Add push secret for crunchy db and ref it in config.

2024-04-08 10:58:29 -05:00 · 2024-04-08 10:58:29 -05:00 · 1804819284
commit 1804819284
parent a440908ffe
3 changed files with 40 additions and 4 deletions
--- a/kubernetes/apps/observability/grafana/app/externalsecret.yaml
+++ b/kubernetes/apps/observability/grafana/app/externalsecret.yaml
@ -18,10 +18,10 @@ spec:
        GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "{{ .authentik_grafana_oauth_client_secret }}"
        GF_DATE_FORMATS_USE_BROWSER_LOCALE: "true"
        GF_SERVER_ROOT_URL: https://grafana.hsn.dev
-        GF_DATABASE_NAME: ${DB_NAME}
-        GF_DATABASE_HOST: "grafana-primary.observability.svc:5432"
-        GF_DATABASE_USER: "{{ .grafana_postgres_user }}"
-        GF_DATABASE_PASSWORD: "{{ .grafana_postgres_password }}"
+        GF_DATABASE_NAME: "{{ .grafana_GF_DATABASE_NAME }}"
+        GF_DATABASE_HOST: "{{ .grafana_GF_DATABASE_HOST }}"
+        GF_DATABASE_USER: "{{ .grafana_GF_DATABASE_USER }}"
+        GF_DATABASE_PASSWORD: "{{ .grafana_GF_DATABASE_PASSWORD }}"
        GF_DATABASE_SSL_MODE: "require"
        GF_DATABASE_TYPE: postgres
        GF_ANALYTICS_CHECK_FOR_UPDATES: "false"
--- a/kubernetes/apps/observability/grafana/app/kustomization.yaml
+++ b/kubernetes/apps/observability/grafana/app/kustomization.yaml
@ -5,4 +5,5 @@ kind: Kustomization
 resources:
  - ./externalsecret.yaml
  - ./helmrelease.yaml
+  - ./pushsecret.yaml
  - ../../../../templates/postgres-database
--- a/kubernetes/apps/observability/grafana/app/pushsecret.yaml
+++ b/kubernetes/apps/observability/grafana/app/pushsecret.yaml
@ -0,0 +1,35 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  name: grafana
+spec:
+  refreshInterval: 1h
+  secretStoreRefs:
+    - name: onepassword-connect
+      kind: ClusterSecretStore
+  selector:
+    secret:
+      name: grafana-pguser-grafana
+  data:
+    - match:
+        secretKey: dbname
+        remoteRef:
+          remoteKey: grafana
+          property: GF_DATABASE_NAME
+    - match:
+        secretKey: host
+        remoteRef:
+          remoteKey: grafana
+          property: GF_DATABASE_HOST
+    - match:
+        secretKey: user
+        remoteRef:
+          remoteKey: grafana
+          property: GF_DATABASE_USER
+    - match:
+        secretKey: password
+        remoteRef:
+          remoteKey: grafana
+          property: GF_DATABASE_PASSWORD