kitchen: Use SealedSecret template for config
The configuration file for the kitchen HUD server has credentials embedded in it. Until I get around to refactoring it to read these from separate locations, we'll make use of the template feature of SealedSecrets. With this feature, fields can refer to the (decrypted) value of other fields using Go template syntax. This makes it possible to have most of the `config.yaml` document unencrypted and easily modifiable, while still protecting the secrets.etcd
parent
baab02217e
commit
94300ac502
|
|
@ -54,8 +54,8 @@ spec:
|
||||||
readOnly: true
|
readOnly: true
|
||||||
volumes:
|
volumes:
|
||||||
- name: config
|
- name: config
|
||||||
configMap:
|
secret:
|
||||||
name: kitchen
|
secretName: kitchen
|
||||||
optional: true
|
optional: true
|
||||||
- name: tzinfo
|
- name: tzinfo
|
||||||
hostPath:
|
hostPath:
|
||||||
|
|
|
||||||
|
|
@ -12,3 +12,74 @@ spec:
|
||||||
name: imagepull-gitea
|
name: imagepull-gitea
|
||||||
namespace: kitchen
|
namespace: kitchen
|
||||||
type: kubernetes.io/dockerconfigjson
|
type: kubernetes.io/dockerconfigjson
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
name: kitchen
|
||||||
|
namespace: kitchen
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
homeassistant.token: AgBkwchVoL92wCgulLOyoGhafLj7Vz4Ix5dSYBFIDCunHK30qtsoXqS/EL4k8zjU5+eYjJxju+ysj56Ayz/wvT1g72dm+09ijKs2yXWmUiJLAnKCtOZ1s0q5404Pm/D4/aRklh38kqPDFsAsbVExxMsFrkcA5g2EcZPg6yz2jGiavTIyGRX9uahFCAuF6a/BMifNUeTFBwrP1s9fonBwe4BUV4eYzUPE85FewPgCCnT0Gztyxbt+1/Y/HKhSMHxifpWLBWO8OOKo27urBe7Jir/Dblemg5rPOrj2pIggUg0Rym3ZRHSZyZQVvF4Zq30b7PU+zeYqqcJZsg2ZOPna7PeFriMqP57BMZ39gLCnUU22MQM6CeIKuCYl5tzE5Ygd5SK4lf1avsQUj3LuFMUk3OJaSKAdX+4y4pQbyDV+ppukL+ziaQYKIIWPUDESFyNEswoPKqjk4jjJh7peZuGUs7t599fHzYgZPTeSqwedY+0Eal23Q11Q5TxvHU0hgJEECEC9RZRuJMHAKHVkgXYlco/n4Ka8dYXbgYAjflRhH995n9EY05hRBDW/lYwTxaM6nTK2VjzvCnkFVWq4HdJ/mfwqeRY5mxdTrKr0Xgg7lVP/xTsMy5/aHTCQR3hpAZoUK4W4nqTYlQv2RACETMZwQP/tF/lTcC+59beETlUO6pOvqp3IOq1Ah6NbUzM73hszKn3o3lAlVQG0FO2WT0OHrrbPPsiZX/8Y5mzpROwLKKrOMcEr3Bq5rQIsI7kqi1fS1mFIb+W5P7sbKjQlzit0xNo9HYs7dc/0yCdDRZK5KXe+mFC4CttWFiO+UoLsidBnRI/+wFXT1Y8aO1ad1QZC63hCCKao3Oty4q0B5EBBT4g2mygJixfz+L4Pw3eeV+nLp1x2vBahfevuDK3KfJji5g5pOFoxPmp/qKGJO7pq2juntgSGshe35qA=
|
||||||
|
nextcloud.password: AgAofzy2WrVN7ekNwxOCZT1599OIsO2hBJtBqVRPG2v9gpqxkj/UKPF4rKs73rIp5la4yeb7fRKJdL40m4synOIwQAmVTn6LW9emG4r+6GWHfqvhXhcGgGcUKl0oRn22+5e3QQLpta+qO8GFcEysNCQTSkzQsV87oU38p2/LiRbzlu8FiY63HYw2mGN1wiH91oDpdcS3Wfpeb5O9fQp+ab6zlngIXXdHTjxfusQ+YPFf2u8887FyKLxPC5ktgVFVx7rYAEzWajG8VzMqsTE/YWeQrkyKBRFGrwXFpFUDYwOczZiCmaPo5+qxeeUKCT8m+8D/+kiIRQqrzoulOmdQ5KT70WndkuAuEVNIzSXJzNxXs/85CCNkGbGHrE/Rv/sK1yCpMHvNNaJriNeamDAgPYV/fM3Ag6nNmQLwYZLshij+BXUng2p2/qP3YFIpDpKshLJeOMAWpHg2VUZZPOkj3UFvFItdKYtRKw2p4XNg2dUrQZUgZ8TE3MRcUaIgq00kd940htBEQc9FbF1C9XJpbV5Fe93tYYP8oMGauGSKviimZL7v4kGwJICMO2pYWDNx/D/WXkEu8o4W3K0gJ/koIJVJrd4/UME28eQCwgUa5/+a0kitynegOiDijIlNBRxnMdI9ojZ0g8K7MSrw1De0fZYpW7OxTHWtbhLT1z4sCuMxolOQfAk93dKVQgUWgDXtJUmnXhhvcEthW2a4Ez610w5P3mmkzkhBBfQ8h/VehxJ5kN5DHdWpkfmFvDcGkIb2
