Skip to content

Commit

Permalink
feat: cutover to BWS on pi cluster
Browse files Browse the repository at this point in the history
  • Loading branch information
@joryirving
joryirving committed Feb 12, 2024
1 parent a2862c7 commit 6c5a8ec
Show file tree
Hide file tree
Showing 9 changed files with 90 additions and 231 deletions.
25 changes: 9 additions & 16 deletions kubernetes/pi/apps/default/free-game-notifier/app/externalsecret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,16 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: free-game-notifier
name: &name free-game-notifier
spec:
secretStoreRef:
name: bitwarden-secrets-manager
kind: ClusterSecretStore
target:
deletionPolicy: Delete
template:
engineVersion: v2
type: Opaque
data:
DISCORD_WEBHOOK: "{{ .DISCORD_WEBHOOK }}"
refreshInterval: 1h
name: *name
data:
- secretKey: DISCORD_WEBHOOK
sourceRef:
storeRef:
name: bitwarden-fields
kind: ClusterSecretStore
remoteRef:
key: de1b453f-d386-47df-8fd4-ac6e00f706e3
property: DISCORD_WEBHOOK
- secretKey: DISCORD_WEBHOOK
remoteRef:
key: free-games
30 changes: 9 additions & 21 deletions kubernetes/pi/apps/default/mosquitto/app/externalsecret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,34 +1,22 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: mosquitto
name: &name mosquitto
spec:
secretStoreRef:
name: bitwarden-secrets-manager
kind: ClusterSecretStore
target:
deletionPolicy: Delete
name: *name
template:
engineVersion: v2
type: Opaque
data:
username: "{{ .MQTT_USERNAME }}"
password: "{{ .MQTT_PASSWORD }}"
mosquitto_pwd: |
{{ .MQTT_USERNAME }}:{{ .MQTT_PASSWORD }}
refreshInterval: 1h
data:
- secretKey: MQTT_USERNAME
sourceRef:
storeRef:
name: bitwarden-login
kind: ClusterSecretStore
remoteRef:
key: 2b8799c5-7d83-42aa-99c9-b072001ee0f3
property: username
- secretKey: MQTT_PASSWORD
sourceRef:
storeRef:
name: bitwarden-login
kind: ClusterSecretStore
remoteRef:
key: 2b8799c5-7d83-42aa-99c9-b072001ee0f3
property: password
dataFrom:
- extract:
key: mqtt
30 changes: 9 additions & 21 deletions kubernetes/pi/apps/default/rss-forwarder/app/externalsecret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: rss-forwarder
name: &name rss-forwarder
spec:
secretStoreRef:
name: bitwarden-secrets-manager
kind: ClusterSecretStore
target:
deletionPolicy: Delete
name: *name
template:
engineVersion: v2
type: Opaque
data:
config.toml: |-
[feeds.github-template]
Expand All @@ -35,21 +38,6 @@ spec:
retry_limit = 5
sink.type = "discord"
sink.url = "{{ .MM_DISCORD_WEBHOOK }}"
refreshInterval: 1h
data:
- secretKey: INFRA_DISCORD_WEBHOOK
sourceRef:
storeRef:
name: bitwarden-fields
kind: ClusterSecretStore
remoteRef:
key: 01af241c-b129-4560-877a-ac6e00f706e3
property: INFRA_DISCORD_WEBHOOK
- secretKey: MM_DISCORD_WEBHOOK
sourceRef:
storeRef:
name: bitwarden-fields
kind: ClusterSecretStore
remoteRef:
key: 01af241c-b129-4560-877a-ac6e00f706e3
property: MM_DISCORD_WEBHOOK
dataFrom:
- extract:
key: discord
62 changes: 14 additions & 48 deletions kubernetes/pi/apps/default/zigbee2mqtt/app/externalsecret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,61 +1,27 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: zigbee2mqtt
name: &name zigbee2mqtt
spec:
secretStoreRef:
name: bitwarden-secrets-manager
kind: ClusterSecretStore
target:
deletionPolicy: Delete
name: *name
template:
engineVersion: v2
type: Opaque
data:
# App
ZIGBEE2MQTT_CONFIG_ADVANCED_EXT_PAN_ID: "{{ .z2m_ext_pan_id }}"
ZIGBEE2MQTT_CONFIG_ADVANCED_PAN_ID: "{{ .z2m_pan_id }}"
ZIGBEE2MQTT_CONFIG_ADVANCED_NETWORK_KEY: "{{ .z2m_network_key }}"
ZIGBEE2MQTT_CONFIG_ADVANCED_EXT_PAN_ID: "{{ .ZIGBEE2MQTT_CONFIG_ADVANCED_EXT_PAN_ID }}"
ZIGBEE2MQTT_CONFIG_ADVANCED_PAN_ID: "{{ .ZIGBEE2MQTT_CONFIG_ADVANCED_PAN_ID }}"
ZIGBEE2MQTT_CONFIG_ADVANCED_NETWORK_KEY: "{{ .ZIGBEE2MQTT_CONFIG_ADVANCED_NETWORK_KEY }}"
# Mosquitto
ZIGBEE2MQTT_CONFIG_MQTT_USER: "{{ .MQTT_USERNAME }}"
ZIGBEE2MQTT_CONFIG_MQTT_PASSWORD: "{{ .MQTT_PASSWORD }}"
refreshInterval: 1h
data:
- secretKey: z2m_ext_pan_id
sourceRef:
storeRef:
name: bitwarden-fields
kind: ClusterSecretStore
remoteRef:
key: 2b8799c5-7d83-42aa-99c9-b072001ee0f3
property: z2m_ext_pan_id
- secretKey: z2m_pan_id
sourceRef:
storeRef:
name: bitwarden-fields
kind: ClusterSecretStore
remoteRef:
key: 2b8799c5-7d83-42aa-99c9-b072001ee0f3
property: z2m_pan_id
- secretKey: z2m_network_key
sourceRef:
storeRef:
name: bitwarden-fields
kind: ClusterSecretStore
remoteRef:
key: 2b8799c5-7d83-42aa-99c9-b072001ee0f3
property: z2m_network_key
- secretKey: MQTT_USERNAME
sourceRef:
storeRef:
name: bitwarden-login
kind: ClusterSecretStore
remoteRef:
key: 2b8799c5-7d83-42aa-99c9-b072001ee0f3
property: username
- secretKey: MQTT_PASSWORD
sourceRef:
storeRef:
name: bitwarden-login
kind: ClusterSecretStore
remoteRef:
key: 2b8799c5-7d83-42aa-99c9-b072001ee0f3
property: password
dataFrom:
- extract:
key: mqtt
- extract:
key: zigbee2mqtt
49 changes: 15 additions & 34 deletions kubernetes/pi/apps/observability/kube-prometheus-stack/app/externalsecret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,46 +1,27 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: kube-prometheus-stack
name: &name thanos-objstore-secret
spec:
secretStoreRef:
name: bitwarden-secrets-manager
kind: ClusterSecretStore
target:
deletionPolicy: Delete
name: *name
template:
metadata:
labels:
cnpg.io/reload: "true"
type: Opaque
engineVersion: v2
data:
objstore.yml: |-
type: s3
config:
bucket: thanos
endpoint: rook-ceph-rgw.{{ .PRIMARY_DOMAIN }}
access_key: {{ .AWS_ACCESS_KEY_ID }}
bucket: thanos
endpoint: rook-ceph-rgw.${PRIMARY_DOMAIN}
insecure: true
region: ""
secret_key: {{ .AWS_SECRET_ACCESS_KEY }}
data:
- secretKey: PRIMARY_DOMAIN
sourceRef:
storeRef:
name: bitwarden-fields
kind: ClusterSecretStore
remoteRef:
key: 136c1200-904a-4e3c-bd02-ac6e00f706e3
property: primary_domain
- secretKey: AWS_ACCESS_KEY_ID
sourceRef:
storeRef:
name: bitwarden-login
kind: ClusterSecretStore
remoteRef:
key: 3090e4fa-d3d9-44b6-ba53-b1060124db27
property: username
- secretKey: AWS_SECRET_ACCESS_KEY
sourceRef:
storeRef:
name: bitwarden-login
kind: ClusterSecretStore
remoteRef:
key: 3090e4fa-d3d9-44b6-ba53-b1060124db27
property: password
type: s3
dataFrom:
- extract:
key: thanos
2 changes: 1 addition & 1 deletion kubernetes/pi/apps/observability/kube-prometheus-stack/app/helmrelease.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,6 @@ spec:
image: quay.io/thanos/thanos:v0.34.0
objectStorageConfig:
existingSecret:
name: kube-prometheus-stack
name: thanos-objstore-secret
key: objstore.yml
cleanPrometheusOperatorObjectNames: true
30 changes: 10 additions & 20 deletions kubernetes/pi/apps/storage/minio/app/externalsecret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,31 +1,21 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: "minio"
name: &name minio
spec:
secretStoreRef:
name: bitwarden-secrets-manager
kind: ClusterSecretStore
target:
deletionPolicy: Delete
name: *name
template:
type: Opaque
engineVersion: v2
data:
# App
MINIO_ROOT_USER: "{{ .MINIO_ROOT_USER }}"
MINIO_ROOT_PASSWORD: "{{ .MINIO_ROOT_PASSWORD }}"
data:
- secretKey: MINIO_ROOT_USER
sourceRef:
storeRef:
name: bitwarden-login
kind: ClusterSecretStore
remoteRef:
key: 5a98804c-6c54-4e09-817e-afd8012c70ad
property: username
- secretKey: MINIO_ROOT_PASSWORD
sourceRef:
storeRef:
name: bitwarden-login
kind: ClusterSecretStore
remoteRef:
key: 5a98804c-6c54-4e09-817e-afd8012c70ad
property: password
dataFrom:
- extract:
key: minio
47 changes: 12 additions & 35 deletions kubernetes/pi/templates/volsync/minio.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,51 +1,28 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: "${APP}-volsync"
spec:
secretStoreRef:
name: bitwarden-secrets-manager
kind: ClusterSecretStore
target:
deletionPolicy: Delete
name: "${APP}-volsync"
template:
type: Opaque
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/${APP}"
RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}"
AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}"
data:
- secretKey: REPOSITORY_TEMPLATE
sourceRef:
storeRef:
name: bitwarden-fields
kind: ClusterSecretStore
remoteRef:
key: fb121da5-ecd8-4e94-a5a0-b0fe011aef94
property: restic_endpoint
- secretKey: RESTIC_PASSWORD
sourceRef:
storeRef:
name: bitwarden-fields
kind: ClusterSecretStore
remoteRef:
key: fb121da5-ecd8-4e94-a5a0-b0fe011aef94
property: restic_password
- secretKey: AWS_ACCESS_KEY_ID
sourceRef:
storeRef:
name: bitwarden-login
kind: ClusterSecretStore
remoteRef:
key: be779808-b3ed-469b-a27f-b0fe011a54e2
property: username
- secretKey: AWS_SECRET_ACCESS_KEY
sourceRef:
storeRef:
name: bitwarden-login
kind: ClusterSecretStore
remoteRef:
key: be779808-b3ed-469b-a27f-b0fe011a54e2
property: password
dataFrom:
- extract:
key: volsync-bucket
- extract:
key: volsync-minio-template
property: RESTIC_REPOSITORY
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationDestination
Expand Down
Loading

0 comments on commit 6c5a8ec

Please sign in to comment.