fix(gitops): remove platform kustomization and vault secret dependencies
This commit is contained in:
parent
9efec7c28b
commit
dfa55bc313
@ -1,15 +0,0 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: accounts-env
|
||||
spec:
|
||||
refreshInterval: 1m
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault-platform
|
||||
target:
|
||||
name: accounts-env
|
||||
creationPolicy: Owner
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: core/pre/accounts
|
||||
@ -3,7 +3,6 @@ kind: Kustomization
|
||||
namespace: core-pre
|
||||
resources:
|
||||
- ../base
|
||||
- externalsecret.yaml
|
||||
- ingress.yaml
|
||||
configMapGenerator:
|
||||
- name: accounts-env-values
|
||||
|
||||
@ -1,15 +0,0 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: accounts-env
|
||||
spec:
|
||||
refreshInterval: 1m
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault-platform
|
||||
target:
|
||||
name: accounts-env
|
||||
creationPolicy: Owner
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: core/prod/accounts
|
||||
@ -3,7 +3,6 @@ kind: Kustomization
|
||||
namespace: core-prod
|
||||
resources:
|
||||
- ../base
|
||||
- externalsecret.yaml
|
||||
- ingress.yaml
|
||||
configMapGenerator:
|
||||
- name: accounts-env-values
|
||||
|
||||
@ -1,15 +0,0 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: console-env
|
||||
spec:
|
||||
refreshInterval: 1m
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault-platform
|
||||
target:
|
||||
name: console-env
|
||||
creationPolicy: Owner
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: core/pre/console
|
||||
@ -3,7 +3,6 @@ kind: Kustomization
|
||||
namespace: core-pre
|
||||
resources:
|
||||
- ../base
|
||||
- externalsecret.yaml
|
||||
- ingress.yaml
|
||||
configMapGenerator:
|
||||
- name: console-env-values
|
||||
|
||||
@ -1,15 +0,0 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: console-env
|
||||
spec:
|
||||
refreshInterval: 1m
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault-platform
|
||||
target:
|
||||
name: console-env
|
||||
creationPolicy: Owner
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: core/prod/console
|
||||
@ -3,7 +3,6 @@ kind: Kustomization
|
||||
namespace: core-prod
|
||||
resources:
|
||||
- ../base
|
||||
- externalsecret.yaml
|
||||
- ingress.yaml
|
||||
configMapGenerator:
|
||||
- name: console-env-values
|
||||
|
||||
@ -83,20 +83,6 @@ components:
|
||||
chart:
|
||||
name: external-dns
|
||||
version: ">=1.14.0 <2.0.0"
|
||||
secret:
|
||||
name: cloudflare-api-token
|
||||
refreshInterval: 1m
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault-platform
|
||||
target:
|
||||
name: cloudflare-api-token
|
||||
creationPolicy: Owner
|
||||
data:
|
||||
secretKey: api-token
|
||||
remoteRef:
|
||||
key: platform/cloudflare
|
||||
property: api-token
|
||||
values:
|
||||
provider: cloudflare
|
||||
policy: sync
|
||||
@ -113,8 +99,7 @@ components:
|
||||
name: cloudflare-api-token
|
||||
key: api-token
|
||||
externalSecretsStore:
|
||||
enabled: true
|
||||
name: vault-platform
|
||||
enabled: false
|
||||
vault:
|
||||
server: http://vault.extsvc.svc.cluster.local:8200
|
||||
path: secret
|
||||
@ -126,8 +111,16 @@ components:
|
||||
serviceAccountRef:
|
||||
name: external-secrets
|
||||
namespace: platform
|
||||
vault:
|
||||
sharedTlsSecretSync:
|
||||
enabled: true
|
||||
name: postgresql-vultr-tls-sync
|
||||
sourceNamespace: platform
|
||||
sourceSecretName: postgresql-vultr-tls
|
||||
targetNamespace: database
|
||||
targetSecretName: postgresql-vultr-tls
|
||||
refreshSchedule: "*/5 * * * *"
|
||||
vault:
|
||||
enabled: false
|
||||
releaseName: vault
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
@ -175,7 +168,7 @@ apisixIngress:
|
||||
servicePort: 80