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: kitchen
|
||||||
|
namespace: kitchen
|
||||||
|
data:
|
||||||
|
config.yaml: |
|
||||||
|
__credentials: &credentials
|
||||||
|
username: kitchen
|
||||||
|
password: >-
|
||||||
|
{{ index . "nextcloud.password" }}
|
||||||
|
|
||||||
|
__calendars:
|
||||||
|
tabitha: &tabitha_work
|
||||||
|
<<: *credentials
|
||||||
|
calendar_url: >-
|
||||||
|
https://nextcloud.pyrocufflink.net/remote.php/dav/calendars/B53DE34E-D21F-46AA-B0F4-1EC0933AE220/7c565cd0-a8f1-4ea7-b022-3c1251233e91_shared_by_53070922-AC26-4920-83FD-74879F5ED3EE/
|
||||||
|
shared: &shared_calendar
|
||||||
|
<<: *credentials
|
||||||
|
calendar_url: >-
|
||||||
|
https://nextcloud.pyrocufflink.net/remote.php/dav/calendars/B53DE34E-D21F-46AA-B0F4-1EC0933AE220/shared_shared_by_332E433E-43B2-4E3D-A0A0-EB264C624707/
|
||||||
|
projects: &projects_calendar
|
||||||
|
<<: *credentials
|
||||||
|
calendar_url: >-
|
||||||
|
https://nextcloud.pyrocufflink.net/remote.php/dav/calendars/B53DE34E-D21F-46AA-B0F4-1EC0933AE220/projects_shared_by_332E433E-43B2-4E3D-A0A0-EB264C624707/
|
||||||
|
dtex: &dtex
|
||||||
|
calendar_url: >-
|
||||||
|
https://outlook.office365.com/owa/calendar/0f775a4f7bba4abe91d2684668b0b04f@dtexsystems.com/5f42742af8ae4f8daaa810e1efca6e9e8531195936760897056/S-1-8-960331003-2552388381-4206165038-1812416686/reachcalendar.ics
|
||||||
|
|
||||||
|
agenda:
|
||||||
|
calendars:
|
||||||
|
- *shared_calendar
|
||||||
|
- *tabitha_work
|
||||||
|
- *dtex
|
||||||
|
events: *shared_calendar
|
||||||
|
tasks: *shared_calendar
|
||||||
|
projects: *projects_calendar
|
||||||
|
|
||||||
|
mqtt:
|
||||||
|
hostname: homeassistant.pyrocufflink.blue
|
||||||
|
port: 8883
|
||||||
|
tls: true
|
||||||
|
username: kitchen
|
||||||
|
password: kitchen
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
url: https://vmselect.victoria-metrics/select/
|
||||||
|
|
||||||
|
weather:
|
||||||
|
metrics:
|
||||||
|
temperature: >-
|
||||||
|
homeassistant_sensor_temperature_celsius{entity="sensor.outdoor_temperature"}
|
||||||
|
humidity: >-
|
||||||
|
homeassistant_sensor_humidity_percent{entity="sensor.outdoor_humidity"}
|
||||||
|
wind_speed: >-
|
||||||
|
homeassistant_sensor_unit_m_per_s{entity="sensor.wind_speed"}
|
||||||
|
|
||||||
|
homeassistant:
|
||||||
|
url: wss://homeassistant.pyrocufflink.blue/api/websocket
|
||||||
|
access_token: >-
|
||||||
|
{{ index . "homeassistant.token" }}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue