fix: source flux ui login from doppler

infrastructure/addons/flux-ui-secrets/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - weave-gitops-auth-externalsecret.yaml

infrastructure/addons/flux-ui-secrets/weave-gitops-auth-externalsecret.yaml

@@ -0,0 +1,25 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: weave-gitops-auth
+  namespace: flux-system
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: doppler-hetznerterra
+    kind: ClusterSecretStore
+  target:
+    name: cluster-user-auth
+    creationPolicy: Owner
+    template:
+      type: Opaque
+      data:
+        username: "{{ .fluxUiAdminUsername }}"
+        password: "{{ .fluxUiAdminPasswordHash }}"
+  data:
+    - secretKey: fluxUiAdminUsername
+      remoteRef:
+        key: FLUX_UI_ADMIN_USERNAME
+    - secretKey: fluxUiAdminPasswordHash
+      remoteRef:
+        key: FLUX_UI_ADMIN_PASSWORD_HASH

infrastructure/addons/flux-ui/helmrelease-weave-gitops.yaml

@@ -23,8 +23,8 @@ spec:
       pullPolicy: IfNotPresent
     adminUser:
       create: true
+      createSecret: false
       username: admin
-      passwordHash: "$2a$10$P/tHQ1DNFXdvX0zRGA8LPeSOyb0JXq9rP3fZ4W8HGTpLV7qHDlWhe"
     rbac:
       impersonationResourceNames:
         - admin

infrastructure/addons/kustomization-flux-ui-secrets.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: addon-flux-ui-secrets
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: platform
+  path: ./infrastructure/addons/flux-ui-secrets
+  dependsOn:
+    - name: addon-external-secrets-store
+  wait: false
+  timeout: 5m
+  suspend: false

infrastructure/addons/kustomization-flux-ui.yaml

@@ -11,6 +11,7 @@ spec:
     name: platform
   path: ./infrastructure/addons/flux-ui
   dependsOn:
+    - name: addon-flux-ui-secrets
     - name: addon-tailscale-operator
     - name: addon-tailscale-proxyclass
   wait: false

infrastructure/addons/kustomization.yaml

@@ -11,6 +11,7 @@ resources:
   - kustomization-observability-secrets.yaml
   - kustomization-observability.yaml
   - kustomization-observability-content.yaml
+  - kustomization-flux-ui-secrets.yaml
   - kustomization-flux-ui.yaml
   - kustomization-rancher-secrets.yaml
   - kustomization-rancher.yaml