diff --git a/clusters/cl01tl/helm/argocd/Chart.lock b/clusters/cl01tl/helm/argocd/Chart.lock index 833264b1f..6d5034b68 100644 --- a/clusters/cl01tl/helm/argocd/Chart.lock +++ b/clusters/cl01tl/helm/argocd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: argo-cd repository: https://argoproj.github.io/argo-helm - version: 9.5.1 -digest: sha256:52a9bcfdc287dac30b8833cd34654b7e62c864aa3d23bda7644a8acf5f75eb78 -generated: "2026-04-16T15:57:15.168206017Z" + version: 9.5.2 +digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e +generated: "2026-04-19T19:53:40.43789-05:00" diff --git a/clusters/cl01tl/helm/argocd/templates/external-secret.yaml b/clusters/cl01tl/helm/argocd/templates/external-secret.yaml index 6881a10f1..c44d04109 100644 --- a/clusters/cl01tl/helm/argocd/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/argocd/templates/external-secret.yaml @@ -1,70 +1,42 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: argocd-oidc-secret + name: argocd-oidc-authentik namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: argocd-oidc-secret + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: secret remoteRef: - key: /authentik/oidc/argocd + key: /cl01tl/authentik/oidc/argocd property: secret - secretKey: client remoteRef: - key: /authentik/oidc/argocd + key: /cl01tk/authentik/oidc/argocd property: client --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: argocd-notifications-secret + name: argocd-notifications-ntfy namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: argocd-notifications-secret + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: ntfy-token remoteRef: - key: /ntfy/user/cl01tl + key: /cl01tl/ntfy/users/cl01tl property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: argocd-gitea-repo-infrastructure-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: type - remoteRef: - key: /cl01tl/argocd/credentials/repo/infrastructure - property: type - - secretKey: url - remoteRef: - key: /cl01tl/argocd/credentials/repo/infrastructure - property: url - - secretKey: sshPrivateKey - remoteRef: - key: /cl01tl/argocd/credentials/repo/infrastructure - property: sshPrivateKey diff --git a/clusters/cl01tl/helm/argocd/values.yaml b/clusters/cl01tl/helm/argocd/values.yaml index a641b8c9c..f418c8880 100644 --- a/clusters/cl01tl/helm/argocd/values.yaml +++ b/clusters/cl01tl/helm/argocd/values.yaml @@ -13,8 +13,8 @@ argo-cd: connectors: - config: issuer: https://authentik.alexlebens.net/application/o/argocd/ - clientID: $argocd-oidc-secret:client - clientSecret: $argocd-oidc-secret:secret + clientID: $argocd-oidc-authentik:client + clientSecret: $argocd-oidc-authentik:secret insecureEnableGroups: true scopes: - openid @@ -205,7 +205,7 @@ argo-cd: argocdUrl: https://argocd.alexlebens.net secret: create: false - name: argocd-notifications-secret + name: argocd-notifications-ntfy metrics: enabled: true serviceMonitor: diff --git a/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml b/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml index f2e93853c..a7a93d4fa 100644 --- a/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml @@ -1,18 +1,24 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: audiobookshelf-apprise-config + name: audiobookshelf-config-apprise namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: audiobookshelf-apprise-config + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + ntfy-url: "{{ `{{ .internal-endpoint-credential }}` }}/audiobookshelf" data: - - secretKey: ntfy-url + - secretKey: internal-endpoint-credential remoteRef: - key: /cl01tl/audiobookshelf/apprise - property: ntfy-url + key: /cl01tl/ntfy/users/cl01tl + property: internal-endpoint-credential diff --git a/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml index 87b6a3f43..46fc79075 100644 --- a/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml @@ -4,11 +4,11 @@ metadata: name: audiobookshelf-books-nfs-storage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: audiobookshelf-books-nfs-storage + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: - volumeName: audiobookshelf-books-nfs-storage + volumeName: {{ .Template.Name }} storageClassName: nfs-client accessModes: - ReadWriteMany @@ -23,11 +23,11 @@ metadata: name: audiobookshelf-audiobooks-nfs-storage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: - volumeName: audiobookshelf-audiobooks-nfs-storage + volumeName: {{ .Template.Name }} storageClassName: nfs-client accessModes: - ReadWriteMany @@ -42,11 +42,11 @@ metadata: name: audiobookshelf-podcasts-nfs-storage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: - volumeName: audiobookshelf-podcasts-nfs-storage + volumeName: {{ .Template.Name }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml b/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml index 64908b7b3..c26aa31d0 100644 --- a/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml @@ -4,7 +4,7 @@ metadata: name: audiobookshelf-books-nfs-storage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: audiobookshelf-books-nfs-storage + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: @@ -29,7 +29,7 @@ metadata: name: audiobookshelf-audiobooks-nfs-storage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: @@ -54,7 +54,7 @@ metadata: name: audiobookshelf-podcasts-nfs-storage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: diff --git a/clusters/cl01tl/helm/audiobookshelf/values.yaml b/clusters/cl01tl/helm/audiobookshelf/values.yaml index bfdfdc3c7..4c2d13b9f 100644 --- a/clusters/cl01tl/helm/audiobookshelf/values.yaml +++ b/clusters/cl01tl/helm/audiobookshelf/values.yaml @@ -40,7 +40,7 @@ audiobookshelf: - name: APPRISE_STATELESS_URLS valueFrom: secretKeyRef: - name: audiobookshelf-apprise-config + name: audiobookshelf-config-apprise key: ntfy-url service: main: diff --git a/clusters/cl01tl/helm/authentik/templates/external-secret.yaml b/clusters/cl01tl/helm/authentik/templates/external-secret.yaml index dfbf0456a..4249d3536 100644 --- a/clusters/cl01tl/helm/authentik/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/authentik/templates/external-secret.yaml @@ -1,16 +1,16 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: authentik-key-secret + name: authentik-key namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: authentik-key-secret + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: key remoteRef: diff --git a/clusters/cl01tl/helm/authentik/templates/ingress.yaml b/clusters/cl01tl/helm/authentik/templates/ingress.yaml index a3aecfa8f..2e8da1298 100644 --- a/clusters/cl01tl/helm/authentik/templates/ingress.yaml +++ b/clusters/cl01tl/helm/authentik/templates/ingress.yaml @@ -4,7 +4,7 @@ metadata: name: authentik-tailscale namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: authentik-tailscale + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} tailscale.com/proxy-class: no-metrics diff --git a/clusters/cl01tl/helm/authentik/templates/reference-grant.yaml b/clusters/cl01tl/helm/authentik/templates/reference-grant.yaml index c8b139038..b182dd3f0 100644 --- a/clusters/cl01tl/helm/authentik/templates/reference-grant.yaml +++ b/clusters/cl01tl/helm/authentik/templates/reference-grant.yaml @@ -4,7 +4,7 @@ metadata: name: allow-outpost-cross-namespace-access namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: allow-outpost-cross-namespace-access + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: diff --git a/clusters/cl01tl/helm/authentik/values.yaml b/clusters/cl01tl/helm/authentik/values.yaml index 2bb673c80..045102b9e 100644 --- a/clusters/cl01tl/helm/authentik/values.yaml +++ b/clusters/cl01tl/helm/authentik/values.yaml @@ -4,7 +4,7 @@ authentik: - name: AUTHENTIK_SECRET_KEY valueFrom: secretKeyRef: - name: authentik-key-secret + name: authentik-key key: key - name: AUTHENTIK_POSTGRESQL__HOST valueFrom: diff --git a/clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml index 07c32ba6f..81dbaea9a 100644 --- a/clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml @@ -4,11 +4,11 @@ metadata: name: backrest-nfs-storage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: backrest-nfs-storage + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: - volumeName: backrest-nfs-storage + volumeName: {{ .Template.Name }} storageClassName: nfs-client accessModes: - ReadWriteMany @@ -23,11 +23,11 @@ metadata: name: backrest-nfs-share namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: backrest-nfs-share + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: - volumeName: backrest-nfs-share + volumeName: {{ .Template.Name }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml b/clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml index 04f49daab..7d7fc09ad 100644 --- a/clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml @@ -4,7 +4,7 @@ metadata: name: backrest-nfs-storage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: backrest-nfs-storage + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: @@ -29,7 +29,7 @@ metadata: name: backrest-nfs-share namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: backrest-nfs-share + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: diff --git a/clusters/cl01tl/helm/bazarr/templates/external-secret.yaml b/clusters/cl01tl/helm/bazarr/templates/external-secret.yaml index 2e9d8f285..70b4100e8 100644 --- a/clusters/cl01tl/helm/bazarr/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/bazarr/templates/external-secret.yaml @@ -1,16 +1,16 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: bazarr-key-secret + name: bazarr-key namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: bazarr-key-secret + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: key remoteRef: diff --git a/clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml index 6cf8cb968..017540c01 100644 --- a/clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml @@ -4,11 +4,11 @@ metadata: name: bazarr-nfs-storage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: bazarr-nfs-storage + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: - volumeName: bazarr-nfs-storage + volumeName: {{ .Template.Name }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml index c61824875..c608b11da 100644 --- a/clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml @@ -4,7 +4,7 @@ metadata: name: bazarr-nfs-storage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: bazarr-nfs-storage + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: diff --git a/clusters/cl01tl/helm/bazarr/values.yaml b/clusters/cl01tl/helm/bazarr/values.yaml index 2095e8f05..a6f6dda0a 100644 --- a/clusters/cl01tl/helm/bazarr/values.yaml +++ b/clusters/cl01tl/helm/bazarr/values.yaml @@ -39,7 +39,7 @@ bazarr: - name: APIKEY valueFrom: secretKeyRef: - name: bazarr-key-secret + name: bazarr-key key: key - name: ENABLE_ADDITIONAL_METRICS value: false diff --git a/clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml b/clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml index 12e8acc80..d1baf3b38 100644 --- a/clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml +++ b/clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml @@ -4,7 +4,7 @@ metadata: name: