refactor: onepassword secret store #8685
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Devin Buhl <devin@buhl.casa>
--- kubernetes/apps/external-secrets/external-secrets/stores Kustomization: flux-system/external-secrets-stores ClusterSecretStore: external-secrets/onepassword-connect
+++ kubernetes/apps/external-secrets/external-secrets/stores Kustomization: flux-system/external-secrets-stores ClusterSecretStore: external-secrets/onepassword-connect
@@ -1,23 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
- labels:
- app.kubernetes.io/name: external-secrets-stores
- kustomize.toolkit.fluxcd.io/name: external-secrets-stores
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: onepassword-connect
- namespace: external-secrets
-spec:
- provider:
- onepassword:
- auth:
- secretRef:
- connectTokenSecretRef:
- key: token
- name: onepassword-connect-secret
- namespace: external-secrets
- connectHost: http://onepassword-connect.external-secrets.svc.cluster.local
- vaults:
- Kubernetes: 1
-
--- kubernetes/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance ExternalSecret: flux-system/github-token
+++ kubernetes/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance ExternalSecret: flux-system/github-token
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: flux
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: github-token-secret
template:
data:
token: '{{ .FLUX_GITHUB_TOKEN }}'
--- kubernetes/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance ExternalSecret: flux-system/github-webhook-token
+++ kubernetes/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance ExternalSecret: flux-system/github-webhook-token
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: flux
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: github-webhook-token-secret
template:
data:
token: '{{ .FLUX_GITHUB_WEBHOOK_TOKEN }}'
--- kubernetes/apps/external-secrets/onepassword-connect/app Kustomization: flux-system/onepassword-connect HelmRelease: external-secrets/onepassword-connect
+++ kubernetes/apps/external-secrets/onepassword-connect/app Kustomization: flux-system/onepassword-connect HelmRelease: external-secrets/onepassword-connect
@@ -1,145 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- labels:
- app.kubernetes.io/name: onepassword-connect
- kustomize.toolkit.fluxcd.io/name: onepassword-connect
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: onepassword-connect
- namespace: external-secrets
-spec:
- chart:
- spec:
- chart: app-template
- sourceRef:
- kind: HelmRepository
- name: bjw-s
- namespace: flux-system
- version: 3.6.1
- install:
- remediation:
- retries: 3
- interval: 30m
- upgrade:
- cleanupOnFail: true
- remediation:
- retries: 3
- strategy: rollback
- values:
- controllers:
- onepassword-connect:
- annotations:
- reloader.stakater.com/auto: 'true'
- containers:
- api:
- env:
- OP_BUS_PEERS: localhost:11221
- OP_BUS_PORT: 11220
- OP_HTTP_PORT: 80
- OP_SESSION:
- valueFrom:
- secretKeyRef:
- key: 1password-credentials.json
- name: onepassword-connect-secret
- XDG_DATA_HOME: /config
- image:
- repository: docker.io/1password/connect-api
- tag: 1.7.3@sha256:0601c7614e102eada268dbda6ba4b5886ce77713be2c332ec6a2fd0f028484ba
- probes:
- liveness:
- custom: true
- enabled: true
- spec:
- failureThreshold: 3
- httpGet:
- path: /heartbeat
- port: 80
- initialDelaySeconds: 15
- periodSeconds: 30
- readiness:
- custom: true
- enabled: true
- spec:
- httpGet:
- path: /health
- port: 80
- initialDelaySeconds: 15
- resources:
- limits:
- memory: 256M
- requests:
- cpu: 10m
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- sync:
- env:
- OP_BUS_PEERS: localhost:11220
- OP_BUS_PORT: 11221
- OP_HTTP_PORT: 8081
- OP_SESSION:
- valueFrom:
- secretKeyRef:
- key: 1password-credentials.json
- name: onepassword-connect-secret
- XDG_DATA_HOME: /config
- image:
- repository: docker.io/1password/connect-sync
- tag: 1.7.3@sha256:2f17621c7eb27bbcb1f86bbc5e5a5198bf54ac3b9c2ffac38064d03c932b07d5
- probes:
- liveness:
- custom: true
- enabled: true
- spec:
- failureThreshold: 3
- httpGet:
- path: /heartbeat
- port: 8081
- initialDelaySeconds: 15
- periodSeconds: 30
- readiness:
- custom: true
- enabled: true
- spec:
- httpGet:
- path: /health
- port: 8081
- initialDelaySeconds: 15
- resources:
- limits:
- memory: 256M
- requests:
- cpu: 10m
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- replicas: 1
- strategy: RollingUpdate
- defaultPodOptions:
- securityContext:
- fsGroup: 999
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 999
- runAsNonRoot: true
- runAsUser: 999
- seccompProfile:
- type: RuntimeDefault
- persistence:
- config:
- globalMounts:
- - path: /config
- type: emptyDir
- service:
- app:
- controller: onepassword-connect
- ports:
- http:
- port: 80
-
--- kubernetes/apps/actions-runner-system/actions-runner-controller/app Kustomization: flux-system/actions-runner-controller ExternalSecret: actions-runner-system/actions-runner-controller
+++ kubernetes/apps/actions-runner-system/actions-runner-controller/app Kustomization: flux-system/actions-runner-controller ExternalSecret: actions-runner-system/actions-runner-controller
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: actions-runner-controller
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: actions-runner-controller-secret
template:
data:
ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID: '{{ .ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID
}}'
--- kubernetes/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/cert-manager-issuers ExternalSecret: cert-manager/cloudflare-issuer
+++ kubernetes/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/cert-manager-issuers ExternalSecret: cert-manager/cloudflare-issuer
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: cloudflare
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: cloudflare-issuer-secret
template:
data:
CLOUDFLARE_API_KEY: '{{ .CLOUDFLARE_API_KEY }}'
--- kubernetes/apps/default/autobrr/app Kustomization: flux-system/autobrr ExternalSecret: default/autobrr
+++ kubernetes/apps/default/autobrr/app Kustomization: flux-system/autobrr ExternalSecret: default/autobrr
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: autobrr
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: autobrr-secret
template:
data:
AUTOBRR__SESSION_SECRET: '{{ .AUTOBRR_SESSION_SECRET }}'
--- kubernetes/apps/default/autobrr/app Kustomization: flux-system/autobrr ExternalSecret: default/autobrr-volsync
+++ kubernetes/apps/default/autobrr/app Kustomization: flux-system/autobrr ExternalSecret: default/autobrr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: autobrr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/autobrr
