Add push secret for crunchy db and ref it in config.

This commit is contained in:
Joseph Hanson 2024-04-08 10:58:29 -05:00
parent a440908ffe
commit 1804819284
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
3 changed files with 40 additions and 4 deletions

View file

@ -18,10 +18,10 @@ spec:
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "{{ .authentik_grafana_oauth_client_secret }}"
GF_DATE_FORMATS_USE_BROWSER_LOCALE: "true"
GF_SERVER_ROOT_URL: https://grafana.hsn.dev
GF_DATABASE_NAME: ${DB_NAME}
GF_DATABASE_HOST: "grafana-primary.observability.svc:5432"
GF_DATABASE_USER: "{{ .grafana_postgres_user }}"
GF_DATABASE_PASSWORD: "{{ .grafana_postgres_password }}"
GF_DATABASE_NAME: "{{ .grafana_GF_DATABASE_NAME }}"
GF_DATABASE_HOST: "{{ .grafana_GF_DATABASE_HOST }}"
GF_DATABASE_USER: "{{ .grafana_GF_DATABASE_USER }}"
GF_DATABASE_PASSWORD: "{{ .grafana_GF_DATABASE_PASSWORD }}"
GF_DATABASE_SSL_MODE: "require"
GF_DATABASE_TYPE: postgres
GF_ANALYTICS_CHECK_FOR_UPDATES: "false"

View file

@ -5,4 +5,5 @@ kind: Kustomization
resources:
- ./externalsecret.yaml
- ./helmrelease.yaml
- ./pushsecret.yaml
- ../../../../templates/postgres-database

View file

@ -0,0 +1,35 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
name: grafana
spec:
refreshInterval: 1h
secretStoreRefs:
- name: onepassword-connect
kind: ClusterSecretStore
selector:
secret:
name: grafana-pguser-grafana
data:
- match:
secretKey: dbname
remoteRef:
remoteKey: grafana
property: GF_DATABASE_NAME
- match:
secretKey: host
remoteRef:
remoteKey: grafana
property: GF_DATABASE_HOST
- match:
secretKey: user
remoteRef:
remoteKey: grafana
property: GF_DATABASE_USER
- match:
secretKey: password
remoteRef:
remoteKey: grafana
property: GF_DATABASE_PASSWORD