From 14fb770e2049475ede9e08f45bc1870336068907 Mon Sep 17 00:00:00 2001
From: xeruf <27jf@pm.me>
Date: Sun, 18 Feb 2024 10:10:58 +0100
Subject: [PATCH] infra: migrate secrets and rename helmrepo files
---
adopt-secrets.sh | 50 +++++++++++++++++++
...rs-n8n-helmrepository.yaml => 8gears.yaml} | 3 +-
infrastructure/sources/calcom.yaml | 8 +++
...rgejo-helmrepository.yaml => forgejo.yaml} | 0
.../{gitea-helmrepository.yaml => gitea.yaml} | 0
...-helmrepository.yaml => invoiceninja.yaml} | 0
...robjuz-helmrepository.yaml => robjuz.yaml} | 0
...ts-helmrepository.yaml => truecharts.yaml} | 0
...kunja-helmrepository.yaml => vikunja.yaml} | 0
9 files changed, 60 insertions(+), 1 deletion(-)
create mode 100755 adopt-secrets.sh
rename infrastructure/sources/{8gears-n8n-helmrepository.yaml => 8gears.yaml} (85%)
create mode 100644 infrastructure/sources/calcom.yaml
rename infrastructure/sources/{forgejo-helmrepository.yaml => forgejo.yaml} (100%)
rename infrastructure/sources/{gitea-helmrepository.yaml => gitea.yaml} (100%)
rename infrastructure/sources/{invoiceninja-helmrepository.yaml => invoiceninja.yaml} (100%)
rename infrastructure/sources/{robjuz-helmrepository.yaml => robjuz.yaml} (100%)
rename infrastructure/sources/{truecharts-helmrepository.yaml => truecharts.yaml} (100%)
rename infrastructure/sources/{vikunja-helmrepository.yaml => vikunja.yaml} (100%)
diff --git a/adopt-secrets.sh b/adopt-secrets.sh
new file mode 100755
index 0000000..71a911c
--- /dev/null
+++ b/adopt-secrets.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+# Copied from Stackspin with slight adjustment to include all new secrets
+set -o errexit
+secrets=$(kubectl get -A 'stringsecrets.v1alpha1.secretgenerator.mittwald.de' | tail +2 | awk '{print $2}' | paste -s -d ' ')
+for secret in $secrets
+do
+ echo "Processing secret $secret"
+ if currentRefs=$(kubectl get secret -n flux-system $secret -o jsonpath={.metadata.ownerReferences})
+ then
+ if [ -n "$currentRefs" ]
+ then
+ echo "There are refs set already, skip."
+ continue
+ fi
+
+ uid=$(kubectl get stringsecret -n flux-system $secret -o jsonpath={.metadata.uid})
+ echo "Patching to add owner reference to StringSecret with uid $uid"
+ kubectl patch secret -n flux-system $secret --patch="{\"metadata\":{\"ownerReferences\":[{\"apiVersion\":\"secretgenerator.mittwald.de/v1alpha1\",\"blockOwnerDeletion\":true,\"controller\":true,\"kind\":\"StringSecret\",\"name\":\"$secret\",\"uid\":\"$uid\"}]}}"
+ else
+ echo "Secret does not exist; perhaps this is a new install or the app is not installed. Skipping."
+ fi
+done
+
+secrets="stackspin-alertmanager-basic-auth stackspin-prometheus-basic-auth"
+for secret in $secrets
+do
+ echo "Processing secret $secret"
+ if currentRefs=$(kubectl get secret -n stackspin $secret -o jsonpath={.metadata.ownerReferences})
+ then
+ if [ -n "$currentRefs" ]
+ then
+ echo "There are refs set already, skip."
+ continue
+ fi
+
+ uid=$(kubectl get basicauth -n stackspin $secret -o jsonpath={.metadata.uid})
+ echo "Patching to add owner reference to BasicAuth with uid $uid"
+ kubectl patch secret -n stackspin $secret --patch="{\"metadata\":{\"ownerReferences\":[{\"apiVersion\":\"secretgenerator.mittwald.de/v1alpha1\",\"blockOwnerDeletion\":true,\"controller\":true,\"kind\":\"BasicAuth\",\"name\":\"$secret\",\"uid\":\"$uid\"}]}}"
+ else
+ echo "Secret does not exist; perhaps this is a new install or the app is not installed. Skipping."
+ fi
+done
+
+echo "Done patching secrets."
+echo "Restarting secrets controller."
+if ! kubectl rollout restart deploy -n secrets-controller secrets-controller-kubernetes-secret-generator
+then
+ echo "Restarting failed. Possibly this is a new install and the secrets controller is not installed yet. Ignoring."
+fi
+echo "adopt-secrets completed"
diff --git a/infrastructure/sources/8gears-n8n-helmrepository.yaml b/infrastructure/sources/8gears.yaml
similarity index 85%
rename from infrastructure/sources/8gears-n8n-helmrepository.yaml
rename to infrastructure/sources/8gears.yaml
index 312cfc2..b043829 100644
--- a/infrastructure/sources/8gears-n8n-helmrepository.yaml
+++ b/infrastructure/sources/8gears.yaml
@@ -1,7 +1,8 @@
+# 8gears for n8n
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
- name: 8gears-n8n
+ name: 8gears
namespace: flux-system
spec:
interval: 60m
diff --git a/infrastructure/sources/calcom.yaml b/infrastructure/sources/calcom.yaml
new file mode 100644
index 0000000..cb0a3e6
--- /dev/null
+++ b/infrastructure/sources/calcom.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+ name: calcom
+ namespace: flux-system
+spec:
+ interval: 60m
+ url: https://pyrrha.github.io/calcom-helm
diff --git a/infrastructure/sources/forgejo-helmrepository.yaml b/infrastructure/sources/forgejo.yaml
similarity index 100%
rename from infrastructure/sources/forgejo-helmrepository.yaml
rename to infrastructure/sources/forgejo.yaml
diff --git a/infrastructure/sources/gitea-helmrepository.yaml b/infrastructure/sources/gitea.yaml
similarity index 100%
rename from infrastructure/sources/gitea-helmrepository.yaml
rename to infrastructure/sources/gitea.yaml
diff --git a/infrastructure/sources/invoiceninja-helmrepository.yaml b/infrastructure/sources/invoiceninja.yaml
similarity index 100%
rename from infrastructure/sources/invoiceninja-helmrepository.yaml
rename to infrastructure/sources/invoiceninja.yaml
diff --git a/infrastructure/sources/robjuz-helmrepository.yaml b/infrastructure/sources/robjuz.yaml
similarity index 100%
rename from infrastructure/sources/robjuz-helmrepository.yaml
rename to infrastructure/sources/robjuz.yaml
diff --git a/infrastructure/sources/truecharts-helmrepository.yaml b/infrastructure/sources/truecharts.yaml
similarity index 100%
rename from infrastructure/sources/truecharts-helmrepository.yaml
rename to infrastructure/sources/truecharts.yaml
diff --git a/infrastructure/sources/vikunja-helmrepository.yaml b/infrastructure/sources/vikunja.yaml
similarity index 100%
rename from infrastructure/sources/vikunja-helmrepository.yaml
rename to infrastructure/sources/vikunja.yaml
--
GitLab