword/app Kustomization: flux-system/onepassword HelmRelease: external-secrets/onepassword
@@ -0,0 +1,145 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/name: onepassword
+ kustomize.toolkit.fluxcd.io/name: onepassword
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: onepassword
+ namespace: external-secrets
+spec:
+ chart:
+ spec:
+ chart: app-template
+ sourceRef:
+ kind: HelmRepository
+ name: bjw-s
+ namespace: flux-system
+ version: 3.6.1
+ install:
+ remediation:
+ retries: 3
+ interval: 30m
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ strategy: rollback
+ values:
+ controllers:
+ onepassword:
+ annotations:
+ reloader.stakater.com/auto: 'true'
+ containers:
+ api:
+ env:
+ OP_BUS_PEERS: localhost:11221
+ OP_BUS_PORT: 11220
+ OP_HTTP_PORT: 80
+ OP_SESSION:
+ valueFrom:
+ secretKeyRef:
+ key: 1password-credentials.json
+ name: onepassword-secret
+ XDG_DATA_HOME: /config
+ image:
+ repository: docker.io/1password/connect-api
+ tag: 1.7.3@sha256:0601c7614e102eada268dbda6ba4b5886ce77713be2c332ec6a2fd0f028484ba
+ probes:
+ liveness:
+ custom: true
+ enabled: true
+ spec:
+ failureThreshold: 3
+ httpGet:
+ path: /heartbeat
+ port: 80
+ initialDelaySeconds: 15
+ periodSeconds: 30
+ readiness:
+ custom: true
+ enabled: true
+ spec:
+ httpGet:
+ path: /health
+ port: 80
+ initialDelaySeconds: 15
+ resources:
+ limits:
+ memory: 256M
+ requests:
+ cpu: 10m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ sync:
+ env:
+ OP_BUS_PEERS: localhost:11220
+ OP_BUS_PORT: 11221
+ OP_HTTP_PORT: 8081
+ OP_SESSION:
+ valueFrom:
+ secretKeyRef:
+ key: 1password-credentials.json
+ name: onepassword-secret
+ XDG_DATA_HOME: /config
+ image:
+ repository: docker.io/1password/connect-sync
+ tag: 1.7.3@sha256:2f17621c7eb27bbcb1f86bbc5e5a5198bf54ac3b9c2ffac38064d03c932b07d5
+ probes:
+ liveness:
+ custom: true
+ enabled: true
+ spec:
+ failureThreshold: 3
+ httpGet:
+ path: /heartbeat
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 30
+ readiness:
+ custom: true
+ enabled: true
+ spec:
+ httpGet:
+ path: /health
+ port: 8081
+ initialDelaySeconds: 15
+ resources:
+ limits:
+ memory: 256M
+ requests:
+ cpu: 10m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ replicas: 1
+ strategy: RollingUpdate
+ defaultPodOptions:
+ securityContext:
+ fsGroup: 999
+ fsGroupChangePolicy: OnRootMismatch
+ runAsGroup: 999
+ runAsNonRoot: true
+ runAsUser: 999
+ seccompProfile:
+ type: RuntimeDefault
+ persistence:
+ config:
+ globalMounts:
+ - path: /config
+ type: emptyDir
+ service:
+ app:
+ controller: onepassword
+ ports:
+ http:
+ port: 80
+
--- kubernetes/apps/external-secrets/onepassword/store Kustomization: flux-system/onepassword-store ClusterSecretStore: external-secrets/onepassword
+++ kubernetes/apps/external-secrets/onepassword/store Kustomization: flux-system/onepassword-store ClusterSecretStore: external-secrets/onepassword
@@ -0,0 +1,23 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+ labels:
+ app.kubernetes.io/name: onepassword-store
+ kustomize.toolkit.fluxcd.io/name: onepassword-store
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: onepassword
+ namespace: external-secrets
+spec:
+ provider:
+ onepassword:
+ auth:
+ secretRef:
+ connectTokenSecretRef:
+ key: token
+ name: onepassword-secret
+ namespace: external-secrets
+ connectHost: http://onepassword.external-secrets.svc.cluster.local
+ vaults:
+ Kubernetes: 1
+ |
--- HelmRelease: external-secrets/onepassword-connect Service: external-secrets/onepassword-connect