--- kubernetes/apps/default/autobrr/app Kustomization: flux-system/autobrr ExternalSecret: default/autobrr-volsync-r2
+++ kubernetes/apps/default/autobrr/app Kustomization: flux-system/autobrr ExternalSecret: default/autobrr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: autobrr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/default/beets/app Kustomization: flux-system/beets ExternalSecret: default/beets
+++ kubernetes/apps/default/beets/app Kustomization: flux-system/beets ExternalSecret: default/beets
@@ -12,13 +12,13 @@
dataFrom:
- extract:
key: beets
refreshInterval: 5m
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: beets-secret
template:
data:
config.toml: |
[frontend]
--- kubernetes/apps/default/bazarr/app Kustomization: flux-system/bazarr ExternalSecret: default/bazarr
+++ kubernetes/apps/default/bazarr/app Kustomization: flux-system/bazarr ExternalSecret: default/bazarr
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: plex
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: bazarr-secret
template:
data:
PLEX_TOKEN: '{{ .PLEX_TOKEN }}'
--- kubernetes/apps/default/bazarr/app Kustomization: flux-system/bazarr ExternalSecret: default/bazarr-volsync
+++ kubernetes/apps/default/bazarr/app Kustomization: flux-system/bazarr ExternalSecret: default/bazarr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: bazarr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/bazarr
--- kubernetes/apps/default/bazarr/app Kustomization: flux-system/bazarr ExternalSecret: default/bazarr-volsync-r2
+++ kubernetes/apps/default/bazarr/app Kustomization: flux-system/bazarr ExternalSecret: default/bazarr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: bazarr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/default/emqx/app Kustomization: flux-system/emqx ExternalSecret: default/emqx
+++ kubernetes/apps/default/emqx/app Kustomization: flux-system/emqx ExternalSecret: default/emqx
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: emqx
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: emqx-secret
template:
data:
EMQX_DASHBOARD__DEFAULT_PASSWORD: '{{ .EMQX_DASHBOARD__DEFAULT_PASSWORD }}'
EMQX_DASHBOARD__DEFAULT_USERNAME: '{{ .EMQX_DASHBOARD__DEFAULT_USERNAME }}'
--- kubernetes/apps/default/emqx/app Kustomization: flux-system/emqx ExternalSecret: default/emqx-init-user
+++ kubernetes/apps/default/emqx/app Kustomization: flux-system/emqx ExternalSecret: default/emqx-init-user
@@ -12,13 +12,13 @@
dataFrom:
- extract:
key: emqx
refreshInterval: 5m
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: emqx-init-user-secret
template:
data:
init-user.json: |
[{"user_id": "{{ .X_EMQX_MQTT_USERNAME }}", "password": "{{ .X_EMQX_MQTT_PASSWORD }}", "is_superuser": true}]
--- kubernetes/apps/default/cross-seed/app Kustomization: flux-system/cross-seed ExternalSecret: default/cross-seed
+++ kubernetes/apps/default/cross-seed/app Kustomization: flux-system/cross-seed ExternalSecret: default/cross-seed
@@ -18,13 +18,13 @@
key: sonarr
- extract:
key: prowlarr
refreshInterval: 5m
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: cross-seed-secret
template:
data:
config.js: |
module.exports = {
--- kubernetes/apps/network/external/external-dns Kustomization: flux-system/external-external-dns ExternalSecret: network/external-external-dns
+++ kubernetes/apps/network/external/external-dns Kustomization: flux-system/external-external-dns ExternalSecret: network/external-external-dns
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: cloudflare
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: external-external-dns-secret
template:
data:
CF_API_EMAIL: '{{ .CLOUDFLARE_EMAIL }}'
CF_API_KEY: '{{ .CLOUDFLARE_API_KEY }}'
--- kubernetes/apps/observability/gatus/app Kustomization: flux-system/gatus ExternalSecret: observability/gatus
+++ kubernetes/apps/observability/gatus/app Kustomization: flux-system/gatus ExternalSecret: observability/gatus
@@ -13,13 +13,13 @@
- extract:
key: gatus
- extract:
key: pushover
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: gatus-secret
template:
data:
PUSHOVER_TOKEN: '{{ .GATUS_PUSHOVER_TOKEN }}'
PUSHOVER_USER_KEY: '{{ .PUSHOVER_USER_KEY }}'
--- kubernetes/apps/default/atuin/app Kustomization: flux-system/atuin ExternalSecret: default/atuin-volsync
+++ kubernetes/apps/default/atuin/app Kustomization: flux-system/atuin ExternalSecret: default/atuin-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: atuin-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/atuin
--- kubernetes/apps/default/atuin/app Kustomization: flux-system/atuin ExternalSecret: default/atuin-volsync-r2
+++ kubernetes/apps/default/atuin/app Kustomization: flux-system/atuin ExternalSecret: default/atuin-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: atuin-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/observability/grafana/app Kustomization: flux-system/grafana ExternalSecret: observability/grafana-admin
+++ kubernetes/apps/observability/grafana/app Kustomization: flux-system/grafana ExternalSecret: observability/grafana-admin
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: grafana
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: grafana-admin-secret
template:
data:
admin-password: '{{ .GRAFANA_ADMIN_PASSWORD }}'
admin-user: '{{ .GRAFANA_ADMIN_USERNAME }}'
--- kubernetes/apps/network/internal/external-dns Kustomization: flux-system/internal-external-dns ExternalSecret: network/internal-external-dns
+++ kubernetes/apps/network/internal/external-dns Kustomization: flux-system/internal-external-dns ExternalSecret: network/internal-external-dns
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: unifi
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: internal-external-dns-secret
template:
data:
UNIFI_API_KEY: '{{ .UNIFI_API_KEY }}'
--- kubernetes/apps/default/jellyseerr/app Kustomization: flux-system/jellyseerr ExternalSecret: default/jellyseerr
+++ kubernetes/apps/default/jellyseerr/app Kustomization: flux-system/jellyseerr ExternalSecret: default/jellyseerr
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: jellyseerr
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: jellyseerr-secret
template:
data:
API_KEY: '{{ .JELLYSEERR_API_KEY }}'
--- kubernetes/apps/default/jellyseerr/app Kustomization: flux-system/jellyseerr ExternalSecret: default/jellyseerr-volsync
+++ kubernetes/apps/default/jellyseerr/app Kustomization: flux-system/jellyseerr ExternalSecret: default/jellyseerr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: jellyseerr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/jellyseerr
--- kubernetes/apps/default/jellyseerr/app Kustomization: flux-system/jellyseerr ExternalSecret: default/jellyseerr-volsync-r2
