From 1f80555349c9fd4597094be885deffef7c7311fd Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Thu, 2 May 2024 06:43:58 -0500 Subject: [PATCH] Add push secret and form uri based on more reliable service. --- .../apps/media/immich/app/externalsecret.yaml | 4 +- .../apps/media/immich/app/helmrelease.yaml | 4 +- .../apps/media/immich/app/kustomization.yaml | 1 + .../apps/media/immich/app/pushsecret.yaml | 40 +++++++++++++++++++ 4 files changed, 45 insertions(+), 4 deletions(-) create mode 100644 kubernetes/apps/media/immich/app/pushsecret.yaml diff --git a/kubernetes/apps/media/immich/app/externalsecret.yaml b/kubernetes/apps/media/immich/app/externalsecret.yaml index c77deaa..d093fd4 100644 --- a/kubernetes/apps/media/immich/app/externalsecret.yaml +++ b/kubernetes/apps/media/immich/app/externalsecret.yaml @@ -13,7 +13,7 @@ spec: template: engineVersion: v2 data: - DATABASE_URI: "postgresql://{{ .user }}:{{ .password }}@immich-primary-real.media.svc:{{ .port }}/{{ .dbname }}" + DATABASE_URI: "postgresql://{{ .DATABASE_USER }}:{{ .DATABASE_PASSWORD }}@immich-primary-real.media.svc:{{ .DATABASE_PORT }}/{{ .DATABASE_NAME }}" dataFrom: - extract: - key: immich-pguser-immich + key: immich diff --git a/kubernetes/apps/media/immich/app/helmrelease.yaml b/kubernetes/apps/media/immich/app/helmrelease.yaml index def62ac..5e1a5f6 100644 --- a/kubernetes/apps/media/immich/app/helmrelease.yaml +++ b/kubernetes/apps/media/immich/app/helmrelease.yaml @@ -58,8 +58,8 @@ spec: DB_URL: valueFrom: secretKeyRef: - name: immich-pguser-immich - key: uri + name: immich-secret + key: DATABASE_URI envFrom: - configMapRef: name: immich-app-config diff --git a/kubernetes/apps/media/immich/app/kustomization.yaml b/kubernetes/apps/media/immich/app/kustomization.yaml index 2fa8b22..e2d93ed 100644 --- a/kubernetes/apps/media/immich/app/kustomization.yaml +++ b/kubernetes/apps/media/immich/app/kustomization.yaml @@ -10,6 +10,7 @@ resources: - ./machine-learning - ./microservices - ./postgresCluster.yaml + - ./pushsecret.yaml - ./service.yaml configMapGenerator: - name: immich-databse-init-sql diff --git a/kubernetes/apps/media/immich/app/pushsecret.yaml b/kubernetes/apps/media/immich/app/pushsecret.yaml new file mode 100644 index 0000000..e2a8ca3 --- /dev/null +++ b/kubernetes/apps/media/immich/app/pushsecret.yaml @@ -0,0 +1,40 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: immich +spec: + refreshInterval: 1h + secretStoreRefs: + - name: onepassword-connect + kind: ClusterSecretStore + selector: + secret: + name: immich-pguser-immich + data: + - match: + secretKey: dbname + remoteRef: + remoteKey: immich + property: DATABASE_NAME + - match: + secretKey: host + remoteRef: + remoteKey: immich + property: DATABASE_HOST + - match: + secretKey: user + remoteRef: + remoteKey: immich + property: DATABASE_USER + - match: + secretKey: password + remoteRef: + remoteKey: immich + property: DATABASE_PASSWORD + - match: + secretKey: port + remoteRef: + remoteKey: immich + property: DATABASE_PORT \ No newline at end of file