From 95c4fafd4db01b14638a78562d7d910d402f2fe4 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Tue, 5 May 2026 06:26:48 +0000 Subject: [PATCH] fix: source flux ui login from doppler --- .../addons/flux-ui-secrets/kustomization.yaml | 4 +++ .../weave-gitops-auth-externalsecret.yaml | 25 +++++++++++++++++++ .../flux-ui/helmrelease-weave-gitops.yaml | 2 +- .../addons/kustomization-flux-ui-secrets.yaml | 17 +++++++++++++ .../addons/kustomization-flux-ui.yaml | 1 + infrastructure/addons/kustomization.yaml | 1 + 6 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 infrastructure/addons/flux-ui-secrets/kustomization.yaml create mode 100644 infrastructure/addons/flux-ui-secrets/weave-gitops-auth-externalsecret.yaml create mode 100644 infrastructure/addons/kustomization-flux-ui-secrets.yaml diff --git a/infrastructure/addons/flux-ui-secrets/kustomization.yaml b/infrastructure/addons/flux-ui-secrets/kustomization.yaml new file mode 100644 index 0000000..189ec9a --- /dev/null +++ b/infrastructure/addons/flux-ui-secrets/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - weave-gitops-auth-externalsecret.yaml diff --git a/infrastructure/addons/flux-ui-secrets/weave-gitops-auth-externalsecret.yaml b/infrastructure/addons/flux-ui-secrets/weave-gitops-auth-externalsecret.yaml new file mode 100644 index 0000000..3a36e8b --- /dev/null +++ b/infrastructure/addons/flux-ui-secrets/weave-gitops-auth-externalsecret.yaml @@ -0,0 +1,25 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: weave-gitops-auth + namespace: flux-system +spec: + refreshInterval: 1h + secretStoreRef: + name: doppler-hetznerterra + kind: ClusterSecretStore + target: + name: cluster-user-auth + creationPolicy: Owner + template: + type: Opaque + data: + username: "{{ .fluxUiAdminUsername }}" + password: "{{ .fluxUiAdminPasswordHash }}" + data: + - secretKey: fluxUiAdminUsername + remoteRef: + key: FLUX_UI_ADMIN_USERNAME + - secretKey: fluxUiAdminPasswordHash + remoteRef: + key: FLUX_UI_ADMIN_PASSWORD_HASH diff --git a/infrastructure/addons/flux-ui/helmrelease-weave-gitops.yaml b/infrastructure/addons/flux-ui/helmrelease-weave-gitops.yaml index 42c6525..7f50390 100644 --- a/infrastructure/addons/flux-ui/helmrelease-weave-gitops.yaml +++ b/infrastructure/addons/flux-ui/helmrelease-weave-gitops.yaml @@ -23,8 +23,8 @@ spec: pullPolicy: IfNotPresent adminUser: create: true + createSecret: false username: admin - passwordHash: "$2a$10$P/tHQ1DNFXdvX0zRGA8LPeSOyb0JXq9rP3fZ4W8HGTpLV7qHDlWhe" rbac: impersonationResourceNames: - admin diff --git a/infrastructure/addons/kustomization-flux-ui-secrets.yaml b/infrastructure/addons/kustomization-flux-ui-secrets.yaml new file mode 100644 index 0000000..4f7f4e0 --- /dev/null +++ b/infrastructure/addons/kustomization-flux-ui-secrets.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: addon-flux-ui-secrets + namespace: flux-system +spec: + interval: 10m + prune: true + sourceRef: + kind: GitRepository + name: platform + path: ./infrastructure/addons/flux-ui-secrets + dependsOn: + - name: addon-external-secrets-store + wait: false + timeout: 5m + suspend: false diff --git a/infrastructure/addons/kustomization-flux-ui.yaml b/infrastructure/addons/kustomization-flux-ui.yaml index bce44f9..47d2371 100644 --- a/infrastructure/addons/kustomization-flux-ui.yaml +++ b/infrastructure/addons/kustomization-flux-ui.yaml @@ -11,6 +11,7 @@ spec: name: platform path: ./infrastructure/addons/flux-ui dependsOn: + - name: addon-flux-ui-secrets - name: addon-tailscale-operator - name: addon-tailscale-proxyclass wait: false diff --git a/infrastructure/addons/kustomization.yaml b/infrastructure/addons/kustomization.yaml index b1d1bcc..2d4c613 100644 --- a/infrastructure/addons/kustomization.yaml +++ b/infrastructure/addons/kustomization.yaml @@ -11,6 +11,7 @@ resources: - kustomization-observability-secrets.yaml - kustomization-observability.yaml - kustomization-observability-content.yaml + - kustomization-flux-ui-secrets.yaml - kustomization-flux-ui.yaml - kustomization-rancher-secrets.yaml - kustomization-rancher.yaml