+++ kubernetes/apps/default/jellyseerr/app Kustomization: flux-system/jellyseerr ExternalSecret: default/jellyseerr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: jellyseerr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/observability/kube-prometheus-stack/app Kustomization: flux-system/kube-prometheus-stack ExternalSecret: observability/alertmanager
+++ kubernetes/apps/observability/kube-prometheus-stack/app Kustomization: flux-system/kube-prometheus-stack ExternalSecret: observability/alertmanager
@@ -14,13 +14,13 @@
key: pushover
- extract:
key: alertmanager
refreshInterval: 5m
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: alertmanager-secret
template:
data:
ALERTMANAGER_HEARTBEAT_URL: '{{ .ALERTMANAGER_HEARTBEAT_URL }}'
ALERTMANAGER_PUSHOVER_TOKEN: '{{ .ALERTMANAGER_PUSHOVER_TOKEN }}'
--- kubernetes/apps/default/pinchflat/app Kustomization: flux-system/pinchflat ExternalSecret: default/pinchflat-volsync
+++ kubernetes/apps/default/pinchflat/app Kustomization: flux-system/pinchflat ExternalSecret: default/pinchflat-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: pinchflat-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/pinchflat
--- kubernetes/apps/default/pinchflat/app Kustomization: flux-system/pinchflat ExternalSecret: default/pinchflat-volsync-r2
+++ kubernetes/apps/default/pinchflat/app Kustomization: flux-system/pinchflat ExternalSecret: default/pinchflat-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: pinchflat-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/default/plex/tools Kustomization: flux-system/plex-tools ExternalSecret: default/plex-off-deck
+++ kubernetes/apps/default/plex/tools Kustomization: flux-system/plex-tools ExternalSecret: default/plex-off-deck
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: plex
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: plex-off-deck-secret
template:
data:
config.ini: |
[auth]
--- kubernetes/apps/default/plex/app Kustomization: flux-system/plex ExternalSecret: default/plex-volsync
+++ kubernetes/apps/default/plex/app Kustomization: flux-system/plex ExternalSecret: default/plex-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: plex-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/plex
--- kubernetes/apps/default/plex/app Kustomization: flux-system/plex ExternalSecret: default/plex-volsync-r2
+++ kubernetes/apps/default/plex/app Kustomization: flux-system/plex ExternalSecret: default/plex-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: plex-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/actions-runner-controller
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/actions-runner-controller
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: actions-runner-controller
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/actions-runner-system/actions-runner-controller/app
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cert-manager-issuers
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cert-manager-issuers
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: cert-manager-issuers
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/cert-manager/cert-manager/issuers
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cert-manager-tls
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cert-manager-tls
@@ -10,13 +10,13 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: cert-manager-tls
dependsOn:
- name: cert-manager-issuers
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/cert-manager/cert-manager/tls
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/autobrr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/autobrr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: autobrr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/default/autobrr/app
postBuild:
substitute:
APP: autobrr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/bazarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/bazarr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: bazarr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/default/bazarr/app
postBuild:
substitute:
APP: bazarr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/beets
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/beets
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: beets
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/default/beets/app
postBuild:
substitute:
APP: beets
prune: true
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cross-seed
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cross-seed
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: cross-seed
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/default/cross-seed/app
postBuild:
substitute:
APP: cross-seed
prune: true
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/emqx
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/emqx
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: emqx
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/default/emqx/app
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/home-assistant
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/home-assistant
@@ -10,13 +10,13 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: home-assistant
dependsOn:
- name: emqx-cluster
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/default/home-assistant/app
postBuild:
substitute:
APP: home-assistant
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/jellyseerr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/jellyseerr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: jellyseerr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/default/jellyseerr/app
postBuild:
substitute:
APP: jellyseerr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/plex
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/plex
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: plex
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/default/plex/app
postBuild:
substitute:
APP: plex
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/plex-tools
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/plex-tools
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: plex-tools
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/default/plex/tools
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/prowlarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/prowlarr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: prowlarr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/default/prowlarr/app
postBuild:
substitute:
APP: prowlarr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/qbittorrent
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/qbittorrent
