feat: configure opal-ruby for infisical

chart/README.md

@@ -16,16 +16,19 @@ Helm Chart to install External Secrets, our secret operator, and SecretStore to
 |-----|------|---------|-------------|
 | external-secrets | object | `{"certController":{"podAnnotations":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"cert-controller"},"podLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"cert-controller"},"podSecurityContext":{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"resources":{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"5m","memory":"128Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"topologySpreadConstraints":[{"labelSelector":{"matchLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"cert-controller"}},"maxSkew":1,"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"ScheduleAnyway"}]},"installCRDs":true,"podAnnotations":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"operator"},"podLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"operator"},"podSecurityContext":{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"resources":{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"5m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"serviceMonitor":{"enabled":true},"topologySpreadConstraints":[{"labelSelector":{"matchLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"operator"}},"maxSkew":1,"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"ScheduleAnyway"}],"webhook":{"podAnnotations":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"webhook"},"podLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"webhook"},"podSecurityContext":{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"resources":{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"5m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"topologySpreadConstraints":[{"labelSelector":{"matchLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"webhook"}},"maxSkew":1,"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"ScheduleAnyway"}]}}` | External Secrets Configuration. See [External Secrets Operator Documentation](https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets) |
 | podSecurityContext | object | `{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | YAML Anchor for PodSecurityContext |
-| rootToken | object | `{"create":false,"key":"DOPPLER_TOKEN","name":"root-token","project":"","type":"doppler","value":""}` | The Root Doppler Token for deploying SecretStore |
+| rootToken | object | `{"clientIdKey":"CLIENT_ID","clientSecretKey":"CLIENT_SECRET","create":false,"hostAPI":"https://secrets.atomi.cloud","name":"cobalt-infisical","project":"sulfoxide-sos","secretsPath":"/","type":"infisical","value":""}` | The Root Doppler Token for deploying SecretStore |
+| rootToken.clientIdKey | string | `"CLIENT_ID"` | The Kubernetes Secret Key holding the Root Infisical Client ID |
+| rootToken.clientSecretKey | string | `"CLIENT_SECRET"` | The Kubernetes Secret Key holding the Root Infisical Client Secret |
 | rootToken.create | bool | `false` | To create the secret or use existing secret |
-| rootToken.key | string | `"DOPPLER_TOKEN"` | The Kubernetes Secret Key holding the Root Doppler Token |
-| rootToken.name | string | `"root-token"` | Name of secret to be created |
-| rootToken.project | string | `""` | Project |
-| rootToken.type | string | `"doppler"` | Type of ClusterSecretStore to be created |
+| rootToken.hostAPI | string | `"https://secrets.atomi.cloud"` | The host API of infisical |
+| rootToken.name | string | `"cobalt-infisical"` | Name of secret to be created |
+| rootToken.project | string | `"sulfoxide-sos"` | Project |
+| rootToken.secretsPath | string | `"/"` | The path to the secrets in infisical project |
+| rootToken.type | string | `"infisical"` | Type of ClusterSecretStore to be created |
 | rootToken.value | string | `""` | The Root Doppler Token Value for deploying SecretStore. This value is sensitive |
 | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | YAML Anchor for SecurityContext |
 | serviceTree | object | `{"layer":"1","platform":"sulfoxide","service":"chlorine"}` | AtomiCloud Service Tree. See [ServiceTree](https://atomicloud.larksuite.com/wiki/OkfJwTXGFiMJkrk6W3RuwRrZs64?theme=DARK&contentTheme=DARK#MHw5d76uDo2tBLx86cduFQMRsBb) |
-| storeName | string | `"doppler"` | The name of the doppler ClusterSecretStore that is going to be deployed |
+| storeName | string | `"infisical"` | The name of the doppler ClusterSecretStore that is going to be deployed |
 | tags | object | `{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"}` | Kubernetes labels and annotations, following Service Tree |
 
