infra: migrate secrets and rename helmrepo files

14fb770e · xeruf · 985ac1aa · 14fb770e · 14fb770e · 14fb770e
Commit 14fb770e authored 1 year ago by xeruf
--- a/adopt-secrets.sh
+++ b/adopt-secrets.sh
+#!/bin/bash
+# Copied from Stackspin with slight adjustment to include all new secrets
+set -o errexit
+secrets=$(kubectl get -A 'stringsecrets.v1alpha1.secretgenerator.mittwald.de' | tail +2 | awk '{print $2}' | paste -s -d ' ')
+for secret in $secrets
+do
+  echo "Processing secret $secret"
+  if currentRefs=$(kubectl get secret -n flux-system $secret -o jsonpath={.metadata.ownerReferences})
+  then
+    if [ -n "$currentRefs" ]
+    then
+      echo "There are refs set already, skip."
+      continue
+    fi
+
+    uid=$(kubectl get stringsecret -n flux-system $secret -o jsonpath={.metadata.uid})
+    echo "Patching to add owner reference to StringSecret with uid $uid"
+    kubectl patch secret -n flux-system $secret --patch="{\"metadata\":{\"ownerReferences\":[{\"apiVersion\":\"secretgenerator.mittwald.de/v1alpha1\",\"blockOwnerDeletion\":true,\"controller\":true,\"kind\":\"StringSecret\",\"name\":\"$secret\",\"uid\":\"$uid\"}]}}"
+  else
+    echo "Secret does not exist; perhaps this is a new install or the app is not installed. Skipping."
+  fi
+done
+
+secrets="stackspin-alertmanager-basic-auth stackspin-prometheus-basic-auth"
+for secret in $secrets
+do
+  echo "Processing secret $secret"
+  if currentRefs=$(kubectl get secret -n stackspin $secret -o jsonpath={.metadata.ownerReferences})
+  then
+    if [ -n "$currentRefs" ]
+    then
+      echo "There are refs set already, skip."
+      continue
+    fi
+
+    uid=$(kubectl get basicauth -n stackspin $secret -o jsonpath={.metadata.uid})
+    echo "Patching to add owner reference to BasicAuth with uid $uid"
+    kubectl patch secret -n stackspin $secret --patch="{\"metadata\":{\"ownerReferences\":[{\"apiVersion\":\"secretgenerator.mittwald.de/v1alpha1\",\"blockOwnerDeletion\":true,\"controller\":true,\"kind\":\"BasicAuth\",\"name\":\"$secret\",\"uid\":\"$uid\"}]}}"
+  else
+    echo "Secret does not exist; perhaps this is a new install or the app is not installed. Skipping."
+  fi
+done
+
+echo "Done patching secrets."
+echo "Restarting secrets controller."
+if ! kubectl rollout restart deploy -n secrets-controller secrets-controller-kubernetes-secret-generator
+then
+  echo "Restarting failed. Possibly this is a new install and the secrets controller is not installed yet. Ignoring."
+fi
+echo "adopt-secrets completed"
--- a/infrastructure/sources/8gears-n8n-helmrepository.yaml
+++ b/infrastructure/sources/8gears-n8n-helmrepository.yaml
+# 8gears for n8n
 apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: HelmRepository
 metadata:
-  name: 8gears-n8n
+  name: 8gears
  namespace: flux-system
 spec:
  interval: 60m

--- a/infrastructure/sources/calcom.yaml
+++ b/infrastructure/sources/calcom.yaml
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: calcom
+  namespace: flux-system
+spec:
+  interval: 60m
+  url: https://pyrrha.github.io/calcom-helm
--- a/infrastructure/sources/forgejo-helmrepository.yaml
+++ b/infrastructure/sources/forgejo-helmrepository.yaml
--- a/infrastructure/sources/gitea-helmrepository.yaml
+++ b/infrastructure/sources/gitea-helmrepository.yaml
--- a/infrastructure/sources/invoiceninja-helmrepository.yaml
+++ b/infrastructure/sources/invoiceninja-helmrepository.yaml
--- a/infrastructure/sources/robjuz-helmrepository.yaml
+++ b/infrastructure/sources/robjuz-helmrepository.yaml
--- a/infrastructure/sources/truecharts-helmrepository.yaml
+++ b/infrastructure/sources/truecharts-helmrepository.yaml
--- a/infrastructure/sources/vikunja-helmrepository.yaml
+++ b/infrastructure/sources/vikunja-helmrepository.yaml