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: qbittorrent
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/default/qbittorrent/app
postBuild:
substitute:
APP: qbittorrent
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/qbittorrent-tools
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/qbittorrent-tools
@@ -13,13 +13,13 @@
app.kubernetes.io/name: qbittorrent-tools
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/default/qbittorrent/tools
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/radarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/radarr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: radarr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/default/radarr/app
postBuild:
substitute:
APP: radarr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/recyclarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/recyclarr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: recyclarr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/default/recyclarr/app
postBuild:
substitute:
APP: recyclarr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/rtlamr2mqtt
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/rtlamr2mqtt
@@ -10,13 +10,13 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: rtlamr2mqtt
dependsOn:
- name: emqx-cluster
- - name: external-secrets-stores
+ - name: onepassword-store
- name: node-feature-discovery-rules
interval: 30m
path: ./kubernetes/apps/default/rtlamr2mqtt/app
prune: true
sourceRef:
kind: GitRepository
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/sabnzbd
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/sabnzbd
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: sabnzbd
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/default/sabnzbd/app
postBuild:
substitute:
APP: sabnzbd
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/slskd
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/slskd
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: slskd
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/default/slskd/app
postBuild:
substitute:
APP: slskd
prune: true
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/sonarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/sonarr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: sonarr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/default/sonarr/app
postBuild:
substitute:
APP: sonarr
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/unpackerr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/unpackerr
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: unpackerr
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/default/unpackerr/app
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/zigbee
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/zigbee
@@ -10,13 +10,13 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: zigbee
dependsOn:
- name: emqx-cluster
- - name: external-secrets-stores
+ - name: onepassword-store
- name: volsync
interval: 30m
path: ./kubernetes/apps/default/zigbee/app
postBuild:
substitute:
APP: zigbee
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/external-secrets-stores
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/external-secrets-stores
@@ -1,23 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: external-secrets-stores
- namespace: flux-system
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: external-secrets-stores
- interval: 30m
- path: ./kubernetes/apps/external-secrets/external-secrets/stores
- prune: true
- sourceRef:
- kind: GitRepository
- name: flux-system
- targetNamespace: external-secrets
- timeout: 5m
- wait: true
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/onepassword-connect
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/onepassword-connect
@@ -1,23 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: onepassword-connect
- namespace: flux-system
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: onepassword-connect
- interval: 30m
- path: ./kubernetes/apps/external-secrets/onepassword-connect/app
- prune: true
- sourceRef:
- kind: GitRepository
- name: flux-system
- targetNamespace: external-secrets
- timeout: 5m
- wait: false
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/external-cloudflared
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/external-cloudflared
@@ -10,13 +10,13 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: external-cloudflared
dependsOn:
- name: external-external-dns
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/network/external/cloudflared
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/external-external-dns
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/external-external-dns
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: external-external-dns
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/network/external/external-dns
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/internal-external-dns
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/internal-external-dns
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: internal-external-dns
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/network/internal/external-dns
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/gatus
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/gatus
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: gatus
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/observability/gatus/app
postBuild:
substitute:
APP: gatus
GATUS_SUBDOMAIN: status
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/grafana
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/grafana
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: grafana
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/observability/grafana/app
postBuild:
substitute:
APP: grafana
prune: true
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/kube-prometheus-stack
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/kube-prometheus-stack
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: kube-prometheus-stack
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/observability/kube-prometheus-stack/app
postBuild:
substitute:
APP: kube-prometheus-stack
GATUS_SUBDOMAIN: prometheus
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/unpoller
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/unpoller
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: unpoller
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/observability/unpoller/app
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/rook-ceph
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/rook-ceph
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: rook-ceph
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/rook-ceph/rook-ceph/app
