Add push secret and form uri based on more reliable service.

2024-05-02 06:43:58 -05:00 · 2024-05-02 06:43:58 -05:00 · 1f80555349
commit 1f80555349
parent 1fa5fbfe38
4 changed files with 45 additions and 4 deletions
--- a/kubernetes/apps/media/immich/app/externalsecret.yaml
+++ b/kubernetes/apps/media/immich/app/externalsecret.yaml
@ -13,7 +13,7 @@ spec:
    template:
      engineVersion: v2
      data:
-        DATABASE_URI: "postgresql://{{ .user }}:{{ .password }}@immich-primary-real.media.svc:{{ .port }}/{{ .dbname }}"
+        DATABASE_URI: "postgresql://{{ .DATABASE_USER }}:{{ .DATABASE_PASSWORD }}@immich-primary-real.media.svc:{{ .DATABASE_PORT }}/{{ .DATABASE_NAME }}"
  dataFrom:
    - extract:
-        key: immich-pguser-immich
+        key: immich
--- a/kubernetes/apps/media/immich/app/helmrelease.yaml
+++ b/kubernetes/apps/media/immich/app/helmrelease.yaml
@ -58,8 +58,8 @@ spec:
              DB_URL:
                valueFrom:
                  secretKeyRef:
-                    name: immich-pguser-immich
-                    key: uri
+                    name: immich-secret
+                    key: DATABASE_URI
            envFrom:
              - configMapRef:
                  name: immich-app-config
--- a/kubernetes/apps/media/immich/app/kustomization.yaml
+++ b/kubernetes/apps/media/immich/app/kustomization.yaml
@ -10,6 +10,7 @@ resources:
  - ./machine-learning
  - ./microservices
  - ./postgresCluster.yaml
+  - ./pushsecret.yaml
  - ./service.yaml
 configMapGenerator:
  - name: immich-databse-init-sql
--- a/kubernetes/apps/media/immich/app/pushsecret.yaml
+++ b/kubernetes/apps/media/immich/app/pushsecret.yaml
@ -0,0 +1,40 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  name: immich
+spec:
+  refreshInterval: 1h
+  secretStoreRefs:
+    - name: onepassword-connect
+      kind: ClusterSecretStore
+  selector:
+    secret:
+      name: immich-pguser-immich
+  data:
+    - match:
+        secretKey: dbname
+        remoteRef:
+          remoteKey: immich
+          property: DATABASE_NAME
+    - match:
+        secretKey: host
+        remoteRef:
+          remoteKey: immich
+          property: DATABASE_HOST
+    - match:
+        secretKey: user
+        remoteRef:
+          remoteKey: immich
+          property: DATABASE_USER
+    - match:
+        secretKey: password
+        remoteRef:
+          remoteKey: immich
+          property: DATABASE_PASSWORD
+    - match:
+        secretKey: port
+        remoteRef:
+          remoteKey: immich
+          property: DATABASE_PORT