refactor secrets locations, create basic structure for kimai db

2026-04-10 20:52:03 +12:00 · 2026-04-10 20:52:03 +12:00 · 09946babe2
parent 8b225f7e3f
commit 09946babe2
13 changed files with 77 additions and 2 deletions
--- a/apps/fireflyiii/fireflysecrets.yaml
+++ b/apps/fireflyiii/fireflysecrets.yaml
--- a/apps/fireflyiii/kustomization.yaml
+++ b/apps/fireflyiii/kustomization.yaml
@ -8,3 +8,4 @@ resources:
 - pvc.yaml
 - service.yaml
 - db
+- fireflysecrets.yaml
--- a/apps/kimai/db/database.yaml
+++ b/apps/kimai/db/database.yaml
@ -0,0 +1,10 @@
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Database
+metadata:
+  name: kimai
+  namespace: kimai
+spec:
+  mariaDbRef:
+    name: mariadb
+
+  name: kimai
--- a/apps/kimai/db/grant.yaml
+++ b/apps/kimai/db/grant.yaml
@ -0,0 +1,17 @@
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Grant
+metadata:
+  name: kimai
+  namespace: kimai
+spec:
+  mariaDbRef:
+    name: mariadb
+
+  privileges:
+    - ALL PRIVILEGES
+
+  database: kimai
+  table: "*"
+
+  username: kimai
+  host: "%"
--- a/apps/kimai/db/kustomization.yaml
+++ b/apps/kimai/db/kustomization.yaml
@ -0,0 +1,5 @@
+resources:
+- datbase.yaml
+- user.yaml
+- grant.yaml
+- secret.yaml
--- a/apps/kimai/db/secret.yaml
+++ b/apps/kimai/db/secret.yaml
@ -0,0 +1,23 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: kimai-db-secrets
+  namespace: kimai
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: bitwarden
+    kind: ClusterSecretStore
+
+  target:
+    name: kimai-db-secrets
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        password: '{{ index . "kimai-db-password" }}'
+
+  data:
+    - secretKey: kimai-db-password
+      remoteRef:
+        key: kimai-db-password
--- a/apps/kimai/db/user.yaml
+++ b/apps/kimai/db/user.yaml
@ -0,0 +1,16 @@
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: User
+metadata:
+  name: kimai
+  namespace: kimai
+spec:
+  mariaDbRef:
+    name: mariadb
+
+  name: kimai
+
+  passwordSecretKeyRef:
+    name: kimai-db-secrets
+    key: password
+
+  host: "%"
--- a/apps/kimai/kimaisecrets.yaml
+++ b/apps/kimai/kimaisecrets.yaml
--- a/apps/kimai/kustomization.yaml
+++ b/apps/kimai/kustomization.yaml
@ -2,6 +2,8 @@ resources:
 - namespace.yaml
 - helmrepository.yaml
 - helmrelease.yaml
+- db
+- kimaisecrets.yaml

 namespace: kimai

--- a/infrastructure/databases/kustomization.yaml
+++ b/infrastructure/databases/kustomization.yaml
@ -3,3 +3,4 @@ kind: Kustomization
 resources:
 - cloudnative-pg
 - mariadb-operator
+- mariadb-clustersecrets.yaml
--- a/infrastructure/databases/mariadb-operator/mariadb-clustersecrets.yaml
+++ b/infrastructure/databases/mariadb-operator/mariadb-clustersecrets.yaml
--- a/infrastructure/velero/kustomization.yaml
+++ b/infrastructure/velero/kustomization.yaml
@ -2,9 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - namespace.yaml
-#- values.yaml
 - helmrelease.yaml
 - schedules
+- velerosecrets.yaml

 namespace: velero

--- a/infrastructure/velero/velerosecrets.yaml
+++ b/infrastructure/velero/velerosecrets.yaml