apps: reenable secret substitution properly

2024-02-12 20:53:28 +01:00 · 2024-02-12 20:53:28 +01:00 · 04c20ae36b
parent 73e44cc301
commit 04c20ae36b
5 changed files with 19 additions and 7 deletions
--- a/apps/do/vikunja-secrets-kustomization.yaml
+++ b/apps/do/vikunja-secrets-kustomization.yaml
@ -16,3 +16,7 @@ spec:
  dependsOn:
    - name: flux
    - name: secrets-controller
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
--- a/apps/do/vikunja/vikunja-oauth-client.yaml
+++ b/apps/do/vikunja/vikunja-oauth-client.yaml
@ -17,5 +17,5 @@ spec:
  scope: "openid profile email stackspin_roles"
  secretName: stackspin-vikunja-oauth-variables
  redirectUris:
-    - https://do.${domain}/auth/openid/stackspin
+    - https://${vikunja_domain}/auth/openid/stackspin
  tokenEndpointAuthMethod: client_secret_post
--- a/apps/do/vikunja/vikunja-values-configmap.yaml
+++ b/apps/do/vikunja/vikunja-values-configmap.yaml
@ -13,13 +13,13 @@ data:
          annotations:
            kubernetes.io/tls-acme: "true"
          hosts:
-            - host: "do.${domain}"
+            - host: "${vikunja_domain}"
              paths:
                 - path: /
          tls:
            - secretName: vikunja-tls
              hosts:
-                - "do.${domain}"
+                - "${vikunja_domain}"
    api:
      persistence:
        data:
@ -30,13 +30,13 @@ data:
          annotations:
            kubernetes.io/tls-acme: "true"
          hosts:
-            - host: "do.${domain}"
+            - host: "${vikunja_domain}"
              paths:
                 - path: /api
          tls:
            - secretName: vikunja-tls
              hosts:
-                - "do.${domain}"
+                - "${vikunja_domain}"
      configMaps:
        config:
          data:
@ -46,7 +46,7 @@ data:
                  # https://vikunja.io/docs/config-options/#openid
                  # Example: https://github.com/go-vikunja/api/blob/main/config.yml.sample#L289-L312
                  enabled: true
-                  redirecturl: "https://do.${domain}/auth/openid/"
+                  redirecturl: "https://${vikunja_domain}/auth/openid/"
                  providers:
                    - name: Stackspin
                      authurl: "https://${hydra_domain}/"
@ -64,7 +64,7 @@ data:
                forcessl: true
              # TODO Configure PVC for file uploads
              service:
-                frontendurl: "https://do.${domain}"
+                frontendurl: "https://${vikunja_domain}"
                timezone: "CET"
                JWTSecret: "${jwt}"
              database:
--- a/apps/forge/forgejo-secrets-kustomization.yaml
+++ b/apps/forge/forgejo-secrets-kustomization.yaml
@ -16,3 +16,7 @@ spec:
  dependsOn:
    - name: flux
    - name: secrets-controller
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
--- a/apps/ninja/invoiceninja-secrets-kustomization.yaml
+++ b/apps/ninja/invoiceninja-secrets-kustomization.yaml
@ -15,3 +15,7 @@ spec:
  dependsOn:
    - name: flux
    - name: secrets-controller
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables