theshire/kubernetes/apps/observability/grafana/app/externalsecret.yaml

32 lines
No EOL
1.1 KiB
YAML

---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: grafana
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: grafana-secret
template:
engineVersion: v2
data:
GF_DATABASE_NAME: &dbName grafana
GF_DATABASE_HOST: postgres16-rw.database.svc.cluster.local:5432
GF_DATABASE_USER: &dbUser "{{ .GRAFANA_POSTGRES_USER }}"
GF_DATABASE_PASSWORD: &dbPass "{{ .GRAFANA_POSTGRES_PASS }}"
GF_DATABASE_SSL_MODE: disable
GF_DATABASE_TYPE: postgres
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "{{ .GRAFANA_OAUTH_CLIENT_SECRET }}"
INIT_POSTGRES_DBNAME: *dbName
INIT_POSTGRES_HOST: postgres16-rw.database.svc.cluster.local
INIT_POSTGRES_USER: *dbUser
INIT_POSTGRES_PASS: *dbPass
INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
dataFrom:
- extract:
key: grafana
- extract:
key: cloudnative-pg