alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions 1 Activity
Files
20104f5165b46b12fadef72e14122ab9a9e14e14
infrastructure/clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml
Alex Lebens 4abab72cac fix labels
2025-05-17 17:09:05 -05:00

445 lines
13 KiB
YAML
Raw Blame History

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: matrix-synapse-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: oidc.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/config
metadataPolicy: None
property: oidc.yaml
- secretKey: config.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/config
metadataPolicy: None
property: config.yaml
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: matrix-synapse-signingkey
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-signingkey
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: signing.key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/config
metadataPolicy: None
property: signing-key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: matrix-hookshot-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-hookshot-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.yml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: config
- secretKey: registration.yml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: registration
- secretKey: hookshot-registration.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: registration
- secretKey: passkey.pem
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: passkey
# ---
# apiVersion: external-secrets.io/v1
# kind: ExternalSecret
# metadata:
# name: mautrix-discord-config-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: {{ .Release.Name }}
# app.kubernetes.io/instance: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# data:
# - secretKey: config.yaml
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/matrix-synapse/mautrix-discord
# metadataPolicy: None
# property: config
# - secretKey: mautrix-discord-registration.yaml
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/matrix-synapse/mautrix-discord
# metadataPolicy: None
# property: registration
# ---
# apiVersion: external-secrets.io/v1
# kind: ExternalSecret
# metadata:
# name: mautrix-whatsapp-config-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: {{ .Release.Name }}
# app.kubernetes.io/instance: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# data:
# - secretKey: config.yaml
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/matrix-synapse/mautrix-whatsapp
# metadataPolicy: None
# property: config
# - secretKey: mautrix-whatsapp-registration.yaml
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/matrix-synapse/mautrix-whatsapp
# metadataPolicy: None
# property: registration
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: double-puppet-registration-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: double-puppet-registration-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: double-puppet-registration.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/double-puppet
metadataPolicy: None
property: registration
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: matrix-synapse-valkey-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-valkey-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/valkey
metadataPolicy: None
property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: matrix-synapse-cloudflared-synapse-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-cloudflared-synapse-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/matrix-synapse
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: matrix-synapse-cloudflared-hookshot-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-cloudflared-hookshot-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/matrix-hookshot
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: matrix-synapse-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/matrix-synapse"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key
# ---
# apiVersion: external-secrets.io/v1
# kind: ExternalSecret
# metadata:
# name: mautrix-discord-data-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: {{ .Release.Name }}
# app.kubernetes.io/instance: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-discord-data"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
# ---
# apiVersion: external-secrets.io/v1
# kind: ExternalSecret
# metadata:
# name: mautrix-whatsapp-data-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: {{ .Release.Name }}
# app.kubernetes.io/instance: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-whatsapp-data"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: matrix-synapse-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret
Reference in New Issue View Git Blame Copy Permalink