theshire/kubernetes/apps/observability/grafana/app/pushsecret.yaml

35 lines
859 B
YAML

---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
name: grafana
spec:
refreshInterval: 1h
secretStoreRefs:
- name: onepassword-connect
kind: ClusterSecretStore
selector:
secret:
name: grafana-pguser-grafana
data:
- match:
secretKey: dbname
remoteRef:
remoteKey: grafana
property: GF_DATABASE_NAME
- match:
secretKey: host
remoteRef:
remoteKey: grafana
property: GF_DATABASE_HOST
- match:
secretKey: user
remoteRef:
remoteKey: grafana
property: GF_DATABASE_USER
- match:
secretKey: password
remoteRef:
remoteKey: grafana
property: GF_DATABASE_PASSWORD