diff --git a/clusters/cl01tl/manifests/slskd/Deployment-slskd.yaml b/clusters/cl01tl/manifests/slskd/Deployment-slskd.yaml index cfdd4a8f5..d707d8e7d 100644 --- a/clusters/cl01tl/manifests/slskd/Deployment-slskd.yaml +++ b/clusters/cl01tl/manifests/slskd/Deployment-slskd.yaml @@ -61,29 +61,14 @@ spec: containers: - env: - name: VPN_SERVICE_PROVIDER - value: airvpn + value: protonvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY valueFrom: secretKeyRef: key: private-key - name: slskd-wireguard-conf - - name: WIREGUARD_PRESHARED_KEY - valueFrom: - secretKeyRef: - key: preshared-key - name: slskd-wireguard-conf - - name: WIREGUARD_ADDRESSES - valueFrom: - secretKeyRef: - key: addresses - name: slskd-wireguard-conf - - name: FIREWALL_VPN_INPUT_PORTS - valueFrom: - secretKeyRef: - key: input-ports - name: slskd-wireguard-conf + name: protonvpn-wireguard-conf - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS @@ -153,6 +138,9 @@ spec: - name: data persistentVolumeClaim: claimName: slskd-nfs-storage - - name: slskd-config - secret: - secretName: slskd-config-secret + - csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: slskd-config-secret + name: slskd-config diff --git a/clusters/cl01tl/manifests/slskd/ExternalSecret-slskd-wireguard-conf.yaml b/clusters/cl01tl/manifests/slskd/ExternalSecret-airvpn-wireguard-conf.yaml similarity index 64% rename from clusters/cl01tl/manifests/slskd/ExternalSecret-slskd-wireguard-conf.yaml rename to clusters/cl01tl/manifests/slskd/ExternalSecret-airvpn-wireguard-conf.yaml index d863f0dff..4c970385a 100644 --- a/clusters/cl01tl/manifests/slskd/ExternalSecret-slskd-wireguard-conf.yaml +++ b/clusters/cl01tl/manifests/slskd/ExternalSecret-airvpn-wireguard-conf.yaml @@ -1,30 +1,34 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: slskd-wireguard-conf + name: airvpn-wireguard-conf namespace: slskd labels: - app.kubernetes.io/name: slskd-wireguard-conf + app.kubernetes.io/name: airvpn-wireguard-conf app.kubernetes.io/instance: slskd app.kubernetes.io/part-of: slskd spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: + - secretKey: conf + remoteRef: + key: /airvpn/config + property: conf - secretKey: private-key remoteRef: - key: /airvpn/conf/cl01tl + key: /airvpn/config property: private-key - secretKey: preshared-key remoteRef: - key: /airvpn/conf/cl01tl + key: /airvpn/config property: preshared-key - secretKey: addresses remoteRef: - key: /airvpn/conf/cl01tl + key: /airvpn/config property: addresses - secretKey: input-ports remoteRef: - key: /airvpn/conf/cl01tl + key: /airvpn/config property: input-ports diff --git a/clusters/cl01tl/manifests/slskd/ExternalSecret-protonvpn-wireguard-conf.yaml b/clusters/cl01tl/manifests/slskd/ExternalSecret-protonvpn-wireguard-conf.yaml new file mode 100644 index 000000000..3a2cc48a5 --- /dev/null +++ b/clusters/cl01tl/manifests/slskd/ExternalSecret-protonvpn-wireguard-conf.yaml @@ -0,0 +1,30 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: protonvpn-wireguard-conf + namespace: slskd + labels: + app.kubernetes.io/name: protonvpn-wireguard-conf + app.kubernetes.io/instance: slskd + app.kubernetes.io/part-of: slskd +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + data: + - secretKey: conf + remoteRef: + key: /protonvpn/config + property: conf + - secretKey: email + remoteRef: + key: /protonvpn/config + property: email + - secretKey: password + remoteRef: + key: /protonvpn/config + property: password + - secretKey: private-key + remoteRef: + key: /protonvpn/config + property: private-key diff --git a/clusters/cl01tl/manifests/slskd/ExternalSecret-slskd-config-secret.yaml b/clusters/cl01tl/manifests/slskd/ExternalSecret-slskd-config-secret.yaml deleted file mode 100644 index 0edc31f5b..000000000 --- a/clusters/cl01tl/manifests/slskd/ExternalSecret-slskd-config-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: slskd-config-secret - namespace: slskd - labels: - app.kubernetes.io/name: slskd-config-secret - app.kubernetes.io/instance: slskd - app.kubernetes.io/part-of: slskd -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: slskd.yml - remoteRef: - key: /cl01tl/slskd/config - property: slskd.yml diff --git a/clusters/cl01tl/manifests/slskd/SecretProviderClass-slskd-config-secret.yaml b/clusters/cl01tl/manifests/slskd/SecretProviderClass-slskd-config-secret.yaml new file mode 100644 index 000000000..27ef6c97d --- /dev/null +++ b/clusters/cl01tl/manifests/slskd/SecretProviderClass-slskd-config-secret.yaml @@ -0,0 +1,18 @@ +apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 +kind: SecretProviderClass +metadata: + name: slskd-config-secret + namespace: slskd + labels: + app.kubernetes.io/name: slskd-config-secret + app.kubernetes.io/instance: slskd + app.kubernetes.io/part-of: slskd +spec: + provider: openbao + parameters: + roleName: reader + objects: | + - objectName: slskd-config-secret + fileName: slskd.yml + secretPath: cl01tl/slskd/config + secretKey: slskd.yml