add secrets

clusters/cl01tl/applications/site-profile/templates/external-secret.yaml

@@ -1,115 +1,5 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
-metadata:
-  name: directus-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-config
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: admin-email
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/site-profile/directus/config
-        metadataPolicy: None
-        property: admin-email
-    - secretKey: admin-password
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/site-profile/directus/config
-        metadataPolicy: None
-        property: admin-password
-    - secretKey: secret
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/site-profile/directus/config
-        metadataPolicy: None
-        property: secret
-    - secretKey: key
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/site-profile/directus/config
-        metadataPolicy: None
-        property: key
-
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: directus-valkey-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-valkey-config
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: user
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/site-profile/directus/valkey
-        metadataPolicy: None
-        property: user
-    - secretKey: password
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/site-profile/directus/valkey
-        metadataPolicy: None
-        property: password
-
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: directus-oidc-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-oidc-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: OIDC_CLIENT_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/directus
-        metadataPolicy: None
-        property: client
-    - secretKey: OIDC_CLIENT_SECRET
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/directus
-        metadataPolicy: None
-        property: secret
-
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
 metadata:
   name: site-profile-cloudflared-api-secret
   namespace: {{ .Release.Namespace }}
@@ -131,119 +21,3 @@ spec:
         key: /cloudflare/tunnels/site-profile
         metadataPolicy: None
         property: token
-
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: directus-cloudflared-api-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-cloudflared-api-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: cf-tunnel-token
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cloudflare/tunnels/directus
-        metadataPolicy: None
-        property: token
-
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: directus-config-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-config-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: backup
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  target:
-    template:
-      mergePolicy: Merge
-      engineVersion: v2
-      data:
-        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/directus/directus-data"
-  data:
-    - secretKey: BUCKET_ENDPOINT
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: S3_BUCKET_ENDPOINT
-    - secretKey: RESTIC_PASSWORD
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: RESTIC_PASSWORD
-    - secretKey: AWS_DEFAULT_REGION
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: AWS_DEFAULT_REGION
-    - secretKey: AWS_ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /aws/keys/cl01tl-volsync-backups
-        metadataPolicy: None
-        property: access_key
-    - secretKey: AWS_SECRET_ACCESS_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /aws/keys/cl01tl-volsync-backups
-        metadataPolicy: None
-        property: secret_key
-
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: directus-postgresql-16-cluster-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-postgresql-16-cluster-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /aws/keys/cl01tl-directus-postgresql
-        metadataPolicy: None
-        property: access_key
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /aws/keys/cl01tl-directus-postgresql
-        metadataPolicy: None
-        property: secret_key

clusters/cl01tl/applications/site-profile/templates/replication-source.yaml

@@ -1,27 +0,0 @@
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
-  name: directus-data-backup-source
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-data-backup-source
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: backup
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  sourcePVC: directus-data
-  trigger:
-    schedule: 0 0 * * *
-  restic:
-    pruneIntervalDays: 7
-    repository: directus-data-backup-secret
-    retain:
-      hourly: 1
-      daily: 1
-      weekly: 3
-      monthly: 2
-      yearly: 4
-    copyMethod: Snapshot
-    storageClassName: ceph-block-delete
-    volumeSnapshotClassName: ceph-blockpool-snapshot