diff --git a/k8s/apps/amnezia/external-secrets.yaml b/k8s/apps/amnezia/external-secrets.yaml index d3e63f8..2a20341 100644 --- a/k8s/apps/amnezia/external-secrets.yaml +++ b/k8s/apps/amnezia/external-secrets.yaml @@ -48,3 +48,31 @@ spec: remoteRef: key: 3092dc7c-41dd-461a-9f7a-377727f47e93 property: fields[1].value +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: amnezia-fellow +spec: + target: + name: amnezia-fellow + deletionPolicy: Delete + template: + type: Opaque + data: + database-url: |- + postgresql://amnezia_fellow:{{ .amnezia_fellow }}@psql.psql.svc:5432/amnezia_fellow + postgres-password: |- + {{ .amnezia_fellow }} + data: + - secretKey: amnezia_fellow + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + conversionStrategy: Default + decodingStrategy: None + metadataPolicy: None + key: 2a9deb39-ef22-433e-a1be-df1555625e22 + property: fields[19].value diff --git a/k8s/apps/amnezia/fellow-deployment.yaml b/k8s/apps/amnezia/fellow-deployment.yaml index 0837c48..ceb743b 100644 --- a/k8s/apps/amnezia/fellow-deployment.yaml +++ b/k8s/apps/amnezia/fellow-deployment.yaml @@ -5,6 +5,8 @@ metadata: name: amnezia-fellow labels: app: amnezia-fellow + annotations: + secret.reloader.stakater.com/reload: "amnezia-fellow" spec: replicas: 1 strategy: @@ -31,7 +33,12 @@ spec: protocol: TCP env: - name: AMNEZIA_FELLOW_DATABASE_URL - value: "sqlite:///data/amnezia-fellow.sqlite3?mode=rwc" + valueFrom: + secretKeyRef: + name: amnezia-fellow + key: database-url + - name: AMNEZIA_FELLOW_MIGRATE_SQLITE + value: "sqlite:///data/amnezia-fellow.sqlite3?mode=ro" - name: AMNEZIA_FELLOW_K8S_NAMESPACE value: "amnezia" - name: AMNEZIA_FELLOW_K8S_CLIENTS_SECRET