prune: false
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/rook-ceph-cluster
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/rook-ceph-cluster
@@ -9,13 +9,13 @@
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: rook-ceph-cluster
dependsOn:
- - name: external-secrets-stores
+ - name: onepassword-store
interval: 30m
path: ./kubernetes/apps/rook-ceph/rook-ceph/cluster
postBuild:
substitute:
APP: rook-ceph-cluster
GATUS_SUBDOMAIN: rook
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/onepassword
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/onepassword
@@ -0,0 +1,23 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: onepassword
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: onepassword
+ interval: 30m
+ path: ./kubernetes/apps/external-secrets/onepassword/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: flux-system
+ targetNamespace: external-secrets
+ timeout: 5m
+ wait: true
+
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/onepassword-store
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/onepassword-store
@@ -0,0 +1,25 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: onepassword-store
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: onepassword-store
+ dependsOn:
+ - name: onepassword
+ interval: 30m
+ path: ./kubernetes/apps/external-secrets/onepassword/store
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: flux-system
+ targetNamespace: external-secrets
+ timeout: 5m
+ wait: true
+
--- kubernetes/apps/default/qbittorrent/tools Kustomization: flux-system/qbittorrent-tools ExternalSecret: default/qbtools
+++ kubernetes/apps/default/qbittorrent/tools Kustomization: flux-system/qbittorrent-tools ExternalSecret: default/qbtools
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: sabnzbd
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: qbtools-secret
template:
data:
SABNZBD_API_KEY: '{{ .SABNZBD_API_KEY }}'
--- kubernetes/apps/default/prowlarr/app Kustomization: flux-system/prowlarr ExternalSecret: default/prowlarr
+++ kubernetes/apps/default/prowlarr/app Kustomization: flux-system/prowlarr ExternalSecret: default/prowlarr
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: prowlarr
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: prowlarr-secret
template:
data:
PROWLARR__AUTH__APIKEY: '{{ .PROWLARR_API_KEY }}'
--- kubernetes/apps/default/prowlarr/app Kustomization: flux-system/prowlarr ExternalSecret: default/prowlarr-volsync
+++ kubernetes/apps/default/prowlarr/app Kustomization: flux-system/prowlarr ExternalSecret: default/prowlarr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: prowlarr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/prowlarr
--- kubernetes/apps/default/prowlarr/app Kustomization: flux-system/prowlarr ExternalSecret: default/prowlarr-volsync-r2
+++ kubernetes/apps/default/prowlarr/app Kustomization: flux-system/prowlarr ExternalSecret: default/prowlarr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: prowlarr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/default/qbittorrent/app Kustomization: flux-system/qbittorrent ExternalSecret: default/qbittorrent
+++ kubernetes/apps/default/qbittorrent/app Kustomization: flux-system/qbittorrent ExternalSecret: default/qbittorrent
@@ -15,13 +15,13 @@
- extract:
key: pushover
- extract:
key: qbittorrent
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: qbittorrent-secret
template:
data:
CROSS_SEED_API_KEY: '{{ .CROSS_SEED_API_KEY }}'
PUSHOVER_TOKEN: '{{ .QBITTORRENT_PUSHOVER_TOKEN }}'
--- kubernetes/apps/default/qbittorrent/app Kustomization: flux-system/qbittorrent ExternalSecret: default/qbittorrent-volsync
+++ kubernetes/apps/default/qbittorrent/app Kustomization: flux-system/qbittorrent ExternalSecret: default/qbittorrent-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: qbittorrent-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/qbittorrent
--- kubernetes/apps/default/qbittorrent/app Kustomization: flux-system/qbittorrent ExternalSecret: default/qbittorrent-volsync-r2
+++ kubernetes/apps/default/qbittorrent/app Kustomization: flux-system/qbittorrent ExternalSecret: default/qbittorrent-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: qbittorrent-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/rook-ceph/rook-ceph/app Kustomization: flux-system/rook-ceph ExternalSecret: rook-ceph/rook-ceph-dashboard
+++ kubernetes/apps/rook-ceph/rook-ceph/app Kustomization: flux-system/rook-ceph ExternalSecret: rook-ceph/rook-ceph-dashboard
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: rook-ceph
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: rook-ceph-dashboard-password
template:
data:
password: '{{ .ROOK_DASHBOARD_PASSWORD }}'
--- kubernetes/apps/default/recyclarr/app Kustomization: flux-system/recyclarr ExternalSecret: default/recyclarr
+++ kubernetes/apps/default/recyclarr/app Kustomization: flux-system/recyclarr ExternalSecret: default/recyclarr
@@ -13,13 +13,13 @@
- extract:
key: radarr
- extract:
key: sonarr
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: recyclarr-secret
template:
data:
RADARR_API_KEY: '{{ .RADARR_API_KEY }}'
SONARR_API_KEY: '{{ .SONARR_API_KEY }}'
--- kubernetes/apps/default/recyclarr/app Kustomization: flux-system/recyclarr ExternalSecret: default/recyclarr-volsync
+++ kubernetes/apps/default/recyclarr/app Kustomization: flux-system/recyclarr ExternalSecret: default/recyclarr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: recyclarr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/recyclarr
--- kubernetes/apps/default/recyclarr/app Kustomization: flux-system/recyclarr ExternalSecret: default/recyclarr-volsync-r2
+++ kubernetes/apps/default/recyclarr/app Kustomization: flux-system/recyclarr ExternalSecret: default/recyclarr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: recyclarr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/default/slskd/app Kustomization: flux-system/slskd ExternalSecret: default/slskd
+++ kubernetes/apps/default/slskd/app Kustomization: flux-system/slskd ExternalSecret: default/slskd
@@ -13,13 +13,13 @@
- extract:
key: beets
- extract:
key: slskd
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: slskd-secret
template:
data:
BETANIN_API_KEY: '{{ .BETANIN_API_KEY }}'
SLSKD_SLSK_PASSWORD: '{{ .SLSKD_SLSK_PASSWORD }}'
--- kubernetes/apps/default/unpackerr/app Kustomization: flux-system/unpackerr ExternalSecret: default/unpackerr
+++ kubernetes/apps/default/unpackerr/app Kustomization: flux-system/unpackerr ExternalSecret: default/unpackerr
@@ -13,13 +13,13 @@
- extract:
key: radarr
- extract:
key: sonarr
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: unpackerr-secret
template:
data:
UN_RADARR_0_API_KEY: '{{ .RADARR_API_KEY }}'
UN_SONARR_0_API_KEY: '{{ .SONARR_API_KEY }}'
--- kubernetes/apps/observability/unpoller/app Kustomization: flux-system/unpoller ExternalSecret: observability/unpoller
+++ kubernetes/apps/observability/unpoller/app Kustomization: flux-system/unpoller ExternalSecret: observability/unpoller
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: unifi
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: unpoller-secret
template:
data:
UP_UNIFI_DEFAULT_API_KEY: '{{ .UNIFI_API_KEY }}'
--- kubernetes/apps/default/radarr/app Kustomization: flux-system/radarr ExternalSecret: default/radarr
+++ kubernetes/apps/default/radarr/app Kustomization: flux-system/radarr ExternalSecret: default/radarr
@@ -13,13 +13,13 @@
- extract:
key: pushover
- extract:
key: radarr
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: radarr-secret
template:
data:
PUSHOVER_TOKEN: '{{ .RADARR_PUSHOVER_TOKEN }}'
PUSHOVER_USER_KEY: '{{ .PUSHOVER_USER_KEY }}'
--- kubernetes/apps/default/radarr/app Kustomization: flux-system/radarr ExternalSecret: default/radarr-volsync
+++ kubernetes/apps/default/radarr/app Kustomization: flux-system/radarr ExternalSecret: default/radarr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: radarr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/radarr
--- kubernetes/apps/default/radarr/app Kustomization: flux-system/radarr ExternalSecret: default/radarr-volsync-r2
+++ kubernetes/apps/default/radarr/app Kustomization: flux-system/radarr ExternalSecret: default/radarr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: radarr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/default/tautulli/app Kustomization: flux-system/tautulli ExternalSecret: default/tautulli-volsync
+++ kubernetes/apps/default/tautulli/app Kustomization: flux-system/tautulli ExternalSecret: default/tautulli-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: tautulli-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/tautulli
--- kubernetes/apps/default/tautulli/app Kustomization: flux-system/tautulli ExternalSecret: default/tautulli-volsync-r2
+++ kubernetes/apps/default/tautulli/app Kustomization: flux-system/tautulli ExternalSecret: default/tautulli-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: tautulli-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/default/zwave/app Kustomization: flux-system/zwave ExternalSecret: default/zwave-volsync
+++ kubernetes/apps/default/zwave/app Kustomization: flux-system/zwave ExternalSecret: default/zwave-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: zwave-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/zwave
--- kubernetes/apps/default/zwave/app Kustomization: flux-system/zwave ExternalSecret: default/zwave-volsync-r2
+++ kubernetes/apps/default/zwave/app Kustomization: flux-system/zwave ExternalSecret: default/zwave-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: zwave-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/default/sabnzbd/app Kustomization: flux-system/sabnzbd ExternalSecret: default/sabnzbd
+++ kubernetes/apps/default/sabnzbd/app Kustomization: flux-system/sabnzbd ExternalSecret: default/sabnzbd
@@ -15,13 +15,13 @@
- extract:
key: pushover
- extract:
key: sabnzbd
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: sabnzbd-secret
template:
data:
CROSS_SEED_API_KEY: '{{ .CROSS_SEED_API_KEY }}'
PUSHOVER_TOKEN: '{{ .SABNZBD_PUSHOVER_TOKEN }}'
--- kubernetes/apps/default/sabnzbd/app Kustomization: flux-system/sabnzbd ExternalSecret: default/sabnzbd-volsync
+++ kubernetes/apps/default/sabnzbd/app Kustomization: flux-system/sabnzbd ExternalSecret: default/sabnzbd-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: sabnzbd-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/sabnzbd
--- kubernetes/apps/default/sabnzbd/app Kustomization: flux-system/sabnzbd ExternalSecret: default/sabnzbd-volsync-r2
+++ kubernetes/apps/default/sabnzbd/app Kustomization: flux-system/sabnzbd ExternalSecret: default/sabnzbd-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: sabnzbd-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/default/sonarr/app Kustomization: flux-system/sonarr ExternalSecret: default/sonarr
+++ kubernetes/apps/default/sonarr/app Kustomization: flux-system/sonarr ExternalSecret: default/sonarr
@@ -13,13 +13,13 @@
- extract:
key: sonarr
- extract:
key: pushover
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: sonarr-secret
template:
data:
PUSHOVER_TOKEN: '{{ .SONARR_PUSHOVER_TOKEN }}'
PUSHOVER_USER_KEY: '{{ .PUSHOVER_USER_KEY }}'
--- kubernetes/apps/default/sonarr/app Kustomization: flux-system/sonarr ExternalSecret: default/sonarr-volsync
+++ kubernetes/apps/default/sonarr/app Kustomization: flux-system/sonarr ExternalSecret: default/sonarr-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: sonarr-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/sonarr
--- kubernetes/apps/default/sonarr/app Kustomization: flux-system/sonarr ExternalSecret: default/sonarr-volsync-r2
+++ kubernetes/apps/default/sonarr/app Kustomization: flux-system/sonarr ExternalSecret: default/sonarr-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: sonarr-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/cert-manager/cert-manager/tls Kustomization: flux-system/cert-manager-tls PushSecret: cert-manager/devbu-io-tls
+++ kubernetes/apps/cert-manager/cert-manager/tls Kustomization: flux-system/cert-manager-tls PushSecret: cert-manager/devbu-io-tls
@@ -19,13 +19,13 @@
remoteRef:
property: tls.key
remoteKey: devbu-io-tls
secretKey: tls.key
secretStoreRefs:
- kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
selector:
secret:
name: devbu-io-tls
template:
data:
tls.crt: '{{ index . "tls.crt" | b64enc }}'
--- kubernetes/apps/network/external/cloudflared Kustomization: flux-system/external-cloudflared ExternalSecret: network/cloudflared-tunnel
+++ kubernetes/apps/network/external/cloudflared Kustomization: flux-system/external-cloudflared ExternalSecret: network/cloudflared-tunnel
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: cloudflare
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: cloudflared-tunnel-secret
template:
data:
credentials.json: |
{
--- kubernetes/apps/default/rtlamr2mqtt/app Kustomization: flux-system/rtlamr2mqtt ExternalSecret: default/rtlamr2mqtt
+++ kubernetes/apps/default/rtlamr2mqtt/app Kustomization: flux-system/rtlamr2mqtt ExternalSecret: default/rtlamr2mqtt
@@ -14,13 +14,13 @@
key: emqx
- extract:
key: rtlamr2mqtt
refreshInterval: 5m
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: rtlamr2mqtt-secret
template:
data:
rtlamr2mqtt.yaml: |
general:
