From cf6ac87e7b9b6570ecb24c80e8b9347b565e6e9b Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Thu, 17 Oct 2024 12:29:19 +0200 Subject: [PATCH] BC-8267 - add ExternalSecret for tldraw server --- ansible/roles/tldraw-server/tasks/main.yml | 14 ++++++++++ .../templates/onepassword.yml.j2 | 2 +- .../tldraw-server-external-secret.yml.j2 | 27 +++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/tldraw-server/templates/tldraw-server-external-secret.yml.j2 diff --git a/ansible/roles/tldraw-server/tasks/main.yml b/ansible/roles/tldraw-server/tasks/main.yml index 87ac6453..f8b1f6d4 100644 --- a/ansible/roles/tldraw-server/tasks/main.yml +++ b/ansible/roles/tldraw-server/tasks/main.yml @@ -1,3 +1,17 @@ + - name: External Secret for TlDraw Server + kubernetes.core.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: tldraw-server-external-secret.yml.j2 + state: "{{ 'present' if + WITH_BRANCH_MONGO_DB_MANAGEMENT is defined and WITH_BRANCH_MONGO_DB_MANAGEMENT|bool and + WITH_TLDRAW2 is defined and WITH_TLDRAW2|bool + else 'absent'}}" + when: + - EXTERNAL_SECRETS_OPERATOR is defined and EXTERNAL_SECRETS_OPERATOR|bool + tags: + - 1password + - name: TlDraw server Secret (from 1Password) kubernetes.core.k8s: kubeconfig: ~/.kube/config diff --git a/ansible/roles/tldraw-server/templates/onepassword.yml.j2 b/ansible/roles/tldraw-server/templates/onepassword.yml.j2 index 14021d8b..9257e4db 100644 --- a/ansible/roles/tldraw-server/templates/onepassword.yml.j2 +++ b/ansible/roles/tldraw-server/templates/onepassword.yml.j2 @@ -1,7 +1,7 @@ apiVersion: onepassword.com/v1 kind: OnePasswordItem metadata: - name: tldraw-server-secret + name: tldraw-server-secret{{ EXTERNAL_SECRETS_POSTFIX }} namespace: {{ NAMESPACE }} labels: app: tldraw-server diff --git a/ansible/roles/tldraw-server/templates/tldraw-server-external-secret.yml.j2 b/ansible/roles/tldraw-server/templates/tldraw-server-external-secret.yml.j2 new file mode 100644 index 00000000..3bbf5583 --- /dev/null +++ b/ansible/roles/tldraw-server/templates/tldraw-server-external-secret.yml.j2 @@ -0,0 +1,27 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: tldraw-server-secret + namespace: {{ NAMESPACE }} + labels: + app: tldraw-server +spec: + refreshInterval: {{ EXTERNAL_SECRETS_REFRESH_INTERVAL }} + secretStoreRef: + kind: SecretStore + name: {{ EXTERNAL_SECRETS_K8S_STORE }} + target: + name: tldraw-server-secret + template: + engineVersion: v2 + mergePolicy: Merge + data: + TLDRAW_DB_URL: "{{ '{{ .MONGO_MANAGEMENT_TEMPLATE_URL }}/' ~ MONGO_MANAGEMENT_PREFIX ~ 'tldraw' ~ MONGO_MANAGEMENT_POSTFIX }}" + dataFrom: + - extract: + key: tldraw-server-secret{{ EXTERNAL_SECRETS_POSTFIX }} + data: + - secretKey: MONGO_MANAGEMENT_TEMPLATE_URL + remoteRef: + key: mongo-cluster-readwrite-secret + property: credentials-url