homelab/k8s/core/postgresql/external-secrets.yaml

---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: postgres-creds
spec:
  target:
    name: postgres-secret
    deletionPolicy: Delete
    template:
      type: Opaque
      data:
        PGADMIN_DEFAULT_EMAIL: |-
          {{ .username }}
        PGADMIN_DEFAULT_PASSWORD: |-
          {{ .password }}
        PGADMIN_CONFIG_OAUTH2_CONFIG: |-
          [
            {
              'OAUTH2_NAME': 'Authentik',
              'OAUTH2_DISPLAY_NAME': 'Authentik',
              'OAUTH2_CLIENT_ID': '{{ .client_id }}',
              'OAUTH2_CLIENT_SECRET': '{{ .client_secret }}',
              'OAUTH2_TOKEN_URL': '{{ .pgadmin_url }}/application/o/token/',
              'OAUTH2_AUTHORIZATION_URL': '{{ .pgadmin_url }}/application/o/authorize/',
              'OAUTH2_SERVER_METADATA_URL': '{{ .pgadmin_url }}/application/o/pgadmin/.well-known/openid-configuration',
              'OAUTH2_API_BASE_URL': '{{ .pgadmin_url }}',
              'OAUTH2_USERINFO_ENDPOINT': '{{ .pgadmin_url }}/application/o/userinfo/',
              'OAUTH2_SCOPE': 'openid profile email',
              'OAUTH2_USERNAME_CLAIM': 'email',
              'OAUTH2_BUTTON_COLOR': '#000000',
              'OAUTH2_SSL_CERT_VERIFICATION': False,
              'OAUTH2_LOGOUT_URL': '{{ .pgadmin_url }}/application/o/pgadmin/end-session/'
            }
          ]
  data:
    - secretKey: username
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 832042b9-7edb-4f4c-9254-3c8884ba9733
        property: login.username
    - secretKey: password
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 832042b9-7edb-4f4c-9254-3c8884ba9733
        property: login.password
    - secretKey: client_id
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 832042b9-7edb-4f4c-9254-3c8884ba9733
        property: fields[0].value
    - secretKey: client_secret
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 832042b9-7edb-4f4c-9254-3c8884ba9733
        property: fields[1].value
    - secretKey: pgadmin_url
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 832042b9-7edb-4f4c-9254-3c8884ba9733
        property: fields[2].value
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: postgres-users
spec:
  target:
    name: postgres-users
    deletionPolicy: Delete
    template:
      type: Opaque
      data:
        USER_authentik: |-
          {{ .authentik }}
        USER_paperless: |-
          {{ .paperless }}
        USER_nextcloud: |-
          {{ .nextcloud }}
        USER_outfleet: |-
          {{ .outfleet }}
        USER_grafana: |-
          {{ .grafana }}
        USER_khm: |-
          {{ .khm }}
  data:
    - secretKey: authentik
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 2a9deb39-ef22-433e-a1be-df1555625e22
        property: fields[0].value
    - secretKey: outfleet
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 2a9deb39-ef22-433e-a1be-df1555625e22
        property: fields[1].value
    - secretKey: grafana
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 2a9deb39-ef22-433e-a1be-df1555625e22
        property: fields[2].value
    - secretKey: khm
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 2a9deb39-ef22-433e-a1be-df1555625e22
        property: fields[3].value
    - secretKey: nextcloud
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 2a9deb39-ef22-433e-a1be-df1555625e22
        property: fields[4].value
    - secretKey: paperless
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 2a9deb39-ef22-433e-a1be-df1555625e22