--- kubernetes/apps/default/home-assistant/app Kustomization: flux-system/home-assistant ExternalSecret: default/home-assistant
+++ kubernetes/apps/default/home-assistant/app Kustomization: flux-system/home-assistant ExternalSecret: default/home-assistant
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: home-assistant
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: home-assistant-secret
template:
data:
HASS_DARKSKY_API_KEY: '{{ .HASS_DARKSKY_API_KEY }}'
HASS_ECOBEE_API_KEY: '{{ .HASS_ECOBEE_API_KEY }}'
--- kubernetes/apps/default/home-assistant/app Kustomization: flux-system/home-assistant ExternalSecret: default/home-assistant-volsync
+++ kubernetes/apps/default/home-assistant/app Kustomization: flux-system/home-assistant ExternalSecret: default/home-assistant-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: home-assistant-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/home-assistant
--- kubernetes/apps/default/home-assistant/app Kustomization: flux-system/home-assistant ExternalSecret: default/home-assistant-volsync-r2
+++ kubernetes/apps/default/home-assistant/app Kustomization: flux-system/home-assistant ExternalSecret: default/home-assistant-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: home-assistant-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/default/zigbee/app Kustomization: flux-system/zigbee ExternalSecret: default/zigbee
+++ kubernetes/apps/default/zigbee/app Kustomization: flux-system/zigbee ExternalSecret: default/zigbee
@@ -13,13 +13,13 @@
- extract:
key: emqx
- extract:
key: zigbee
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: zigbee-secret
template:
data:
ZIGBEE2MQTT_CONFIG_ADVANCED_EXT_PAN_ID: '{{ .ZIGBEE2MQTT_CONFIG_ADVANCED_EXT_PAN_ID
}}'
--- kubernetes/apps/default/zigbee/app Kustomization: flux-system/zigbee ExternalSecret: default/zigbee-volsync
+++ kubernetes/apps/default/zigbee/app Kustomization: flux-system/zigbee ExternalSecret: default/zigbee-volsync
@@ -11,13 +11,13 @@
spec:
dataFrom:
- extract:
key: volsync-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: zigbee-volsync-secret
template:
data:
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
RESTIC_REPOSITORY: /repository/zigbee
--- kubernetes/apps/default/zigbee/app Kustomization: flux-system/zigbee ExternalSecret: default/zigbee-volsync-r2
+++ kubernetes/apps/default/zigbee/app Kustomization: flux-system/zigbee ExternalSecret: default/zigbee-volsync-r2
@@ -13,13 +13,13 @@
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
secretStoreRef:
kind: ClusterSecretStore
- name: onepassword-connect
+ name: onepassword
target:
name: zigbee-volsync-r2-secret
template:
data:
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
--- kubernetes/apps/external-secrets/onepassword/app Kustomization: flux-system/onepassword HelmRelease: external-secrets/onepassword
+++ kubernetes/apps/external-secrets/onepassword/app Kustomization: flux-system/onepassword HelmRelease: external-secrets/onepassword
@@ -0,0 +1,145 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/name: onepassword
+ kustomize.toolkit.fluxcd.io/name: onepassword
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: onepassword
+ namespace: external-secrets
+spec:
+ chart:
+ spec:
+ chart: app-template
+ sourceRef:
+ kind: HelmRepository
+ name: bjw-s
+ namespace: flux-system
+ version: 3.6.1
+ install:
+ remediation:
+ retries: 3
+ interval: 30m
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ strategy: rollback
+ values:
+ controllers:
+ onepassword:
+ annotations:
+ reloader.stakater.com/auto: 'true'
+ containers:
+ api:
+ env:
+ OP_BUS_PEERS: localhost:11221
+ OP_BUS_PORT: 11220
+ OP_HTTP_PORT: 80
+ OP_SESSION:
+ valueFrom:
+ secretKeyRef:
+ key: 1password-credentials.json
+ name: onepassword-secret
+ XDG_DATA_HOME: /config
+ image:
+ repository: docker.io/1password/connect-api
+ tag: 1.7.3@sha256:0601c7614e102eada268dbda6ba4b5886ce77713be2c332ec6a2fd0f028484ba
+ probes:
+ liveness:
+ custom: true
+ enabled: true
+ spec:
+ failureThreshold: 3
+ httpGet:
+ path: /heartbeat
+ port: 80
+ initialDelaySeconds: 15
+ periodSeconds: 30
+ readiness:
+ custom: true
+ enabled: true
+ spec:
+ httpGet:
+ path: /health
+ port: 80
+ initialDelaySeconds: 15
+ resources:
+ limits:
+ memory: 256M
+ requests:
+ cpu: 10m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ sync:
+ env:
+ OP_BUS_PEERS: localhost:11220
+ OP_BUS_PORT: 11221
+ OP_HTTP_PORT: 8081
+ OP_SESSION:
+ valueFrom:
+ secretKeyRef:
+ key: 1password-credentials.json
+ name: onepassword-secret
+ XDG_DATA_HOME: /config
+ image:
+ repository: docker.io/1password/connect-sync
+ tag: 1.7.3@sha256:2f17621c7eb27bbcb1f86bbc5e5a5198bf54ac3b9c2ffac38064d03c932b07d5
+ probes:
+ liveness:
+ custom: true
+ enabled: true
+ spec:
+ failureThreshold: 3
+ httpGet:
+ path: /heartbeat
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 30
+ readiness:
+ custom: true
+ enabled: true
+ spec:
+ httpGet:
+ path: /health
+ port: 8081
+ initialDelaySeconds: 15
+ resources:
+ limits:
+ memory: 256M
+ requests:
+ cpu: 10m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ replicas: 1
+ strategy: RollingUpdate
+ defaultPodOptions:
+ securityContext:
+ fsGroup: 999
+ fsGroupChangePolicy: OnRootMismatch
+ runAsGroup: 999
+ runAsNonRoot: true
+ runAsUser: 999
+ seccompProfile:
+ type: RuntimeDefault
+ persistence:
+ config:
+ globalMounts:
+ - path: /config
+ type: emptyDir
+ service:
+ app:
+ controller: onepassword
+ ports:
+ http:
+ port: 80
+
--- kubernetes/apps/external-secrets/onepassword/store Kustomization: flux-system/onepassword-store ClusterSecretStore: external-secrets/onepassword
+++ kubernetes/apps/external-secrets/onepassword/store Kustomization: flux-system/onepassword-store ClusterSecretStore: external-secrets/onepassword
@@ -0,0 +1,23 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+ labels:
+ app.kubernetes.io/name: onepassword-store
+ kustomize.toolkit.fluxcd.io/name: onepassword-store
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: onepassword
+ namespace: external-secrets
+spec:
+ provider:
+ onepassword:
+ auth:
+ secretRef:
+ connectTokenSecretRef:
+ key: token
+ name: onepassword-secret
+ namespace: external-secrets
+ connectHost: http://onepassword.external-secrets.svc.cluster.local
+ vaults:
+ Kubernetes: 1
+ |
--- HelmRelease: external-secrets/onepassword-connect Service: external-secrets/onepassword-connect
+++ HelmRelease: external-secrets/onepassword-connect Service: external-secrets/onepassword-connect
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: onepassword-connect
- labels:
- app.kubernetes.io/instance: onepassword-connect
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: onepassword-connect
- app.kubernetes.io/service: onepassword-connect
-spec:
