From 09946babe299bab28ad73f916be4af952b0c78e5 Mon Sep 17 00:00:00 2001 From: j37hr0 Date: Fri, 10 Apr 2026 20:52:03 +1200 Subject: [PATCH] refactor secrets locations, create basic structure for kimai db --- .../fireflyiii}/fireflysecrets.yaml | 0 apps/fireflyiii/kustomization.yaml | 1 + apps/kimai/db/database.yaml | 10 ++++++++ apps/kimai/db/grant.yaml | 17 ++++++++++++++ apps/kimai/db/kustomization.yaml | 5 ++++ apps/kimai/db/secret.yaml | 23 +++++++++++++++++++ apps/kimai/db/user.yaml | 16 +++++++++++++ {secrets => apps/kimai}/kimaisecrets.yaml | 0 apps/kimai/kustomization.yaml | 4 +++- infrastructure/databases/kustomization.yaml | 1 + .../mariadb-clustersecrets.yaml | 0 infrastructure/velero/kustomization.yaml | 2 +- .../velero}/velerosecrets.yaml | 0 13 files changed, 77 insertions(+), 2 deletions(-) rename {secrets => apps/fireflyiii}/fireflysecrets.yaml (100%) rename {secrets => apps/kimai}/kimaisecrets.yaml (100%) rename {secrets => infrastructure/databases/mariadb-operator}/mariadb-clustersecrets.yaml (100%) rename {secrets => infrastructure/velero}/velerosecrets.yaml (100%) diff --git a/secrets/fireflysecrets.yaml b/apps/fireflyiii/fireflysecrets.yaml similarity index 100% rename from secrets/fireflysecrets.yaml rename to apps/fireflyiii/fireflysecrets.yaml diff --git a/apps/fireflyiii/kustomization.yaml b/apps/fireflyiii/kustomization.yaml index 2ed7a6b..3736221 100644 --- a/apps/fireflyiii/kustomization.yaml +++ b/apps/fireflyiii/kustomization.yaml @@ -8,3 +8,4 @@ resources: - pvc.yaml - service.yaml - db +- fireflysecrets.yaml diff --git a/apps/kimai/db/database.yaml b/apps/kimai/db/database.yaml index e69de29..498c2b4 100644 --- a/apps/kimai/db/database.yaml +++ b/apps/kimai/db/database.yaml @@ -0,0 +1,10 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Database +metadata: + name: kimai + namespace: kimai +spec: + mariaDbRef: + name: mariadb + + name: kimai diff --git a/apps/kimai/db/grant.yaml b/apps/kimai/db/grant.yaml index e69de29..da467ff 100644 --- a/apps/kimai/db/grant.yaml +++ b/apps/kimai/db/grant.yaml @@ -0,0 +1,17 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Grant +metadata: + name: kimai + namespace: kimai +spec: + mariaDbRef: + name: mariadb + + privileges: + - ALL PRIVILEGES + + database: kimai + table: "*" + + username: kimai + host: "%" diff --git a/apps/kimai/db/kustomization.yaml b/apps/kimai/db/kustomization.yaml index e69de29..62e5cda 100644 --- a/apps/kimai/db/kustomization.yaml +++ b/apps/kimai/db/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- datbase.yaml +- user.yaml +- grant.yaml +- secret.yaml diff --git a/apps/kimai/db/secret.yaml b/apps/kimai/db/secret.yaml index e69de29..9a17541 100644 --- a/apps/kimai/db/secret.yaml +++ b/apps/kimai/db/secret.yaml @@ -0,0 +1,23 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: kimai-db-secrets + namespace: kimai +spec: + refreshInterval: 1h + secretStoreRef: + name: bitwarden + kind: ClusterSecretStore + + target: + name: kimai-db-secrets + creationPolicy: Owner + template: + engineVersion: v2 + data: + password: '{{ index . "kimai-db-password" }}' + + data: + - secretKey: kimai-db-password + remoteRef: + key: kimai-db-password diff --git a/apps/kimai/db/user.yaml b/apps/kimai/db/user.yaml index e69de29..cf9501b 100644 --- a/apps/kimai/db/user.yaml +++ b/apps/kimai/db/user.yaml @@ -0,0 +1,16 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: User +metadata: + name: kimai + namespace: kimai +spec: + mariaDbRef: + name: mariadb + + name: kimai + + passwordSecretKeyRef: + name: kimai-db-secrets + key: password + + host: "%" diff --git a/secrets/kimaisecrets.yaml b/apps/kimai/kimaisecrets.yaml similarity index 100% rename from secrets/kimaisecrets.yaml rename to apps/kimai/kimaisecrets.yaml diff --git a/apps/kimai/kustomization.yaml b/apps/kimai/kustomization.yaml index 68d1176..163463b 100644 --- a/apps/kimai/kustomization.yaml +++ b/apps/kimai/kustomization.yaml @@ -2,6 +2,8 @@ resources: - namespace.yaml - helmrepository.yaml - helmrelease.yaml +- db +- kimaisecrets.yaml namespace: kimai @@ -11,4 +13,4 @@ configMapGenerator: - values.yaml generatorOptions: - disableNameSuffixHash: true \ No newline at end of file + disableNameSuffixHash: true diff --git a/infrastructure/databases/kustomization.yaml b/infrastructure/databases/kustomization.yaml index 54dbea7..59ea89d 100644 --- a/infrastructure/databases/kustomization.yaml +++ b/infrastructure/databases/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - cloudnative-pg - mariadb-operator +- mariadb-clustersecrets.yaml diff --git a/secrets/mariadb-clustersecrets.yaml b/infrastructure/databases/mariadb-operator/mariadb-clustersecrets.yaml similarity index 100% rename from secrets/mariadb-clustersecrets.yaml rename to infrastructure/databases/mariadb-operator/mariadb-clustersecrets.yaml diff --git a/infrastructure/velero/kustomization.yaml b/infrastructure/velero/kustomization.yaml index 5b67657..458639b 100644 --- a/infrastructure/velero/kustomization.yaml +++ b/infrastructure/velero/kustomization.yaml @@ -2,9 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml -#- values.yaml - helmrelease.yaml - schedules +- velerosecrets.yaml namespace: velero diff --git a/secrets/velerosecrets.yaml b/infrastructure/velero/velerosecrets.yaml similarity index 100% rename from secrets/velerosecrets.yaml rename to infrastructure/velero/velerosecrets.yaml