Extend secrets helm chart

2023-07-10 20:46:00 +00:00 · 2023-07-10 20:46:00 +00:00 · eb1bd5f704
commit eb1bd5f704
parent e66e15aecb
7 changed files with 28 additions and 19 deletions
--- a/argo/miniflux/values.yaml
+++ b/argo/miniflux/values.yaml
@ -6,13 +6,16 @@ serviceAccountName: miniflux
 externalSecrets:
  secretStoreName: miniflux
  vaultRole: miniflux
-  secrets:
-    - secretKey: miniflux_admin_pw
-      key: miniflux
-      property: miniflux_admin_pw
-    - secretKey: miniflux_db_url
-      key: miniflux
-      property: miniflux_db_url
+  secretPaths:
+    - name: miniflux
+      secrets:
+      - secretKey: miniflux_admin_pw
+        key: miniflux
+        property: miniflux_admin_pw
+      - secretKey: miniflux_db_url
+        key: miniflux
+        property: miniflux_db_url
+
 istio:
  commonName: rss.minhas.io
  ingressSelector: ingressgateway
--- a/argo/pihole/values.yaml
+++ b/argo/pihole/values.yaml
@ -6,10 +6,12 @@ serviceAccountName: default
 externalSecrets:
  secretStoreName: default
  vaultRole: external-dns
-  secrets:
-    - secretKey: pihole-password
-      key: external-dns
-      property: pihole-password
+  secretPaths:
+    - name: pihole
+      secrets:
+      - secretKey: pihole-password
+        key: external-dns
+        property: pihole-password

 # app
 serviceDns:
--- a/argo/secrets/templates/external-secrets.yaml
+++ b/argo/secrets/templates/external-secrets.yaml
@ -59,18 +59,19 @@ spec:
          secretRef:
            name: "serviceaccounttoken"
 ...
+{{- range .Values.externalSecrets.secretPaths }}
 ---
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: {{ .Values.name }}
-  namespace: {{ .Values.namespace }}
+  name: {{ .name }}
+  namespace: {{ $.Values.namespace }}
 spec:
  secretStoreRef:
-    name: {{ .Values.externalSecrets.secretStoreName }}
+    name: {{ $.Values.externalSecrets.secretStoreName }}
    kind: SecretStore
  data:
-{{- range .Values.externalSecrets.secrets }}
+{{- range .secrets }}
  - secretKey: {{ .secretKey }}
    remoteRef:
      conversionStrategy: Default
@ -79,4 +80,5 @@ spec:
      property: {{ .property }}
 {{- end }}
 ...
+{{- end }}
 {{ end }}
--- a/argo/vault-config-operator/values.yaml
+++ b/argo/vault-config-operator/values.yaml
@ -5,10 +5,12 @@ serviceAccountName: vault-config-operator
 externalSecrets:
  secretStoreName: vault-config-operator
  vaultRole: vault-config-operator
-  secrets:
-    - secretKey: ca.crt
-      key: vault-config-operator
-      property: ca.crt
+  secretPaths:
+    - name: vault-config-operator
+      secrets:
+      - secretKey: ca.crt
+        key: vault-config-operator
+        property: ca.crt

 enableCertManager: true

--- a/helm/apps/cert-manager-stack/external-secrets.yaml
+++ b/helm/apps/cert-manager-stack/external-secrets.yaml
--- a/helm/apps/cert-manager-stack/install.sh
+++ b/helm/apps/cert-manager-stack/install.sh
--- a/helm/apps/cert-manager-stack/issuers.yaml
+++ b/helm/apps/cert-manager-stack/issuers.yaml