diff --git a/kubernetes/apps/database/crunchy-postgres-operator/cluster/pushsecret.yaml b/kubernetes/apps/database/crunchy-postgres-operator/cluster/pushsecret.yaml index 321b6ffd..d31f173d 100644 --- a/kubernetes/apps/database/crunchy-postgres-operator/cluster/pushsecret.yaml +++ b/kubernetes/apps/database/crunchy-postgres-operator/cluster/pushsecret.yaml @@ -82,4 +82,34 @@ spec: secretKey: password remoteRef: remoteKey: prowlarr - property: PROWLARR__POSTGRES_PASSWORD \ No newline at end of file + property: PROWLARR__POSTGRES_PASSWORD +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: sonarr +spec: + refreshInterval: 1h + secretStoreRefs: + - name: onepassword-connect + kind: ClusterSecretStore + selector: + secret: + name: postgres-pguser-sonarr + data: + - match: + secretKey: host + remoteRef: + remoteKey: sonarr + property: SONARR__POSTGRES_HOST + - match: + secretKey: user + remoteRef: + remoteKey: sonarr + property: SONARR__POSTGRES_USER + - match: + secretKey: password + remoteRef: + remoteKey: sonarr + property: SONARR__POSTGRES_PASSWORD \ No newline at end of file diff --git a/kubernetes/apps/default/sonarr/app/externalsecret.yaml b/kubernetes/apps/default/sonarr/app/externalsecret.yaml index 914bea17..e04142a0 100644 --- a/kubernetes/apps/default/sonarr/app/externalsecret.yaml +++ b/kubernetes/apps/default/sonarr/app/externalsecret.yaml @@ -16,6 +16,9 @@ spec: SONARR__API_KEY: "{{ .api_key }}" PUSHOVER_TOKEN: "{{ .sonarr_token }}" PUSHOVER_USER_KEY: "{{ .userkey_jahanson }}" + SONARR__POSTGRES_HOST: "{{ .SONARR__POSTGRES_HOST }}" + SONARR__POSTGRES_USER: "{{ .SONARR__POSTGRES_USER }}" + SONARR__POSTGRES_PASSWORD: "{{ .SONARR__POSTGRES_PASSWORD }}" dataFrom: - extract: key: pushover diff --git a/kubernetes/apps/default/sonarr/app/helmrelease.yaml b/kubernetes/apps/default/sonarr/app/helmrelease.yaml index fff687f3..b5b4c0eb 100644 --- a/kubernetes/apps/default/sonarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/sonarr/app/helmrelease.yaml @@ -48,22 +48,7 @@ spec: SONARR__THEME: dark SONARR__POSTGRES_MAIN_DB: sonarr_main SONARR__POSTGRES_LOG_DB: sonarr_logs - SONARR__POSTGRES_HOST: - valueFrom: - secretKeyRef: - name: "${APP}-pguser-${DB_USER}" - key: host SONARR__POSTGRES_PORT: "5432" - SONARR__POSTGRES_USER: - valueFrom: - secretKeyRef: - name: "${APP}-pguser-${DB_USER}" - key: user - SONARR__POSTGRES_PASSWORD: - valueFrom: - secretKeyRef: - name: "${APP}-pguser-${DB_USER}" - key: password TZ: America/Chicago envFrom: - secretRef: diff --git a/kubernetes/apps/default/sonarr/app/kustomization.yaml b/kubernetes/apps/default/sonarr/app/kustomization.yaml index 6851857a..447c9033 100644 --- a/kubernetes/apps/default/sonarr/app/kustomization.yaml +++ b/kubernetes/apps/default/sonarr/app/kustomization.yaml @@ -4,7 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./externalsecret.yaml - - ./postgresCluster.yaml - ./pvc.yaml - ./helmrelease.yaml configMapGenerator: diff --git a/kubernetes/apps/default/sonarr/app/postgresCluster.yaml b/kubernetes/apps/default/sonarr/app/postgresCluster.yaml deleted file mode 100644 index 8c36ce93..00000000 --- a/kubernetes/apps/default/sonarr/app/postgresCluster.yaml +++ /dev/null @@ -1,87 +0,0 @@ ---- -# yaml-language-server: $schema=https://ks.hsn.dev/postgres-operator.crunchydata.com/postgrescluster_v1beta1.json -apiVersion: postgres-operator.crunchydata.com/v1beta1 -kind: PostgresCluster -metadata: - name: "${APP}" -spec: - postgresVersion: 16 - dataSource: - pgbackrest: - stanza: db - configuration: - - secret: - name: pgo-s3-creds - global: - repo1-path: "/${APP}/repo1" - repo1-s3-uri-style: path - repo: - name: repo1 - s3: - bucket: "crunchy-postgres" - endpoint: "s3.hsn.dev" - region: "us-east-1" - patroni: - dynamicConfiguration: - synchronous_mode: true - postgresql: - synchronous_commit: "on" - pg_hba: - - hostnossl all all 10.32.0.0/16 md5 - - hostssl all all all md5 - instances: - - name: postgres - metadata: - labels: - app.kubernetes.io/name: pgo-${APP} - replicas: 2 - dataVolumeClaimSpec: - storageClassName: openebs-hostpath - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: "kubernetes.io/hostname" - whenUnsatisfiable: "DoNotSchedule" - labelSelector: - matchLabels: - postgres-operator.crunchydata.com/cluster: ${APP} - postgres-operator.crunchydata.com/data: postgres - users: - - name: "sonarr" - databases: - - "sonarr_main" - - "sonarr_logs" - options: "SUPERUSER" - password: - type: AlphaNumeric - backups: - pgbackrest: - configuration: - - secret: - name: pgo-s3-creds - global: - archive-push-queue-max: 4GiB - repo1-retention-full: "14" - repo1-retention-full-type: time - repo1-path: "/${APP}/repo1" - repo1-s3-uri-style: path - manual: - repoName: repo1 - options: - - --type=full - metadata: - labels: - app.kubernetes.io/name: pgo-${APP}-backup - repos: - - name: repo1 - schedules: - full: "0 1 * * 0" - differential: "0 1 * * 1-6" - s3: - bucket: "crunchy-postgres" - endpoint: "s3.hsn.dev" - region: "us-east-1"