|
||||
|
||||
vaultBootstrap:
|
||||
enabled: true
|
||||
enabled: false
|
||||
image: hashicorp/vault:1.16.3
|
||||
serviceAccountName: vault-bootstrap
|
||||
cloudflareSecretName: vault-bootstrap
|
||||
|
||||
@ -1,22 +0,0 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: postgresql-auth
|
||||
namespace: database
|
||||
spec:
|
||||
refreshInterval: 1m
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault-platform
|
||||
target:
|
||||
name: postgresql-auth
|
||||
creationPolicy: Owner
|
||||
data:
|
||||
- secretKey: POSTGRES_PASSWORD
|
||||
remoteRef:
|
||||
key: kv/postgresql.svc.plus
|
||||
property: POSTGRES_PASSWORD
|
||||
- secretKey: POSTGRES_USER
|
||||
remoteRef:
|
||||
key: kv/postgresql.svc.plus
|
||||
property: POSTGRES_USER
|
||||
@ -1,28 +0,0 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: postgresql-ghcr-pull
|
||||
namespace: database
|
||||
spec:
|
||||
refreshInterval: 1m
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault-platform
|
||||
target:
|
||||
name: postgresql-ghcr-pull
|
||||
creationPolicy: Owner
|
||||
template:
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
engineVersion: v2
|
||||
data:
|
||||
.dockerconfigjson: |
|
||||
{"auths":{"ghcr.io":{"username":"{{ .username }}","password":"{{ .token }}","auth":"{{ printf "%s:%s" .username .token | b64enc }}"}}}
|
||||
data:
|
||||
- secretKey: username
|
||||
remoteRef:
|
||||
key: kv/postgresql.svc.plus
|
||||
property: GHCR_USERNAME
|
||||
- secretKey: token
|
||||
remoteRef:
|
||||
key: kv/postgresql.svc.plus
|
||||
property: GHCR_TOKEN
|
||||
@ -4,9 +4,6 @@ namespace: database
|
||||
resources:
|
||||
- oci-repository.yaml
|
||||
- helmrelease.yaml
|
||||
- externalsecret.yaml
|
||||
- ghcr-pull-externalsecret.yaml
|
||||
- stunnel-externalsecret.yaml
|
||||
- stunnel-server-configmap.yaml
|
||||
- stunnel-client-configmap.yaml
|
||||
- stunnel-server-deployment.yaml
|
||||
|
||||
@ -12,5 +12,4 @@ spec:
|
||||
name: platform-config
|
||||
path: ./apps/core/accounts/pre
|
||||
dependsOn:
|
||||
- name: platform-k3s
|
||||
- name: database-stack
|
||||
|
||||
@ -12,5 +12,4 @@ spec:
|
||||
name: platform-config
|
||||
path: ./apps/core/console/pre
|
||||
dependsOn:
|
||||
- name: platform-k3s
|
||||
- name: accounts-pre
|
||||
|
||||
@ -12,5 +12,4 @@ spec:
|
||||
name: platform-config
|
||||
path: ./apps/core/accounts/prod
|
||||
dependsOn:
|
||||
- name: platform-k3s
|
||||
- name: database-stack
|
||||
|
||||
@ -12,5 +12,4 @@ spec:
|
||||
name: platform-config
|
||||
path: ./apps/core/console/prod
|
||||
dependsOn:
|
||||
- name: platform-k3s
|
||||
- name: accounts-prod
|
||||
|
||||
@ -12,5 +12,3 @@ spec:
|
||||
kind: GitRepository
|
||||
name: platform-config
|
||||
path: ./databases/postgresql
|
||||
dependsOn:
|
||||
- name: platform-k3s
|
||||
|
||||
@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespaces.yaml
|
||||
- platform-kustomization.yaml
|
||||
- database-kustomization.yaml
|
||||
- observability-kustomization.yaml
|
||||
- console-prod-kustomization.yaml
|
||||
|
||||
@ -12,5 +12,3 @@ spec:
|
||||
kind: GitRepository
|
||||
name: platform-config
|
||||
path: ./apps/monitor/observability-stack
|
||||
dependsOn:
|
||||
- name: platform-k3s
|
||||
|
||||
@ -1,14 +0,0 @@
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: platform-k3s
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 5m0s
|
||||
prune: true
|
||||
wait: true
|
||||
timeout: 5m0s
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: platform-config
|
||||
path: ./apps/platform
|
||||
@ -11,5 +11,3 @@ spec:
|
||||
kind: GitRepository
|
||||
name: platform-config
|
||||
path: ./infra/clusters/pre
|
||||
dependsOn:
|
||||
- name: platform-k3s
|
||||
|
||||
Loading…
Reference in New Issue
Block a user