+++ HelmRelease: external-secrets/onepassword-connect Service: external-secrets/onepassword-connect
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: onepassword-connect
- labels:
- app.kubernetes.io/instance: onepassword-connect
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: onepassword-connect
- app.kubernetes.io/service: onepassword-connect
-spec:
- type: ClusterIP
- ports:
- - port: 80
- targetPort: 80
- protocol: TCP
- name: http
- selector:
- app.kubernetes.io/component: onepassword-connect
- app.kubernetes.io/instance: onepassword-connect
- app.kubernetes.io/name: onepassword-connect
-
--- HelmRelease: external-secrets/onepassword-connect Deployment: external-secrets/onepassword-connect
+++ HelmRelease: external-secrets/onepassword-connect Deployment: external-secrets/onepassword-connect
@@ -1,133 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: onepassword-connect
- labels:
- app.kubernetes.io/component: onepassword-connect
- app.kubernetes.io/instance: onepassword-connect
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: onepassword-connect
- annotations:
- reloader.stakater.com/auto: 'true'
-spec:
- revisionHistoryLimit: 3
- replicas: 1
- strategy:
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/component: onepassword-connect
- app.kubernetes.io/name: onepassword-connect
- app.kubernetes.io/instance: onepassword-connect
- template:
- metadata:
- labels:
- app.kubernetes.io/component: onepassword-connect
- app.kubernetes.io/instance: onepassword-connect
- app.kubernetes.io/name: onepassword-connect
- spec:
- enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
- securityContext:
- fsGroup: 999
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 999
- runAsNonRoot: true
- runAsUser: 999
- seccompProfile:
- type: RuntimeDefault
- hostIPC: false
- hostNetwork: false
- hostPID: false
- dnsPolicy: ClusterFirst
- containers:
- - env:
- - name: OP_BUS_PEERS
- value: localhost:11221
- - name: OP_BUS_PORT
- value: '11220'
- - name: OP_HTTP_PORT
- value: '80'
- - name: OP_SESSION
- valueFrom:
- secretKeyRef:
- key: 1password-credentials.json
- name: onepassword-connect-secret
- - name: XDG_DATA_HOME
- value: /config
- image: docker.io/1password/connect-api:1.7.3@sha256:0601c7614e102eada268dbda6ba4b5886ce77713be2c332ec6a2fd0f028484ba
- livenessProbe:
- failureThreshold: 3
- httpGet:
- path: /heartbeat
- port: 80
- initialDelaySeconds: 15
- periodSeconds: 30
- name: api
- readinessProbe:
- httpGet:
- path: /health
- port: 80
- initialDelaySeconds: 15
- resources:
- limits:
- memory: 256M
- requests:
- cpu: 10m
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- volumeMounts:
- - mountPath: /config
- name: config
- - env:
- - name: OP_BUS_PEERS
- value: localhost:11220
- - name: OP_BUS_PORT
- value: '11221'
- - name: OP_HTTP_PORT
- value: '8081'
- - name: OP_SESSION
- valueFrom:
- secretKeyRef:
- key: 1password-credentials.json
- name: onepassword-connect-secret
- - name: XDG_DATA_HOME
- value: /config
- image: docker.io/1password/connect-sync:1.7.3@sha256:2f17621c7eb27bbcb1f86bbc5e5a5198bf54ac3b9c2ffac38064d03c932b07d5
- livenessProbe:
- failureThreshold: 3
- httpGet:
- path: /heartbeat
- port: 8081
- initialDelaySeconds: 15
- periodSeconds: 30
- name: sync
- readinessProbe:
- httpGet:
- path: /health
- port: 8081
- initialDelaySeconds: 15
- resources:
- limits:
- memory: 256M
- requests:
- cpu: 10m
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- volumeMounts:
- - mountPath: /config
- name: config
