fix(gitops): remove platform kustomization and vault secret dependencies

This commit is contained in:
Haitao Pan 2026-04-03 12:15:53 +08:00
parent 9efec7c28b
commit dfa55bc313
21 changed files with 11 additions and 160 deletions

View File

@ -1,15 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: accounts-env
spec:
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-platform
target:
name: accounts-env
creationPolicy: Owner
dataFrom:
- extract:
key: core/pre/accounts

View File

@ -3,7 +3,6 @@ kind: Kustomization
namespace: core-pre
resources:
- ../base
- externalsecret.yaml
- ingress.yaml
configMapGenerator:
- name: accounts-env-values

View File

@ -1,15 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: accounts-env
spec:
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-platform
target:
name: accounts-env
creationPolicy: Owner
dataFrom:
- extract:
key: core/prod/accounts

View File

@ -3,7 +3,6 @@ kind: Kustomization
namespace: core-prod
resources:
- ../base
- externalsecret.yaml
- ingress.yaml
configMapGenerator:
- name: accounts-env-values

View File

@ -1,15 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: console-env
spec:
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-platform
target:
name: console-env
creationPolicy: Owner
dataFrom:
- extract:
key: core/pre/console

View File

@ -3,7 +3,6 @@ kind: Kustomization
namespace: core-pre
resources:
- ../base
- externalsecret.yaml
- ingress.yaml
configMapGenerator:
- name: console-env-values

View File

@ -1,15 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: console-env
spec:
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-platform
target:
name: console-env
creationPolicy: Owner
dataFrom:
- extract:
key: core/prod/console

View File

@ -3,7 +3,6 @@ kind: Kustomization
namespace: core-prod
resources:
- ../base
- externalsecret.yaml
- ingress.yaml
configMapGenerator:
- name: console-env-values

View File

@ -83,20 +83,6 @@ components:
chart:
name: external-dns
version: ">=1.14.0 <2.0.0"
secret:
name: cloudflare-api-token
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-platform
target:
name: cloudflare-api-token
creationPolicy: Owner
data:
secretKey: api-token
remoteRef:
key: platform/cloudflare
property: api-token
values:
provider: cloudflare
policy: sync
@ -113,8 +99,7 @@ components:
name: cloudflare-api-token
key: api-token
externalSecretsStore:
enabled: true
name: vault-platform
enabled: false
vault:
server: http://vault.extsvc.svc.cluster.local:8200
path: secret
@ -126,8 +111,16 @@ components:
serviceAccountRef:
name: external-secrets
namespace: platform
vault:
sharedTlsSecretSync:
enabled: true
name: postgresql-vultr-tls-sync
sourceNamespace: platform
sourceSecretName: postgresql-vultr-tls
targetNamespace: database
targetSecretName: postgresql-vultr-tls
refreshSchedule: "*/5 * * * *"
vault:
enabled: false
releaseName: vault
sourceRef:
kind: HelmRepository
@ -175,7 +168,7 @@ apisixIngress:
servicePort: 80
vaultBootstrap:
enabled: true
enabled: false
image: hashicorp/vault:1.16.3
serviceAccountName: vault-bootstrap
cloudflareSecretName: vault-bootstrap

View File

@ -1,22 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: postgresql-auth
namespace: database
spec:
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-platform
target:
name: postgresql-auth
creationPolicy: Owner
data:
- secretKey: POSTGRES_PASSWORD
remoteRef:
key: kv/postgresql.svc.plus
property: POSTGRES_PASSWORD
- secretKey: POSTGRES_USER
remoteRef:
key: kv/postgresql.svc.plus
property: POSTGRES_USER

View File

@ -1,28 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: postgresql-ghcr-pull
namespace: database
spec:
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-platform
target:
name: postgresql-ghcr-pull
creationPolicy: Owner
template:
type: kubernetes.io/dockerconfigjson
engineVersion: v2
data:
.dockerconfigjson: |
{"auths":{"ghcr.io":{"username":"{{ .username }}","password":"{{ .token }}","auth":"{{ printf "%s:%s" .username .token | b64enc }}"}}}
data:
- secretKey: username
remoteRef:
key: kv/postgresql.svc.plus
property: GHCR_USERNAME
- secretKey: token
remoteRef:
key: kv/postgresql.svc.plus
property: GHCR_TOKEN

View File

@ -4,9 +4,6 @@ namespace: database
resources:
- oci-repository.yaml
- helmrelease.yaml
- externalsecret.yaml
- ghcr-pull-externalsecret.yaml
- stunnel-externalsecret.yaml
- stunnel-server-configmap.yaml
- stunnel-client-configmap.yaml
- stunnel-server-deployment.yaml

View File

@ -12,5 +12,4 @@ spec:
name: platform-config
path: ./apps/core/accounts/pre
dependsOn:
- name: platform-k3s
- name: database-stack

View File

@ -12,5 +12,4 @@ spec:
name: platform-config
path: ./apps/core/console/pre
dependsOn:
- name: platform-k3s
- name: accounts-pre

View File

@ -12,5 +12,4 @@ spec:
name: platform-config
path: ./apps/core/accounts/prod
dependsOn:
- name: platform-k3s
- name: database-stack

View File

@ -12,5 +12,4 @@ spec:
name: platform-config
path: ./apps/core/console/prod
dependsOn:
- name: platform-k3s
- name: accounts-prod

View File

@ -12,5 +12,3 @@ spec:
kind: GitRepository
name: platform-config
path: ./databases/postgresql
dependsOn:
- name: platform-k3s

View File

@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespaces.yaml
- platform-kustomization.yaml
- database-kustomization.yaml
- observability-kustomization.yaml
- console-prod-kustomization.yaml

View File

@ -12,5 +12,3 @@ spec:
kind: GitRepository
name: platform-config
path: ./apps/monitor/observability-stack
dependsOn:
- name: platform-k3s

View File

@ -1,14 +0,0 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: platform-k3s
namespace: flux-system
spec:
interval: 5m0s
prune: true
wait: true
timeout: 5m0s
sourceRef:
kind: GitRepository
name: platform-config
path: ./apps/platform

View File

@ -11,5 +11,3 @@ spec:
kind: GitRepository
name: platform-config
path: ./infra/clusters/pre
dependsOn:
- name: platform-k3s