BC-8267 - aktivate for dev thr only the one mongo cluster for all mode (

#24)

ansible/roles/tldraw-server/tasks/main.yml

@@ -1,3 +1,17 @@
+  - name: External Secret for TlDraw Server
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: tldraw-server-external-secret.yml.j2
+      state: "{{ 'present' if 
+               WITH_BRANCH_MONGO_DB_MANAGEMENT is defined and WITH_BRANCH_MONGO_DB_MANAGEMENT|bool and
+               WITH_TLDRAW2 is defined and WITH_TLDRAW2|bool
+               else 'absent'}}"
+    when:
+     - EXTERNAL_SECRETS_OPERATOR is defined and EXTERNAL_SECRETS_OPERATOR|bool
+    tags:
+     - 1password
+
   - name: TlDraw server Secret (from 1Password)
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config

ansible/roles/tldraw-server/templates/onepassword.yml.j2

@@ -1,7 +1,7 @@
 apiVersion: onepassword.com/v1
 kind: OnePasswordItem
 metadata:
-  name: tldraw-server-secret
+  name: tldraw-server-secret{{ EXTERNAL_SECRETS_POSTFIX }}
   namespace: {{ NAMESPACE }}
   labels:
     app: tldraw-server

ansible/roles/tldraw-server/templates/tldraw-server-external-secret.yml.j2

@@ -0,0 +1,27 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: tldraw-server-secret
+  namespace: {{ NAMESPACE }}
+  labels:
+    app: tldraw-server
+spec:
+  refreshInterval: {{ EXTERNAL_SECRETS_REFRESH_INTERVAL }}
+  secretStoreRef:
+    kind: SecretStore
+    name: {{ EXTERNAL_SECRETS_K8S_STORE }}
+  target:
+    name: tldraw-server-secret
+    template:
+      engineVersion: v2
+      mergePolicy: Merge
+      data:
+        TLDRAW_DB_URL: "{{ '{{ .MONGO_MANAGEMENT_TEMPLATE_URL }}/' ~ MONGO_MANAGEMENT_PREFIX ~ 'tldraw' ~ MONGO_MANAGEMENT_POSTFIX }}"
+  dataFrom:
+  - extract:
+      key: tldraw-server-secret{{ EXTERNAL_SECRETS_POSTFIX }}
+  data:
+  - secretKey: MONGO_MANAGEMENT_TEMPLATE_URL
+    remoteRef:
+      key: mongo-cluster-readwrite-secret
+      property: credentials-url