From 45c899d2bd9896190fefbf29ee0399e7940c32c8 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Tue, 24 Mar 2026 01:01:30 +0000
Subject: [PATCH] Configure Weave GitOps to use Doppler-managed admin
 credentials

Changes:
- Enable adminUser creation but disable Helm-managed secret
- Use ExternalSecret (cluster-user-auth) from Doppler instead
- Doppler secrets: WEAVE_GITOPS_ADMIN_USERNAME and WEAVE_GITOPS_ADMIN_PASSWORD_BCRYPT_HASH
- Added cluster-user-auth to viewSecretsResourceNames for RBAC

Login credentials are now managed via Doppler and External Secrets Operator.
---
 infrastructure/addons/flux-ui/helmrelease-weave-gitops.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/infrastructure/addons/flux-ui/helmrelease-weave-gitops.yaml b/infrastructure/addons/flux-ui/helmrelease-weave-gitops.yaml
index 579a332..a57b243 100644
--- a/infrastructure/addons/flux-ui/helmrelease-weave-gitops.yaml
+++ b/infrastructure/addons/flux-ui/helmrelease-weave-gitops.yaml
@@ -27,9 +27,12 @@ spec:
     adminUser:
       create: true
       createClusterRole: true
-      createSecret: false
+      createSecret: false  # Secret is managed by External Secret from Doppler
       username: admin
     rbac:
       create: true
       impersonationResourceNames:
         - admin
+      viewSecretsResourceNames:
+        - cluster-user-auth
+        - oidc-auth