Add push secret for crunchy db and ref it in config.
This commit is contained in:
parent
a440908ffe
commit
1804819284
3 changed files with 40 additions and 4 deletions
|
@ -18,10 +18,10 @@ spec:
|
||||||
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "{{ .authentik_grafana_oauth_client_secret }}"
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "{{ .authentik_grafana_oauth_client_secret }}"
|
||||||
GF_DATE_FORMATS_USE_BROWSER_LOCALE: "true"
|
GF_DATE_FORMATS_USE_BROWSER_LOCALE: "true"
|
||||||
GF_SERVER_ROOT_URL: https://grafana.hsn.dev
|
GF_SERVER_ROOT_URL: https://grafana.hsn.dev
|
||||||
GF_DATABASE_NAME: ${DB_NAME}
|
GF_DATABASE_NAME: "{{ .grafana_GF_DATABASE_NAME }}"
|
||||||
GF_DATABASE_HOST: "grafana-primary.observability.svc:5432"
|
GF_DATABASE_HOST: "{{ .grafana_GF_DATABASE_HOST }}"
|
||||||
GF_DATABASE_USER: "{{ .grafana_postgres_user }}"
|
GF_DATABASE_USER: "{{ .grafana_GF_DATABASE_USER }}"
|
||||||
GF_DATABASE_PASSWORD: "{{ .grafana_postgres_password }}"
|
GF_DATABASE_PASSWORD: "{{ .grafana_GF_DATABASE_PASSWORD }}"
|
||||||
GF_DATABASE_SSL_MODE: "require"
|
GF_DATABASE_SSL_MODE: "require"
|
||||||
GF_DATABASE_TYPE: postgres
|
GF_DATABASE_TYPE: postgres
|
||||||
GF_ANALYTICS_CHECK_FOR_UPDATES: "false"
|
GF_ANALYTICS_CHECK_FOR_UPDATES: "false"
|
||||||
|
|
|
@ -5,4 +5,5 @@ kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./externalsecret.yaml
|
- ./externalsecret.yaml
|
||||||
- ./helmrelease.yaml
|
- ./helmrelease.yaml
|
||||||
|
- ./pushsecret.yaml
|
||||||
- ../../../../templates/postgres-database
|
- ../../../../templates/postgres-database
|
35
kubernetes/apps/observability/grafana/app/pushsecret.yaml
Normal file
35
kubernetes/apps/observability/grafana/app/pushsecret.yaml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json
|
||||||
|
apiVersion: external-secrets.io/v1alpha1
|
||||||
|
kind: PushSecret
|
||||||
|
metadata:
|
||||||
|
name: grafana
|
||||||
|
spec:
|
||||||
|
refreshInterval: 1h
|
||||||
|
secretStoreRefs:
|
||||||
|
- name: onepassword-connect
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
selector:
|
||||||
|
secret:
|
||||||
|
name: grafana-pguser-grafana
|
||||||
|
data:
|
||||||
|
- match:
|
||||||
|
secretKey: dbname
|
||||||
|
remoteRef:
|
||||||
|
remoteKey: grafana
|
||||||
|
property: GF_DATABASE_NAME
|
||||||
|
- match:
|
||||||
|
secretKey: host
|
||||||
|
remoteRef:
|
||||||
|
remoteKey: grafana
|
||||||
|
property: GF_DATABASE_HOST
|
||||||
|
- match:
|
||||||
|
secretKey: user
|
||||||
|
remoteRef:
|
||||||
|
remoteKey: grafana
|
||||||
|
property: GF_DATABASE_USER
|
||||||
|
- match:
|
||||||
|
secretKey: password
|
||||||
|
remoteRef:
|
||||||
|
remoteKey: grafana
|
||||||
|
property: GF_DATABASE_PASSWORD
|
Loading…
Reference in a new issue