        property: fields[5].value
Added psql 2025-04-06 01:04:30 +01:00			`---`
			`apiVersion: external-secrets.io/v1beta1`
			`kind: ExternalSecret`
			`metadata:`
			`name: postgres-creds`
			`spec:`
			`target:`
			`name: postgres-secret`
			`deletionPolicy: Delete`
			`template:`
			`type: Opaque`
			`data:`
			`PGADMIN_DEFAULT_EMAIL: \|-`
			`{{ .username }}`
			`PGADMIN_DEFAULT_PASSWORD: \|-`
			`{{ .password }}`
			`PGADMIN_CONFIG_OAUTH2_CONFIG: \|-`
			`[`
			`{`
			`'OAUTH2_NAME': 'Authentik',`
			`'OAUTH2_DISPLAY_NAME': 'Authentik',`
			`'OAUTH2_CLIENT_ID': '{{ .client_id }}',`
			`'OAUTH2_CLIENT_SECRET': '{{ .client_secret }}',`
			`'OAUTH2_TOKEN_URL': '{{ .pgadmin_url }}/application/o/token/',`
			`'OAUTH2_AUTHORIZATION_URL': '{{ .pgadmin_url }}/application/o/authorize/',`
			`'OAUTH2_SERVER_METADATA_URL': '{{ .pgadmin_url }}/application/o/pgadmin/.well-known/openid-configuration',`
			`'OAUTH2_API_BASE_URL': '{{ .pgadmin_url }}',`
			`'OAUTH2_USERINFO_ENDPOINT': '{{ .pgadmin_url }}/application/o/userinfo/',`
			`'OAUTH2_SCOPE': 'openid profile email',`
			`'OAUTH2_USERNAME_CLAIM': 'email',`
			`'OAUTH2_BUTTON_COLOR': '#000000',`
			`'OAUTH2_SSL_CERT_VERIFICATION': False,`
			`'OAUTH2_LOGOUT_URL': '{{ .pgadmin_url }}/application/o/pgadmin/end-session/'`
			`}`
			`]`
			`data:`
			`- secretKey: username`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 832042b9-7edb-4f4c-9254-3c8884ba9733`
			`property: login.username`
			`- secretKey: password`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 832042b9-7edb-4f4c-9254-3c8884ba9733`
			`property: login.password`
			`- secretKey: client_id`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 832042b9-7edb-4f4c-9254-3c8884ba9733`
			`property: fields[0].value`
			`- secretKey: client_secret`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 832042b9-7edb-4f4c-9254-3c8884ba9733`
			`property: fields[1].value`
			`- secretKey: pgadmin_url`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 832042b9-7edb-4f4c-9254-3c8884ba9733`
			`property: fields[2].value`
			`---`
			`apiVersion: external-secrets.io/v1beta1`
			`kind: ExternalSecret`
			`metadata:`
			`name: postgres-users`
			`spec:`
			`target:`
			`name: postgres-users`
			`deletionPolicy: Delete`
			`template:`
			`type: Opaque`
			`data:`
			`USER_authentik: \|-`
			`{{ .authentik }}`
			`USER_paperless: \|-`
			`{{ .paperless }}`
			`USER_nextcloud: \|-`
			`{{ .nextcloud }}`
			`USER_outfleet: \|-`
			`{{ .outfleet }}`
			`USER_grafana: \|-`
			`{{ .grafana }}`
			`USER_khm: \|-`
			`{{ .khm }}`
			`data:`
			`- secretKey: authentik`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 2a9deb39-ef22-433e-a1be-df1555625e22`
			`property: fields[0].value`
			`- secretKey: outfleet`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 2a9deb39-ef22-433e-a1be-df1555625e22`
			`property: fields[1].value`
			`- secretKey: grafana`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 2a9deb39-ef22-433e-a1be-df1555625e22`
			`property: fields[2].value`
			`- secretKey: khm`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 2a9deb39-ef22-433e-a1be-df1555625e22`
			`property: fields[3].value`
			`- secretKey: nextcloud`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 2a9deb39-ef22-433e-a1be-df1555625e22`
			`property: fields[4].value`
			`- secretKey: paperless`
			`sourceRef:`
			`storeRef:`
			`name: vaultwarden-login`
			`kind: ClusterSecretStore`
			`remoteRef:`
			`key: 2a9deb39-ef22-433e-a1be-df1555625e22`
			`property: fields[5].value`