theshire/kubernetes/apps/database/emqx/app/externalsecret.yaml
Joseph Hanson 90426b40e8
unfortunate
i'll spend more time on authorization piece later.
2024-10-03 19:37:27 -05:00

81 lines
2.2 KiB
YAML

---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: emqx
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: emqx-secret
template:
engineVersion: v2
data:
EMQX_DASHBOARD__DEFAULT_USERNAME: "{{ .EMQX_DASHBOARD__DEFAULT_USERNAME }}"
EMQX_DASHBOARD__DEFAULT_PASSWORD: "{{ .EMQX_DASHBOARD__DEFAULT_PASSWORD }}"
dataFrom:
- extract:
key: emqx
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: emqx-init-user
spec:
refreshInterval: 5m
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: emqx-init-user-secret
template:
engineVersion: v2
data:
init-user.json: |
[
{
"user_id": "{{ .X_EMQX_MQTT_USERNAME }}",
"password": "{{ .X_EMQX_MQTT_PASSWORD }}",
"is_superuser": true
},
{
"user_id": "tasmota",
"password": "{{ .x_emqx_tasmota_password }}",
"is_superuser": true # Until I can figure out authorization in emqx
},
{
"user_id": "zwave",
"password": "{{ .x_emqx_homeassistant_password }}",
"is_superuser": true # Until I can figure out authorization in emqx
},
{
"user_id": "zwave",
"password": "{{ .x_emqx_zwave_password }}",
"is_superuser": true # Until I can figure out authorization in emqx
}
]
dataFrom:
- extract:
key: emqx
- extract:
key: "emqx [tasmota]"
rewrite:
- regexp:
source: "(.*)"
target: "x_emqx_tasmota_$1"
- extract:
key: "emqx [homeassistant]"
rewrite:
- regexp:
source: "(.*)"
target: "x_emqx_homeassistant_$1"
- extract:
key: "emqx [zwave]"
rewrite:
- regexp:
source: "(.*)"
target: "x_emqx_zwave_$1"