refactor(amethyst): archive external-secrets

timtorChen · Feb 1, 2024 · 9efa75f · 9efa75f
1 parent 352a6ff
commit 9efa75f
Show file tree

Hide file tree

Showing 4 changed files with 66 additions and 14 deletions.
diff --git a/...bernetes/external-secrets/_namespace.yaml → .../archive/external-secrets/_namespace.yaml b/...bernetes/external-secrets/_namespace.yaml → .../archive/external-secrets/_namespace.yaml
diff --git a/amethyst/kubernetes/archive/external-secrets/external-secrets.yaml b/amethyst/kubernetes/archive/external-secrets/external-secrets.yaml
@@ -0,0 +1,66 @@
+---
+# Helm
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  namespace: external-secrets
+  name: external-secrets
+spec:
+  url: https://charts.external-secrets.io
+  interval: 24h
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  namespace: external-secrets
+  name: external-secrets
+spec:
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: external-secrets
+      # disable renovate: registryUrl=https://charts.external-secrets.io
+      chart: external-secrets
+      version: 0.9.4
+  install:
+    crds: CreateReplace
+  upgrade:
+    crds: CreateReplace
+  interval: 1h
+  maxHistory: 1
+  values:
+    installCRDs: true
+
+    # -- controller
+    replicaCount: 1
+    processClusterExternalSecret: false
+    processClusterStore: false
+    securityContext: &securityContext
+      runAsNonRoot: true
+      readOnlyRootFilesystem: true
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop: ["ALL"]
+      seccompProfile:
+        type: RuntimeDefault
+    resources: &resources
+      limits:
+        memory: 128Mi
+      requests:
+        cpu: 10m
+        memory: 64Mi
+
+    # -- certController
+    certController:
+      create: true
+      replicaCount: 1
+      resources: *resources
+      securityContext: *securityContext
+
+    # -- webhook
+    webhook:
+      create: true
+      replicaCount: 1
+      resources: *resources
+      securityContext: *securityContext
diff --git a/...netes/external-secrets/kustomization.yaml → ...chive/external-secrets/kustomization.yaml b/...netes/external-secrets/kustomization.yaml → ...chive/external-secrets/kustomization.yaml
diff --git a/amethyst/kubernetes/flux-system/boostrap.yaml b/amethyst/kubernetes/flux-system/boostrap.yaml
@@ -97,20 +97,6 @@ spec:
   path: /amethyst/kubernetes/aws-identity-webhook
   prune: true
 ---
-# external-secrets
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  namespace: flux-system
-  name: 1-external-secrets
-spec:
-  sourceRef:
-    kind: GitRepository
-    name: homelab
-  interval: 10m0s
-  path: /amethyst/kubernetes/external-secrets
-  prune: false
----
 # cloudflared
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization