From dfa55bc3136c8ebc538e7eb0c1ef5bdba794f1d4 Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Fri, 3 Apr 2026 12:15:53 +0800 Subject: [PATCH] fix(gitops): remove platform kustomization and vault secret dependencies --- apps/core/accounts/pre/externalsecret.yaml | 15 ---------- apps/core/accounts/pre/kustomization.yaml | 1 - apps/core/accounts/prod/externalsecret.yaml | 15 ---------- apps/core/accounts/prod/kustomization.yaml | 1 - apps/core/console/pre/externalsecret.yaml | 15 ---------- apps/core/console/pre/kustomization.yaml | 1 - apps/core/console/prod/externalsecret.yaml | 15 ---------- apps/core/console/prod/kustomization.yaml | 1 - apps/platform/k3s-platform/values.yaml | 29 +++++++------------ databases/postgresql/externalsecret.yaml | 22 -------------- .../postgresql/ghcr-pull-externalsecret.yaml | 28 ------------------ databases/postgresql/kustomization.yaml | 3 -- .../pre/accounts-pre-kustomization.yaml | 1 - .../pre/console-pre-kustomization.yaml | 1 - .../prod/accounts-prod-kustomization.yaml | 1 - .../prod/console-prod-kustomization.yaml | 1 - .../clusters/prod/database-kustomization.yaml | 2 -- infra/clusters/prod/kustomization.yaml | 1 - .../prod/observability-kustomization.yaml | 2 -- .../clusters/prod/platform-kustomization.yaml | 14 --------- infra/clusters/prod/pre-kustomization.yaml | 2 -- 21 files changed, 11 insertions(+), 160 deletions(-) delete mode 100644 apps/core/accounts/pre/externalsecret.yaml delete mode 100644 apps/core/accounts/prod/externalsecret.yaml delete mode 100644 apps/core/console/pre/externalsecret.yaml delete mode 100644 apps/core/console/prod/externalsecret.yaml delete mode 100644 databases/postgresql/externalsecret.yaml delete mode 100644 databases/postgresql/ghcr-pull-externalsecret.yaml delete mode 100644 infra/clusters/prod/platform-kustomization.yaml diff --git a/apps/core/accounts/pre/externalsecret.yaml b/apps/core/accounts/pre/externalsecret.yaml deleted file mode 100644 index 2bddd98..0000000 --- a/apps/core/accounts/pre/externalsecret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: accounts-env -spec: - refreshInterval: 1m - secretStoreRef: - kind: ClusterSecretStore - name: vault-platform - target: - name: accounts-env - creationPolicy: Owner - dataFrom: - - extract: - key: core/pre/accounts diff --git a/apps/core/accounts/pre/kustomization.yaml b/apps/core/accounts/pre/kustomization.yaml index a62a8e4..9243057 100644 --- a/apps/core/accounts/pre/kustomization.yaml +++ b/apps/core/accounts/pre/kustomization.yaml @@ -3,7 +3,6 @@ kind: Kustomization namespace: core-pre resources: - ../base - - externalsecret.yaml - ingress.yaml configMapGenerator: - name: accounts-env-values diff --git a/apps/core/accounts/prod/externalsecret.yaml b/apps/core/accounts/prod/externalsecret.yaml deleted file mode 100644 index 8c809bc..0000000 --- a/apps/core/accounts/prod/externalsecret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: accounts-env -spec: - refreshInterval: 1m - secretStoreRef: - kind: ClusterSecretStore - name: vault-platform - target: - name: accounts-env - creationPolicy: Owner - dataFrom: - - extract: - key: core/prod/accounts diff --git a/apps/core/accounts/prod/kustomization.yaml b/apps/core/accounts/prod/kustomization.yaml index e96902f..9eb9fe3 100644 --- a/apps/core/accounts/prod/kustomization.yaml +++ b/apps/core/accounts/prod/kustomization.yaml @@ -3,7 +3,6 @@ kind: Kustomization namespace: core-prod resources: - ../base - - externalsecret.yaml - ingress.yaml configMapGenerator: - name: accounts-env-values diff --git a/apps/core/console/pre/externalsecret.yaml b/apps/core/console/pre/externalsecret.yaml deleted file mode 100644 index 0c9c935..0000000 --- a/apps/core/console/pre/externalsecret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: console-env -spec: - refreshInterval: 1m - secretStoreRef: - kind: ClusterSecretStore - name: vault-platform - target: - name: console-env - creationPolicy: Owner - dataFrom: - - extract: - key: core/pre/console diff --git a/apps/core/console/pre/kustomization.yaml b/apps/core/console/pre/kustomization.yaml index e883705..fc0cb94 