- type: ClusterIP
- ports:
- - port: 80
- targetPort: 80
- protocol: TCP
- name: http
- selector:
- app.kubernetes.io/component: onepassword-connect
- app.kubernetes.io/instance: onepassword-connect
- app.kubernetes.io/name: onepassword-connect
-
--- HelmRelease: external-secrets/onepassword-connect Deployment: external-secrets/onepassword-connect
+++ HelmRelease: external-secrets/onepassword-connect Deployment: external-secrets/onepassword-connect
@@ -1,133 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: onepassword-connect
- labels:
- app.kubernetes.io/component: onepassword-connect
- app.kubernetes.io/instance: onepassword-connect
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: onepassword-connect
- annotations:
- reloader.stakater.com/auto: 'true'
-spec:
- revisionHistoryLimit: 3
- replicas: 1
- strategy:
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/component: onepassword-connect
- app.kubernetes.io/name: onepassword-connect
- app.kubernetes.io/instance: onepassword-connect
- template:
- metadata:
- labels:
- app.kubernetes.io/component: onepassword-connect
- app.kubernetes.io/instance: onepassword-connect
- app.kubernetes.io/name: onepassword-connect
- spec:
- enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
- securityContext:
- fsGroup: 999
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 999
- runAsNonRoot: true
- runAsUser: 999
- seccompProfile:
- type: RuntimeDefault
- hostIPC: false
- hostNetwork: false
- hostPID: false
- dnsPolicy: ClusterFirst
- containers:
- - env:
- - name: OP_BUS_PEERS
- value: localhost:11221
- - name: OP_BUS_PORT
- value: '11220'
- - name: OP_HTTP_PORT
- value: '80'
- - name: OP_SESSION
- valueFrom:
- secretKeyRef:
- key: 1password-credentials.json
- name: onepassword-connect-secret
- - name: XDG_DATA_HOME
- value: /config
- image: docker.io/1password/connect-api:1.7.3@sha256:0601c7614e102eada268dbda6ba4b5886ce77713be2c332ec6a2fd0f028484ba
- livenessProbe:
- failureThreshold: 3
- httpGet:
- path: /heartbeat
- port: 80
- initialDelaySeconds: 15
- periodSeconds: 30
- name: api
- readinessProbe:
- httpGet:
- path: /health
- port: 80
- initialDelaySeconds: 15
- resources:
- limits:
- memory: 256M
- requests:
- cpu: 10m
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- volumeMounts:
- - mountPath: /config
- name: config
- - env:
- - name: OP_BUS_PEERS
- value: localhost:11220
- - name: OP_BUS_PORT
- value: '11221'
- - name: OP_HTTP_PORT
- value: '8081'
- - name: OP_SESSION
- valueFrom:
- secretKeyRef:
- key: 1password-credentials.json
- name: onepassword-connect-secret
- - name: XDG_DATA_HOME
- value: /config
- image: docker.io/1password/connect-sync:1.7.3@sha256:2f17621c7eb27bbcb1f86bbc5e5a5198bf54ac3b9c2ffac38064d03c932b07d5
- livenessProbe:
- failureThreshold: 3
- httpGet:
- path: /heartbeat
- port: 8081
- initialDelaySeconds: 15
- periodSeconds: 30
- name: sync
- readinessProbe:
- httpGet:
- path: /health
- port: 8081
- initialDelaySeconds: 15
- resources:
- limits:
- memory: 256M
- requests:
- cpu: 10m
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- volumeMounts:
- - mountPath: /config
- name: config
- volumes:
- - emptyDir: {}
- name: config
-
--- HelmRelease: external-secrets/onepassword Service: external-secrets/onepassword
+++ HelmRelease: external-secrets/onepassword Service: external-secrets/onepassword
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: onepassword
+ labels:
+ app.kubernetes.io/instance: onepassword
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: onepassword
+ app.kubernetes.io/service: onepassword
+spec:
+ type: ClusterIP
+ ports:
+ - port: 80
+ targetPort: 80
+ protocol: TCP
+ name: http
+ selector:
+ app.kubernetes.io/component: onepassword
+ app.kubernetes.io/instance: onepassword
+ app.kubernetes.io/name: onepassword
+
--- HelmRelease: external-secrets/onepassword Deployment: external-secrets/onepassword
+++ HelmRelease: external-secrets/onepassword Deployment: external-secrets/onepassword
@@ -0,0 +1,133 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: onepassword
+ labels:
+ app.kubernetes.io/component: onepassword
+ app.kubernetes.io/instance: onepassword
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: onepassword
+ annotations:
+ reloader.stakater.com/auto: 'true'
+spec:
+ revisionHistoryLimit: 3
+ replicas: 1
+ strategy:
+ type: RollingUpdate
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: onepassword
+ app.kubernetes.io/name: onepassword
+ app.kubernetes.io/instance: onepassword
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/component: onepassword
+ app.kubernetes.io/instance: onepassword
+ app.kubernetes.io/name: onepassword
+ spec:
+ enableServiceLinks: false
+ serviceAccountName: default
+ automountServiceAccountToken: true
+ securityContext:
+ fsGroup: 999
+ fsGroupChangePolicy: OnRootMismatch
+ runAsGroup: 999
+ runAsNonRoot: true
+ runAsUser: 999
+ seccompProfile:
+ type: RuntimeDefault
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
+ dnsPolicy: ClusterFirst
+ containers:
+ - env:
+ - name: OP_BUS_PEERS
+ value: localhost:11221
+ - name: OP_BUS_PORT
+ value: '11220'
+ - name: OP_HTTP_PORT
+ value: '80'
+ - name: OP_SESSION
+ valueFrom:
+ secretKeyRef:
+ key: 1password-credentials.json
+ name: onepassword-secret
+ - name: XDG_DATA_HOME
+ value: /config
+ image: docker.io/1password/connect-api:1.7.3@sha256:0601c7614e102eada268dbda6ba4b5886ce77713be2c332ec6a2fd0f028484ba
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /heartbeat
+ port: 80
+ initialDelaySeconds: 15
+ periodSeconds: 30
+ name: api
+ readinessProbe:
+ httpGet:
+ path: /health
+ port: 80
+ initialDelaySeconds: 15
+ resources:
+ limits:
+ memory: 256M
+ requests:
+ cpu: 10m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /config
+ name: config
+ - env:
+ - name: OP_BUS_PEERS
+ value: localhost:11220
+ - name: OP_BUS_PORT
+ value: '11221'
+ - name: OP_HTTP_PORT
+ value: '8081'
+ - name: OP_SESSION
+ valueFrom:
+ secretKeyRef:
+ key: 1password-credentials.json
+ name: onepassword-secret
+ - name: XDG_DATA_HOME
+ value: /config
+ image: docker.io/1password/connect-sync:1.7.3@sha256:2f17621c7eb27bbcb1f86bbc5e5a5198bf54ac3b9c2ffac38064d03c932b07d5
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /heartbeat
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 30
+ name: sync
+ readinessProbe:
+ httpGet:
+ path: /health
+ port: 8081
+ initialDelaySeconds: 15
+ resources:
+ limits:
+ memory: 256M
+ requests:
+ cpu: 10m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /config
+ name: config
+ volumes:
+ - emptyDir: {}
+ name: config
+ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Need to manually create the renamed secret
onepassword-secret