Remove ArgoCD certificate and key files; add External Secrets Helm chart with Bitwarden SDK server integration, including configuration files, templates, and monitoring dashboard.
This commit is contained in:
140
manifest/external-secrets/templates/crds/grafana.yaml
Normal file
140
manifest/external-secrets/templates/crds/grafana.yaml
Normal file
@@ -0,0 +1,140 @@
|
||||
{{- if .Values.installCRDs }}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
{{- with .Values.crds.annotations }}
|
||||
{{- toYaml . | nindent 4}}
|
||||
{{- end }}
|
||||
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
|
||||
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
|
||||
{{- end }}
|
||||
controller-gen.kubebuilder.io/version: v0.19.0
|
||||
labels:
|
||||
external-secrets.io/component: controller
|
||||
name: grafanas.generators.external-secrets.io
|
||||
spec:
|
||||
group: generators.external-secrets.io
|
||||
names:
|
||||
categories:
|
||||
- external-secrets
|
||||
- external-secrets-generators
|
||||
kind: Grafana
|
||||
listKind: GrafanaList
|
||||
plural: grafanas
|
||||
singular: grafana
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: Grafana represents a generator for Grafana service account tokens.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: GrafanaSpec controls the behavior of the grafana generator.
|
||||
properties:
|
||||
auth:
|
||||
description: |-
|
||||
Auth is the authentication configuration to authenticate
|
||||
against the Grafana instance.
|
||||
properties:
|
||||
basic:
|
||||
description: |-
|
||||
Basic auth credentials used to authenticate against the Grafana instance.
|
||||
Note: you need a token which has elevated permissions to create service accounts.
|
||||
See here for the documentation on basic roles offered by Grafana:
|
||||
https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/
|
||||
properties:
|
||||
password:
|
||||
description: A basic auth password used to authenticate against the Grafana instance.
|
||||
properties:
|
||||
key:
|
||||
description: The key where the token is found.
|
||||
maxLength: 253
|
||||
minLength: 1
|
||||
pattern: ^[-._a-zA-Z0-9]+$
|
||||
type: string
|
||||
name:
|
||||
description: The name of the Secret resource being referred to.
|
||||
maxLength: 253
|
||||
minLength: 1
|
||||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||
type: string
|
||||
type: object
|
||||
username:
|
||||
description: A basic auth username used to authenticate against the Grafana instance.
|
||||
type: string
|
||||
required:
|
||||
- password
|
||||
- username
|
||||
type: object
|
||||
token:
|
||||
description: |-
|
||||
A service account token used to authenticate against the Grafana instance.
|
||||
Note: you need a token which has elevated permissions to create service accounts.
|
||||
See here for the documentation on basic roles offered by Grafana:
|
||||
https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/
|
||||
properties:
|
||||
key:
|
||||
description: The key where the token is found.
|
||||
maxLength: 253
|
||||
minLength: 1
|
||||
pattern: ^[-._a-zA-Z0-9]+$
|
||||
type: string
|
||||
name:
|
||||
description: The name of the Secret resource being referred to.
|
||||
maxLength: 253
|
||||
minLength: 1
|
||||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
serviceAccount:
|
||||
description: |-
|
||||
ServiceAccount is the configuration for the service account that
|
||||
is supposed to be generated by the generator.
|
||||
properties:
|
||||
name:
|
||||
description: Name is the name of the service account that will be created by ESO.
|
||||
type: string
|
||||
role:
|
||||
description: |-
|
||||
Role is the role of the service account.
|
||||
See here for the documentation on basic roles offered by Grafana:
|
||||
https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
- role
|
||||
type: object
|
||||
url:
|
||||
description: URL is the URL of the Grafana instance.
|
||||
type: string
|
||||
required:
|
||||
- auth
|
||||
- serviceAccount
|
||||
- url
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
{{- end }}
|
||||
Reference in New Issue
Block a user