ab/homelab
1
0
Fork 1
Code Pull Requests Actions Packages Wiki Activity
Files
e0ef44d8bd2b38642e179de3fb046aef2c7d1f91
homelab/k8s/core/postgresql/external-secrets.yaml
Ultradesu cc4bc59cda
All checks were successful
Check with kubeconform / lint (push) Successful in 4s
Details
Got rid of NS in resources PG
2025-04-13 19:25:58 +01:00

150 lines
4.3 KiB
YAML
Raw Blame History

---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: postgres-creds
spec:
target:
name: postgres-secret
deletionPolicy: Delete
template:
type: Opaque
data:
PGADMIN_DEFAULT_EMAIL: |-
{{ .username }}
PGADMIN_DEFAULT_PASSWORD: |-
{{ .password }}
PGADMIN_CONFIG_OAUTH2_CONFIG: |-
[
{
'OAUTH2_NAME': 'Authentik',
'OAUTH2_DISPLAY_NAME': 'Authentik',
'OAUTH2_CLIENT_ID': '{{ .client_id }}',
'OAUTH2_CLIENT_SECRET': '{{ .client_secret }}',
'OAUTH2_TOKEN_URL': '{{ .pgadmin_url }}/application/o/token/',
'OAUTH2_AUTHORIZATION_URL': '{{ .pgadmin_url }}/application/o/authorize/',
'OAUTH2_SERVER_METADATA_URL': '{{ .pgadmin_url }}/application/o/pgadmin/.well-known/openid-configuration',
'OAUTH2_API_BASE_URL': '{{ .pgadmin_url }}',
'OAUTH2_USERINFO_ENDPOINT': '{{ .pgadmin_url }}/application/o/userinfo/',
'OAUTH2_SCOPE': 'openid profile email',
'OAUTH2_USERNAME_CLAIM': 'email',
'OAUTH2_BUTTON_COLOR': '#000000',
'OAUTH2_SSL_CERT_VERIFICATION': False,
'OAUTH2_LOGOUT_URL': '{{ .pgadmin_url }}/application/o/pgadmin/end-session/'
}
]
data:
- secretKey: username
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
key: 832042b9-7edb-4f4c-9254-3c8884ba9733
property: login.username
- secretKey: password
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
key: 832042b9-7edb-4f4c-9254-3c8884ba9733
property: login.password
- secretKey: client_id
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
key: 832042b9-7edb-4f4c-9254-3c8884ba9733
property: fields[0].value
- secretKey: client_secret
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
key: 832042b9-7edb-4f4c-9254-3c8884ba9733
property: fields[1].value
- secretKey: pgadmin_url
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
key: 832042b9-7edb-4f4c-9254-3c8884ba9733
property: fields[2].value
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: postgres-users
spec:
target:
name: postgres-users
deletionPolicy: Delete
template:
type: Opaque
data:
USER_authentik: |-
{{ .authentik }}
USER_paperless: |-
{{ .paperless }}
USER_nextcloud: |-
{{ .nextcloud }}
USER_outfleet: |-
{{ .outfleet }}
USER_grafana: |-
{{ .grafana }}
USER_khm: |-
{{ .khm }}
data:
- secretKey: authentik
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
key: 2a9deb39-ef22-433e-a1be-df1555625e22
property: fields[0].value
- secretKey: outfleet
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
key: 2a9deb39-ef22-433e-a1be-df1555625e22
property: fields[1].value
- secretKey: grafana
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
key: 2a9deb39-ef22-433e-a1be-df1555625e22
property: fields[2].value
- secretKey: khm
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
key: 2a9deb39-ef22-433e-a1be-df1555625e22
property: fields[3].value
- secretKey: nextcloud
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
key: 2a9deb39-ef22-433e-a1be-df1555625e22
property: fields[4].value
- secretKey: paperless
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
key: 2a9deb39-ef22-433e-a1be-df1555625e22
property: fields[5].value
View Git Blame Copy Permalink