 ----------------------------------------------

chart/values.entei.opal.yaml

@@ -1,5 +1,5 @@
 serviceTree:
-  landscape: &landscape pichu
+  landscape: &landscape entei
   cluster: &cluster opal
 
 tags: &tags
@@ -24,7 +24,3 @@ external-secrets:
       <<: *tags
     podAnnotations:
       <<: *tags
-
-rootToken:
-  name: cobalt-secret-operator-doppler
-  key: DOPPLER_TOKEN

chart/values.entei.ruby.yaml

@@ -1,5 +1,5 @@
 serviceTree:
-  landscape: &landscape pichu
+  landscape: &landscape entei
   cluster: &cluster ruby
 
 tags: &tags
@@ -23,8 +23,4 @@ external-secrets:
     podLabels:
       <<: *tags
     podAnnotations:
-      <<: *tags
-
-rootToken:
-  name: cobalt-secret-operator-doppler
-  key: DOPPLER_TOKEN
+      <<: *tags

chart/values.pichu.amber.yaml

@@ -23,14 +23,3 @@ external-secrets:
       <<: *tags
     podAnnotations:
       <<: *tags
-
-storeName: infisical
-
-rootToken:
-  name: root-token
-  clientIdKey: CLIENT_ID
-  clientSecretKey: CLIENT_SECRET
-  type: infisical
-  project: sulfoxide-sos
-  secretsPath: /
-  hostAPI: https://secrets.atomi.cloud

chart/values.pichu.topaz.yaml

@@ -22,15 +22,4 @@ external-secrets:
     podLabels:
       <<: *tags
     podAnnotations:
-      <<: *tags
-
-storeName: infisical
-
-rootToken:
-  name: root-token
-  clientIdKey: CLIENT_ID
-  clientSecretKey: CLIENT_SECRET
-  type: infisical
-  project: sulfoxide-sos
-  secretsPath: /
-  hostAPI: https://secrets.atomi.cloud
+      <<: *tags

chart/values.pikachu.amber.yaml

@@ -22,15 +22,4 @@ external-secrets:
     podLabels:
       <<: *tags
     podAnnotations:
-      <<: *tags
-
-storeName: infisical
-
-rootToken:
-  name: root-token
-  clientIdKey: CLIENT_ID
-  clientSecretKey: CLIENT_SECRET
-  type: infisical
-  project: sulfoxide-sos
-  secretsPath: /
-  hostAPI: https://secrets.atomi.cloud
+      <<: *tags

chart/values.raichu.amber.yaml

@@ -23,14 +23,3 @@ external-secrets:
       <<: *tags
     podAnnotations:
       <<: *tags
-
-storeName: infisical
-
-rootToken:
-  name: root-token
-  clientIdKey: CLIENT_ID
-  clientSecretKey: CLIENT_SECRET
-  type: infisical
-  project: sulfoxide-sos
-  secretsPath: /
-  hostAPI: https://secrets.atomi.cloud

chart/values.raichu.topaz.yaml

@@ -23,14 +23,3 @@ external-secrets:
       <<: *tags
     podAnnotations:
       <<: *tags
-
-storeName: infisical
-
-rootToken:
-  name: root-token
-  clientIdKey: CLIENT_ID
-  clientSecretKey: CLIENT_SECRET
-  type: infisical
-  project: sulfoxide-sos
-  secretsPath: /
-  hostAPI: https://secrets.atomi.cloud

chart/values.yaml

@@ -33,19 +33,25 @@ rootToken:
   # -- To create the secret or use existing secret
   create: false
   # -- Type of ClusterSecretStore to be created
-  type: doppler
+  type: infisical
   # -- Name of secret to be created
-  name: root-token
-  # -- The Kubernetes Secret Key holding the Root Doppler Token
-  key: "DOPPLER_TOKEN"
+  name: cobalt-infisical
+  # -- The Kubernetes Secret Key holding the Root Infisical Client ID
+  clientIdKey: "CLIENT_ID"
+  # -- The Kubernetes Secret Key holding the Root Infisical Client Secret
+  clientSecretKey: "CLIENT_SECRET"
   # -- The Root Doppler Token Value for deploying SecretStore. This value is sensitive
   value: ""
   # -- Project
-  project: ""
+  project: "sulfoxide-sos"
+  # -- The path to the secrets in infisical project
+  secretsPath: /
+  # -- The host API of infisical
+  hostAPI: https://secrets.atomi.cloud
 
 
 # -- The name of the doppler ClusterSecretStore that is going to be deployed
-storeName: doppler
+storeName: infisical
 
 # -- External Secrets Configuration. See [External Secrets Operator Documentation](https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets)
 external-secrets: