refactor secrets locations, create basic structure for kimai db

2026-04-10 20:52:03 +12:00 · 2026-04-10 20:52:03 +12:00 · 09946babe2
parent 8b225f7e3f
commit 09946babe2
13 changed files with 77 additions and 2 deletions
--- a/apps/fireflyiii/fireflysecrets.yaml
+++ b/apps/fireflyiii/fireflysecrets.yaml
--- a/apps/fireflyiii/kustomization.yaml
+++ b/apps/fireflyiii/kustomization.yaml
@ -8,3 +8,4 @@ resources:
 - pvc.yaml
 - service.yaml
 - db
 - fireflysecrets.yaml
--- a/apps/kimai/db/database.yaml
+++ b/apps/kimai/db/database.yaml
@ -0,0 +1,10 @@
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: Database
 metadata:
  name: kimai
  namespace: kimai
 spec:
  mariaDbRef:
    name: mariadb
  name: kimai
--- a/apps/kimai/db/grant.yaml
+++ b/apps/kimai/db/grant.yaml
@ -0,0 +1,17 @@
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: Grant
 metadata:
  name: kimai
  namespace: kimai
 spec:
  mariaDbRef:
    name: mariadb
  privileges:
    - ALL PRIVILEGES
  database: kimai
  table: "*"
  username: kimai
  host: "%"
--- a/apps/kimai/db/kustomization.yaml
+++ b/apps/kimai/db/kustomization.yaml
@ -0,0 +1,5 @@
 resources:
 - datbase.yaml
 - user.yaml
 - grant.yaml
 - secret.yaml
--- a/apps/kimai/db/secret.yaml
+++ b/apps/kimai/db/secret.yaml
@ -0,0 +1,23 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: kimai-db-secrets
  namespace: kimai
 spec:
  refreshInterval: 1h
  secretStoreRef:
    name: bitwarden
    kind: ClusterSecretStore
  target:
    name: kimai-db-secrets
    creationPolicy: Owner
    template:
      engineVersion: v2
      data:
        password: '{{ index . "kimai-db-password" }}'
  data:
    - secretKey: kimai-db-password
      remoteRef:
        key: kimai-db-password
--- a/apps/kimai/db/user.yaml
+++ b/apps/kimai/db/user.yaml
@ -0,0 +1,16 @@
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: User
 metadata:
  name: kimai
  namespace: kimai
 spec:
  mariaDbRef:
    name: mariadb
  name: kimai
  passwordSecretKeyRef:
    name: kimai-db-secrets
    key: password
  host: "%"
--- a/apps/kimai/kimaisecrets.yaml
+++ b/apps/kimai/kimaisecrets.yaml
--- a/apps/kimai/kustomization.yaml
+++ b/apps/kimai/kustomization.yaml
@ -2,6 +2,8 @@ resources:
 - namespace.yaml
 - helmrepository.yaml
 - helmrelease.yaml
 - db
 - kimaisecrets.yaml
 namespace: kimai
@ -11,4 +13,4 @@ configMapGenerator:
  - values.yaml
 generatorOptions:
-  disableNameSuffixHash: true
+  disableNameSuffixHash: true
--- a/infrastructure/databases/kustomization.yaml
+++ b/infrastructure/databases/kustomization.yaml
@ -3,3 +3,4 @@ kind: Kustomization
 resources:
 - cloudnative-pg
 - mariadb-operator
 - mariadb-clustersecrets.yaml
--- a/infrastructure/databases/mariadb-operator/mariadb-clustersecrets.yaml
+++ b/infrastructure/databases/mariadb-operator/mariadb-clustersecrets.yaml
--- a/infrastructure/velero/kustomization.yaml
+++ b/infrastructure/velero/kustomization.yaml
@ -2,9 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - namespace.yaml
 #- values.yaml
 - helmrelease.yaml
 - schedules
 - velerosecrets.yaml
 namespace: velero
--- a/infrastructure/velero/velerosecrets.yaml
+++ b/infrastructure/velero/velerosecrets.yaml