feat: add more
This commit is contained in:
@@ -1,10 +1,10 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: searxng-browser-metrics-auth
|
||||
name: searxng-browser-metrics-credentials
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: searxng-browser-metrics-auth
|
||||
app.kubernetes.io/name: searxng-browser-metrics-credentials
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
@@ -13,32 +13,9 @@ spec:
|
||||
data:
|
||||
- secretKey: metrics-password
|
||||
remoteRef:
|
||||
key: cl01tl/searxng/browser
|
||||
property: metrics-password
|
||||
key: /cl01tl/searxng/metrics
|
||||
property: password
|
||||
- secretKey: metrics-username
|
||||
remoteRef:
|
||||
key: cl01tl/searxng/browser
|
||||
property: metrics-username
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: searxng-api-config-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: searxng-api-config-secret
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: settings.yml
|
||||
remoteRef:
|
||||
key: /cl01tl/searxng/api/config
|
||||
property: settings.yml
|
||||
- secretKey: limiter.toml
|
||||
remoteRef:
|
||||
key: /cl01tl/searxng/api/config
|
||||
property: limiter.toml
|
||||
key: /cl01tl/searxng/metrics
|
||||
property: username
|
||||
|
||||
@@ -0,0 +1,22 @@
|
||||
apiVersion: secrets-store.csi.x-k8s.io/v1
|
||||
kind: SecretProviderClass
|
||||
metadata:
|
||||
name: searxng-api-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: searxng-api-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
provider: openbao
|
||||
parameters:
|
||||
baoAddress: "http://openbao-internal.openbao:8200"
|
||||
roleName: searxng
|
||||
objects: |
|
||||
- objectName: limiter.toml
|
||||
fileName: limiter.toml
|
||||
secretPath: secret/data/cl01tl/searxng/api
|
||||
secretKey: limiter.toml
|
||||
- objectName: settings.yml
|
||||
fileName: settings.yml
|
||||
secretPath: secret/data/cl01tl/searxng/api
|
||||
secretKey: settings.yml
|
||||
@@ -4,6 +4,8 @@ searxng:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
serviceAccount:
|
||||
name: searxng
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
@@ -58,6 +60,9 @@ searxng:
|
||||
image:
|
||||
repository: valkey/valkey
|
||||
tag: 9.0.3-alpine@sha256:e1095c6c76ee982cb2d1e07edbb7fb2a53606630a1d810d5a47c9f646b708bf5
|
||||
serviceAccount:
|
||||
searxng:
|
||||
enabled: true
|
||||
service:
|
||||
api:
|
||||
controller: api
|
||||
@@ -85,10 +90,10 @@ searxng:
|
||||
path: /metrics
|
||||
basicAuth:
|
||||
password:
|
||||
name: searxng-browser-metrics-auth
|
||||
name: searxng-browser-metrics-credentials
|
||||
key: metrics-password
|
||||
username:
|
||||
name: searxng-browser-metrics-auth
|
||||
name: searxng-browser-metrics-credentials
|
||||
key: metrics-username
|
||||
route:
|
||||
main:
|
||||
@@ -110,20 +115,19 @@ searxng:
|
||||
value: /
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
type: secret
|
||||
name: searxng-api-config-secret
|
||||
type: custom
|
||||
volumeSpec:
|
||||
csi:
|
||||
driver: secrets-store.csi.k8s.io
|
||||
readOnly: true
|
||||
volumeAttributes:
|
||||
secretProviderClass: searxng-api-config
|
||||
advancedMounts:
|
||||
api:
|
||||
main:
|
||||
- path: /etc/searxng/settings.yml
|
||||
- path: /etc/searxng/
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
subPath: settings.yml
|
||||
- path: /etc/searxng/limiter.toml
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
subPath: limiter.toml
|
||||
api-data:
|
||||
forceRename: searxng-api-data
|
||||
storageClass: ceph-block
|
||||
|
||||
Reference in New Issue
Block a user