100644 --- a/apps/core/console/pre/kustomization.yaml +++ b/apps/core/console/pre/kustomization.yaml @@ -3,7 +3,6 @@ kind: Kustomization namespace: core-pre resources: - ../base - - externalsecret.yaml - ingress.yaml configMapGenerator: - name: console-env-values diff --git a/apps/core/console/prod/externalsecret.yaml b/apps/core/console/prod/externalsecret.yaml deleted file mode 100644 index 344e0e0..0000000 --- a/apps/core/console/prod/externalsecret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: console-env -spec: - refreshInterval: 1m - secretStoreRef: - kind: ClusterSecretStore - name: vault-platform - target: - name: console-env - creationPolicy: Owner - dataFrom: - - extract: - key: core/prod/console diff --git a/apps/core/console/prod/kustomization.yaml b/apps/core/console/prod/kustomization.yaml index 755b0bc..d8ad943 100644 --- a/apps/core/console/prod/kustomization.yaml +++ b/apps/core/console/prod/kustomization.yaml @@ -3,7 +3,6 @@ kind: Kustomization namespace: core-prod resources: - ../base - - externalsecret.yaml - ingress.yaml configMapGenerator: - name: console-env-values diff --git a/apps/platform/k3s-platform/values.yaml b/apps/platform/k3s-platform/values.yaml index f167b3e..3efb74d 100644 --- a/apps/platform/k3s-platform/values.yaml +++ b/apps/platform/k3s-platform/values.yaml @@ -83,20 +83,6 @@ components: chart: name: external-dns version: ">=1.14.0 <2.0.0" - secret: - name: cloudflare-api-token - refreshInterval: 1m - secretStoreRef: - kind: ClusterSecretStore - name: vault-platform - target: - name: cloudflare-api-token - creationPolicy: Owner - data: - secretKey: api-token - remoteRef: - key: platform/cloudflare - property: api-token values: provider: cloudflare policy: sync @@ -113,8 +99,7 @@ components: name: cloudflare-api-token key: api-token externalSecretsStore: - enabled: true - name: vault-platform + enabled: false vault: server: http://vault.extsvc.svc.cluster.local:8200 path: secret @@ -126,8 +111,16 @@ components: serviceAccountRef: name: external-secrets namespace: platform - vault: + sharedTlsSecretSync: enabled: true + name: postgresql-vultr-tls-sync + sourceNamespace: platform + sourceSecretName: postgresql-vultr-tls + targetNamespace: database + targetSecretName: postgresql-vultr-tls + refreshSchedule: "*/5 * * * *" + vault: + enabled: false releaseName: vault sourceRef: kind: HelmRepository @@ -175,7 +168,7 @@ apisixIngress: servicePort: 80 vaultBootstrap: - enabled: true + enabled: false image: hashicorp/vault:1.16.3 serviceAccountName: vault-bootstrap cloudflareSecretName: vault-bootstrap diff --git a/databases/postgresql/externalsecret.yaml b/databases/postgresql/externalsecret.yaml deleted file mode 100644 index 2fb42c3..0000000 --- a/databases/postgresql/externalsecret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postgresql-auth - namespace: database -spec: - refreshInterval: 1m - secretStoreRef: - kind: ClusterSecretStore - name: vault-platform - target: - name: postgresql-auth - creationPolicy: Owner - data: - - secretKey: POSTGRES_PASSWORD - remoteRef: - key: kv/postgresql.svc.plus - property: POSTGRES_PASSWORD - - secretKey: POSTGRES_USER - remoteRef: - key: kv/postgresql.svc.plus - property: POSTGRES_USER diff --git a/databases/postgresql/ghcr-pull-externalsecret.yaml b/databases/postgresql/ghcr-pull-externalsecret.yaml deleted file mode 100644 index f20f11d..0000000 --- a/databases/postgresql/ghcr-pull-externalsecret.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postgresql-ghcr-pull - namespace: database -spec: - refreshInterval: 1m - secretStoreRef: - kind: ClusterSecretStore - name: vault-platform - target: - name: postgresql-ghcr-pull - creationPolicy: Owner - template: - type: kubernetes.io/dockerconfigjson - engineVersion: v2 - data: - .dockerconfigjson: | - {"auths":{"ghcr.io":{"username":"{{ .username }}","password":"{{ .token }}","auth":"{{ printf "%s:%s" .username .token | b64enc }}"}}} - data: - - secretKey: username - remoteRef: - key: kv/postgresql.svc.plus - property: GHCR_USERNAME - - secretKey: token - remoteRef: - key: kv/postgresql.svc.plus - property: GHCR_TOKEN diff --git a/databases/postgresql/kustomization.yaml b/databases/postgresql/kustomization.yaml index 1467cdd..6f92f93 100644 --- a/databases/postgresql/kustomization.yaml +++ b/databases/postgresql/kustomization.yaml @@ -4,9 +4,6 @@ namespace: database resources: - oci-repository.yaml - helmrelease.yaml - - externalsecret.yaml - - ghcr-pull-externalsecret.yaml - - stunnel-externalsecret.yaml - stunnel-server-configmap.yaml - stunnel-client-configmap.yaml - stunnel-server-deployment.yaml diff --git a/infra/clusters/pre/accounts-pre-kustomization.yaml b/infra/clusters/pre/accounts-pre-kustomization.yaml index 5d3485d..5dd3598 100644 --- a/infra/clusters/pre/accounts-pre-kustomization.yaml +++ b/infra/clusters/pre/accounts-pre-kustomization.yaml @@ -12,5 +12,4 @@ spec: name: platform-config path: ./apps/core/accounts/pre dependsOn: - - name: platform-k3s - name: database-stack diff --git a/infra/clusters/pre/console-pre-kustomization.yaml b/infra/clusters/pre/console-pre-kustomization.yaml index 1b989be..65f739a 100644 --- a/infra/clusters/pre/console-pre-kustomization.yaml +++ b/infra/clusters/pre/console-pre-kustomization.yaml @@ -12,5 +12,4 @@ spec: name: platform-config path: ./apps/core/console/pre dependsOn: - - name: platform-k3s - name: accounts-pre diff --git a/infra/clusters/prod/accounts-prod-kustomization.yaml b/infra/clusters/prod/accounts-prod-kustomization.yaml index 7681b65..edc1cc8 100644 --- a/infra/clusters/prod/accounts-prod-kustomization.yaml +++ b/infra/clusters/prod/accounts-prod-kustomization.yaml @@ -12,5 +12,4 @@ spec: name: platform-config path: ./apps/core/accounts/prod dependsOn: - - name: platform-k3s - name: database-stack diff --git a/infra/clusters/prod/console-prod-kustomization.yaml b/infra/clusters/prod/console-prod-kustomization.yaml index 606b4a3..96b382f 100644 --- a/infra/clusters/prod/console-prod-kustomization.yaml +++ b/infra/clusters/prod/console-prod-kustomization.yaml @@ -12,5 +12,4 @@ spec: name: platform-config path: ./apps/core/console/prod dependsOn: - - name: platform-k3s - name: accounts-prod diff --git a/infra/clusters/prod/database-kustomization.yaml b/infra/clusters/prod/database-kustomization.yaml index 64db328..b66e1a5 100644 --- a/infra/clusters/prod/database-kustomization.yaml +++ b/infra/clusters/prod/database-kustomization.yaml @@ -12,5 +12,3 @@ spec: kind: GitRepository name: platform-config path: ./databases/postgresql - dependsOn: - - name: platform-k3s diff --git a/infra/clusters/prod/kustomization.yaml b/infra/clusters/prod/kustomization.yaml index 7b1b325..c0f41ff 100644 --- a/infra/clusters/prod/kustomization.yaml +++ b/infra/clusters/prod/kustomization.yaml @@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespaces.yaml - - platform-kustomization.yaml - database-kustomization.yaml - observability-kustomization.yaml - console-prod-kustomization.yaml diff --git a/infra/clusters/prod/observability-kustomization.yaml b/infra/clusters/prod/observability-kustomization.yaml index 92751ab..1cfdab3 100644 --- a/infra/clusters/prod/observability-kustomization.yaml +++ b/infra/clusters/prod/observability-kustomization.yaml @@ -12,5 +12,3 @@ spec: kind: GitRepository name: platform-config path: ./apps/monitor/observability-stack - dependsOn: - - name: platform-k3s diff --git a/infra/clusters/prod/platform-kustomization.yaml b/infra/clusters/prod/platform-kustomization.yaml deleted file mode 100644 index 5a28220..0000000 --- a/infra/clusters/prod/platform-kustomization.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: platform-k3s - namespace: flux-system -spec: - interval: 5m0s - prune: true - wait: true - timeout: 5m0s - sourceRef: - kind: GitRepository - name: platform-config - path: ./apps/platform diff --git a/infra/clusters/prod/pre-kustomization.yaml b/infra/clusters/prod/pre-kustomization.yaml index b198c12..f2b7537 100644 --- a/infra/clusters/prod/pre-kustomization.yaml +++ b/infra/clusters/prod/pre-kustomization.yaml @@ -11,5 +11,3 @@ spec: kind: GitRepository name: platform-config path: ./infra/clusters/pre - dependsOn: - - name: platform-k3s