From eb1bd5f704ce84db80cbeb30a4836402c148c1ac Mon Sep 17 00:00:00 2001 From: Amarpreet Minhas Date: Mon, 10 Jul 2023 20:46:00 +0000 Subject: [PATCH] Extend secrets helm chart --- argo/miniflux/values.yaml | 17 ++++++++++------- argo/pihole/values.yaml | 10 ++++++---- argo/secrets/templates/external-secrets.yaml | 10 ++++++---- argo/vault-config-operator/values.yaml | 10 ++++++---- .../cert-manager-stack}/external-secrets.yaml | 0 .../cert-manager-stack}/install.sh | 0 .../cert-manager-stack}/issuers.yaml | 0 7 files changed, 28 insertions(+), 19 deletions(-) rename helm/{setup/003-cert-manager => apps/cert-manager-stack}/external-secrets.yaml (100%) rename helm/{setup/003-cert-manager => apps/cert-manager-stack}/install.sh (100%) rename helm/{setup/003-cert-manager => apps/cert-manager-stack}/issuers.yaml (100%) diff --git a/argo/miniflux/values.yaml b/argo/miniflux/values.yaml index d0b36a9..2a63a7f 100644 --- a/argo/miniflux/values.yaml +++ b/argo/miniflux/values.yaml @@ -6,13 +6,16 @@ serviceAccountName: miniflux externalSecrets: secretStoreName: miniflux vaultRole: miniflux - secrets: - - secretKey: miniflux_admin_pw - key: miniflux - property: miniflux_admin_pw - - secretKey: miniflux_db_url - key: miniflux - property: miniflux_db_url + secretPaths: + - name: miniflux + secrets: + - secretKey: miniflux_admin_pw + key: miniflux + property: miniflux_admin_pw + - secretKey: miniflux_db_url + key: miniflux + property: miniflux_db_url + istio: commonName: rss.minhas.io ingressSelector: ingressgateway diff --git a/argo/pihole/values.yaml b/argo/pihole/values.yaml index 1365b9c..f67b7ea 100644 --- a/argo/pihole/values.yaml +++ b/argo/pihole/values.yaml @@ -6,10 +6,12 @@ serviceAccountName: default externalSecrets: secretStoreName: default vaultRole: external-dns - secrets: - - secretKey: pihole-password - key: external-dns - property: pihole-password + secretPaths: + - name: pihole + secrets: + - secretKey: pihole-password + key: external-dns + property: pihole-password # app serviceDns: diff --git a/argo/secrets/templates/external-secrets.yaml b/argo/secrets/templates/external-secrets.yaml index c043782..2d1a24e 100644 --- a/argo/secrets/templates/external-secrets.yaml +++ b/argo/secrets/templates/external-secrets.yaml @@ -59,18 +59,19 @@ spec: secretRef: name: "serviceaccounttoken" ... +{{- range .Values.externalSecrets.secretPaths }} --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: {{ .Values.name }} - namespace: {{ .Values.namespace }} + name: {{ .name }} + namespace: {{ $.Values.namespace }} spec: secretStoreRef: - name: {{ .Values.externalSecrets.secretStoreName }} + name: {{ $.Values.externalSecrets.secretStoreName }} kind: SecretStore data: -{{- range .Values.externalSecrets.secrets }} +{{- range .secrets }} - secretKey: {{ .secretKey }} remoteRef: conversionStrategy: Default @@ -79,4 +80,5 @@ spec: property: {{ .property }} {{- end }} ... +{{- end }} {{ end }} diff --git a/argo/vault-config-operator/values.yaml b/argo/vault-config-operator/values.yaml index 29b6541..5c58fa9 100644 --- a/argo/vault-config-operator/values.yaml +++ b/argo/vault-config-operator/values.yaml @@ -5,10 +5,12 @@ serviceAccountName: vault-config-operator externalSecrets: secretStoreName: vault-config-operator vaultRole: vault-config-operator - secrets: - - secretKey: ca.crt - key: vault-config-operator - property: ca.crt + secretPaths: + - name: vault-config-operator + secrets: + - secretKey: ca.crt + key: vault-config-operator + property: ca.crt enableCertManager: true diff --git a/helm/setup/003-cert-manager/external-secrets.yaml b/helm/apps/cert-manager-stack/external-secrets.yaml similarity index 100% rename from helm/setup/003-cert-manager/external-secrets.yaml rename to helm/apps/cert-manager-stack/external-secrets.yaml diff --git a/helm/setup/003-cert-manager/install.sh b/helm/apps/cert-manager-stack/install.sh similarity index 100% rename from helm/setup/003-cert-manager/install.sh rename to helm/apps/cert-manager-stack/install.sh diff --git a/helm/setup/003-cert-manager/issuers.yaml b/helm/apps/cert-manager-stack/issuers.yaml similarity index 100% rename from helm/setup/003-cert-manager/issuers.yaml rename to helm/apps/cert-manager-stack/issuers.yaml