letsencrypt-issuer namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: letsencrypt-issuer + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: diff --git a/clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml b/clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml index d7052c693..821e314a0 100644 --- a/clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml @@ -4,15 +4,15 @@ metadata: name: cloudflare-api-token namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: cloudflare-api-token + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: api-token remoteRef: - key: /cloudflare/alexlebens.net/clusterissuer + key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate property: token diff --git a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml index ac6e8c71c..79e4a752c 100644 --- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml +++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml @@ -4,7 +4,7 @@ # name: cilium-bgp-advertisements # namespace: {{ .Release.Namespace }} # labels: -# app.kubernetes.io/name: cilium-bgp-advertisements +# app.kubernetes.io/name: {{ .Template.Name }} # app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/part-of: {{ .Release.Name }} # spec: diff --git a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml index ac09f03b8..2324072d1 100644 --- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml +++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml @@ -4,7 +4,7 @@ # name: cilium-bgp # namespace: {{ .Release.Namespace }} # labels: -# app.kubernetes.io/name: cilium-bgp +# app.kubernetes.io/name: {{ .Template.Name }} # app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/part-of: {{ .Release.Name }} # spec: diff --git a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml index b6b1f72ef..bc2200e01 100644 --- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml +++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml @@ -4,7 +4,7 @@ # name: cilium-peer # namespace: {{ .Release.Namespace }} # labels: -# app.kubernetes.io/name: cilium-peer +# app.kubernetes.io/name: {{ .Template.Name }} # app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/part-of: {{ .Release.Name }} # spec: diff --git a/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml b/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml index 634949a6b..e4b522773 100644 --- a/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml +++ b/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml @@ -4,7 +4,7 @@ metadata: name: default-ip-pool namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: default-ip-pool + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: @@ -19,7 +19,7 @@ metadata: name: bgp-ip-pool namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: bgp-ip-pool + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: diff --git a/clusters/cl01tl/helm/cilium/templates/gateway.yaml b/clusters/cl01tl/helm/cilium/templates/gateway.yaml index 82c28512a..149a03974 100644 --- a/clusters/cl01tl/helm/cilium/templates/gateway.yaml +++ b/clusters/cl01tl/helm/cilium/templates/gateway.yaml @@ -4,7 +4,7 @@ # name: cilium-tls-gateway # namespace: {{ .Release.Namespace }} # labels: -# app.kubernetes.io/name: cilium-tls-gateway +# app.kubernetes.io/name: {{ .Template.Name }} # app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/part-of: {{ .Release.Name }} # annotations: diff --git a/clusters/cl01tl/helm/cilium/templates/http-route.yaml b/clusters/cl01tl/helm/cilium/templates/http-route.yaml index d6a2df802..8c7d8a845 100644 --- a/clusters/cl01tl/helm/cilium/templates/http-route.yaml +++ b/clusters/cl01tl/helm/cilium/templates/http-route.yaml @@ -4,7 +4,7 @@ metadata: name: hubble namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: hubble + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: diff --git a/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml b/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml index 7028d7fc0..c5be43732 100644 --- a/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml @@ -1,16 +1,16 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: dawarich-key-secret + name: dawarich-key namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: dawarich-key-secret + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: key remoteRef: @@ -21,22 +21,22 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: dawarich-oidc-secret + name: dawarich-oidc-authentik namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: dawarich-oidc-secret + app.kubernetes.io/name: {{ .Template.Name }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: client remoteRef: - key: /authentik/oidc/dawarich + key: /cl01tl/authentik/oidc/dawarich property: client - secretKey: secret remoteRef: - key: /authentik/oidc/dawarich + key: /cl01tl/authentik/oidc/dawarich property: secret diff --git a/clusters/cl01tl/helm/dawarich/values.yaml b/clusters/cl01tl/helm/dawarich/values.yaml index 0e9dc1085..4b9ffea6a 100644 --- a/clusters/cl01tl/helm/dawarich/values.yaml +++ b/clusters/cl01tl/helm/dawarich/values.yaml @@ -61,12 +61,12 @@ dawarich: - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: - name: dawarich-oidc-secret + name: dawarich-oidc-authentik key: client - name: OIDC_CLIENT_SECRET valueFrom: secretKeyRef: - name: dawarich-oidc-secret + name: dawarich-oidc-authentik key: secret - name: OIDC_PROVIDER_NAME value: Authentik @@ -81,7 +81,7 @@ dawarich: - name: SECRET_KEY_BASE valueFrom: secretKeyRef: - name: dawarich-key-secret + name: dawarich-key key: key - name: RAILS_LOG_TO_STDOUT value: true