- volumes:
- - emptyDir: {}
- name: config
-
--- HelmRelease: external-secrets/onepassword Service: external-secrets/onepassword
+++ HelmRelease: external-secrets/onepassword Service: external-secrets/onepassword
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: onepassword
+ labels:
+ app.kubernetes.io/instance: onepassword
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: onepassword
+ app.kubernetes.io/service: onepassword
+spec:
+ type: ClusterIP
+ ports:
+ - port: 80
+ targetPort: 80
+ protocol: TCP
+ name: http
+ selector:
+ app.kubernetes.io/component: onepassword
+ app.kubernetes.io/instance: onepassword
+ app.kubernetes.io/name: onepassword
+
--- HelmRelease: external-secrets/onepassword Deployment: external-secrets/onepassword
+++ HelmRelease: external-secrets/onepassword Deployment: external-secrets/onepassword
@@ -0,0 +1,133 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: onepassword
+ labels:
+ app.kubernetes.io/component: onepassword
+ app.kubernetes.io/instance: onepassword
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: onepassword
+ annotations:
+ reloader.stakater.com/auto: 'true'
+spec:
+ revisionHistoryLimit: 3
+ replicas: 1
+ strategy:
+ type: RollingUpdate
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: onepassword
+ app.kubernetes.io/name: onepassword
+ app.kubernetes.io/instance: onepassword
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/component: onepassword
+ app.kubernetes.io/instance: onepassword
+ app.kubernetes.io/name: onepassword
+ spec:
+ enableServiceLinks: false
+ serviceAccountName: default
+ automountServiceAccountToken: true
+ securityContext:
+ fsGroup: 999
+ fsGroupChangePolicy: OnRootMismatch
+ runAsGroup: 999
+ runAsNonRoot: true
+ runAsUser: 999
+ seccompProfile:
+ type: RuntimeDefault
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
+ dnsPolicy: ClusterFirst
+ containers:
+ - env:
+ - name: OP_BUS_PEERS
+ value: localhost:11221
+ - name: OP_BUS_PORT
+ value: '11220'
+ - name: OP_HTTP_PORT
+ value: '80'
+ - name: OP_SESSION
+ valueFrom:
+ secretKeyRef:
+ key: 1password-credentials.json
+ name: onepassword-secret
+ - name: XDG_DATA_HOME
+ value: /config
+ image: docker.io/1password/connect-api:1.7.3@sha256:0601c7614e102eada268dbda6ba4b5886ce77713be2c332ec6a2fd0f028484ba
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /heartbeat
+ port: 80
+ initialDelaySeconds: 15
+ periodSeconds: 30
+ name: api
+ readinessProbe:
+ httpGet:
+ path: /health
+ port: 80
+ initialDelaySeconds: 15
+ resources:
+ limits:
+ memory: 256M
+ requests:
+ cpu: 10m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /config
+ name: config
+ - env:
+ - name: OP_BUS_PEERS
+ value: localhost:11220
+ - name: OP_BUS_PORT
+ value: '11221'
+ - name: OP_HTTP_PORT
+ value: '8081'
+ - name: OP_SESSION
+ valueFrom:
+ secretKeyRef:
+ key: 1password-credentials.json
+ name: onepassword-secret
+ - name: XDG_DATA_HOME
+ value: /config
+ image: docker.io/1password/connect-sync:1.7.3@sha256:2f17621c7eb27bbcb1f86bbc5e5a5198bf54ac3b9c2ffac38064d03c932b07d5
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /heartbeat
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 30
+ name: sync
+ readinessProbe:
+ httpGet:
+ path: /health
+ port: 8081
+ initialDelaySeconds: 15
+ resources:
+ limits:
+ memory: 256M
+ requests:
+ cpu: 10m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /config
+ name: config
+ volumes:
+ - emptyDir: {}
+ name: config
+ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.