search

onedr0p / home-ops

Wife approved HomeOps driven by Kubernetes and GitOps using Flux
https://onedr0p.github.io/home-ops/
Do What The F*ck You Want To Public License
1.98k stars 179 forks source link

Add `PushSecret` config for Ceph RGW buckets for Thanos #6605

Closed onedr0p closed 6 months ago

onedr0p commented 9 months ago

I am manually syncing the s3 key and secret key secrets to 1Password, this can change if the below PR gets merged and a release is cut.

https://github.com/external-secrets/external-secrets/pull/2646

---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/pushsecret_v1alpha1.json
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
  name: thanos-rgw
spec:
  secretStoreRefs:
    - name: onepassword-connect
      kind: ClusterSecretStore
  selector:
    secret:
      name: thanos-bucket-v2
  data:
    - match:
        secretKey: AWS_ACCESS_KEY_ID
        remoteRef:
          remoteKey: thanos-rgw
    - match:
        secretKey: AWS_SECRET_ACCESS_KEY
        remoteRef:
          remoteKey: thanos-rgw
onedr0p commented 8 months ago

Now running into https://www.github.com/external-secrets/external-secrets/issues/3130

onedr0p commented 7 months ago

Closing this issue out since I believe I can pre-set the secret and it can be used by both clusters.

onedr0p commented 7 months ago

This is still needed since I cannot pre-create the bucket secrets

onedr0p commented 6 months ago

Closing issue, looks like this was fixed in external-secrets. I just need to switch to the release image on helm chart update.