diff --git a/chart/README.md b/chart/README.md index 75258b4..68d9ea9 100644 --- a/chart/README.md +++ b/chart/README.md @@ -16,16 +16,19 @@ Helm Chart to install External Secrets, our secret operator, and SecretStore to |-----|------|---------|-------------| | external-secrets | object | `{"certController":{"podAnnotations":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"cert-controller"},"podLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"cert-controller"},"podSecurityContext":{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"resources":{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"5m","memory":"128Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"topologySpreadConstraints":[{"labelSelector":{"matchLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"cert-controller"}},"maxSkew":1,"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"ScheduleAnyway"}]},"installCRDs":true,"podAnnotations":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"operator"},"podLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"operator"},"podSecurityContext":{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"resources":{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"5m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"serviceMonitor":{"enabled":true},"topologySpreadConstraints":[{"labelSelector":{"matchLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"operator"}},"maxSkew":1,"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"ScheduleAnyway"}],"webhook":{"podAnnotations":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"webhook"},"podLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"webhook"},"podSecurityContext":{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"resources":{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"5m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"topologySpreadConstraints":[{"labelSelector":{"matchLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"webhook"}},"maxSkew":1,"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"ScheduleAnyway"}]}}` | External Secrets Configuration. See [External Secrets Operator Documentation](https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets) | | podSecurityContext | object | `{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | YAML Anchor for PodSecurityContext | -| rootToken | object | `{"create":false,"key":"DOPPLER_TOKEN","name":"root-token","project":"","type":"doppler","value":""}` | The Root Doppler Token for deploying SecretStore | +| rootToken | object | `{"clientIdKey":"CLIENT_ID","clientSecretKey":"CLIENT_SECRET","create":false,"hostAPI":"https://secrets.atomi.cloud","name":"cobalt-infisical","project":"sulfoxide-sos","secretsPath":"/","type":"infisical","value":""}` | The Root Doppler Token for deploying SecretStore | +| rootToken.clientIdKey | string | `"CLIENT_ID"` | The Kubernetes Secret Key holding the Root Infisical Client ID | +| rootToken.clientSecretKey | string | `"CLIENT_SECRET"` | The Kubernetes Secret Key holding the Root Infisical Client Secret | | rootToken.create | bool | `false` | To create the secret or use existing secret | -| rootToken.key | string | `"DOPPLER_TOKEN"` | The Kubernetes Secret Key holding the Root Doppler Token | -| rootToken.name | string | `"root-token"` | Name of secret to be created | -| rootToken.project | string | `""` | Project | -| rootToken.type | string | `"doppler"` | Type of ClusterSecretStore to be created | +| rootToken.hostAPI | string | `"https://secrets.atomi.cloud"` | The host API of infisical | +| rootToken.name | string | `"cobalt-infisical"` | Name of secret to be created | +| rootToken.project | string | `"sulfoxide-sos"` | Project | +| rootToken.secretsPath | string | `"/"` | The path to the secrets in infisical project | +| rootToken.type | string | `"infisical"` | Type of ClusterSecretStore to be created | | rootToken.value | string | `""` | The Root Doppler Token Value for deploying SecretStore. This value is sensitive | | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | YAML Anchor for SecurityContext | | serviceTree | object | `{"layer":"1","platform":"sulfoxide","service":"chlorine"}` | AtomiCloud Service Tree. See [ServiceTree](https://atomicloud.larksuite.com/wiki/OkfJwTXGFiMJkrk6W3RuwRrZs64?theme=DARK&contentTheme=DARK#MHw5d76uDo2tBLx86cduFQMRsBb) | -| storeName | string | `"doppler"` | The name of the doppler ClusterSecretStore that is going to be deployed | +| storeName | string | `"infisical"` | The name of the doppler ClusterSecretStore that is going to be deployed | | tags | object | `{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"}` | Kubernetes labels and annotations, following Service Tree | ---------------------------------------------- diff --git a/chart/values.entei.onyx.yaml b/chart/values.entei.onyx.yaml deleted file mode 100644 index 1940e90..0000000 --- a/chart/values.entei.onyx.yaml +++ /dev/null @@ -1,30 +0,0 @@ -serviceTree: - landscape: &landscape pichu - cluster: &cluster onyx - -tags: &tags - atomi.cloud/landscape: *landscape - atomi.cloud/cluster: *cluster - -external-secrets: - fullnameOverride: cobalt - podAnnotations: - <<: *tags - podLabels: - <<: *tags - - webhook: - podLabels: - <<: *tags - podAnnotations: - <<: *tags - - certController: - podLabels: - <<: *tags - podAnnotations: - <<: *tags - -rootToken: - name: cobalt-secret-operator-doppler - key: DOPPLER_TOKEN \ No newline at end of file diff --git a/chart/values.entei.opal.yaml b/chart/values.entei.opal.yaml index 79a67d8..79e6fbb 100644 --- a/chart/values.entei.opal.yaml +++ b/chart/values.entei.opal.yaml @@ -1,5 +1,5 @@ serviceTree: - landscape: &landscape pichu + landscape: &landscape entei cluster: &cluster opal tags: &tags @@ -24,7 +24,3 @@ external-secrets: <<: *tags podAnnotations: <<: *tags - -rootToken: - name: cobalt-secret-operator-doppler - key: DOPPLER_TOKEN \ No newline at end of file diff --git a/chart/values.entei.ruby.yaml b/chart/values.entei.ruby.yaml index 32b5500..0ac237b 100644 --- a/chart/values.entei.ruby.yaml +++ b/chart/values.entei.ruby.yaml @@ -1,5 +1,5 @@ serviceTree: - landscape: &landscape pichu + landscape: &landscape entei cluster: &cluster ruby tags: &tags @@ -23,8 +23,4 @@ external-secrets: podLabels: <<: *tags podAnnotations: - <<: *tags - -rootToken: - name: cobalt-secret-operator-doppler - key: DOPPLER_TOKEN \ No newline at end of file + <<: *tags \ No newline at end of file diff --git a/chart/values.pichu.amber.yaml b/chart/values.pichu.amber.yaml index 85e4faa..278e964 100644 --- a/chart/values.pichu.amber.yaml +++ b/chart/values.pichu.amber.yaml @@ -23,14 +23,3 @@ external-secrets: <<: *tags podAnnotations: <<: *tags - -storeName: infisical - -rootToken: - name: root-token - clientIdKey: CLIENT_ID - clientSecretKey: CLIENT_SECRET - type: infisical - project: sulfoxide-sos - secretsPath: / - hostAPI: https://secrets.atomi.cloud \ No newline at end of file diff --git a/chart/values.pichu.onyx.yaml b/chart/values.pichu.onyx.yaml deleted file mode 100644 index b196f53..0000000 --- a/chart/values.pichu.onyx.yaml +++ /dev/null @@ -1,26 +0,0 @@ -serviceTree: - landscape: &landscape pichu - cluster: &cluster onyx - -tags: &tags - atomi.cloud/landscape: *landscape - atomi.cloud/cluster: *cluster - -external-secrets: - podAnnotations: - <<: *tags - podLabels: - <<: *tags - - webhook: - podLabels: - <<: *tags - podAnnotations: - <<: *tags - - certController: - podLabels: - <<: *tags - podAnnotations: - <<: *tags - diff --git a/chart/values.pichu.topaz.yaml b/chart/values.pichu.topaz.yaml index 3df01dd..aa3698d 100644 --- a/chart/values.pichu.topaz.yaml +++ b/chart/values.pichu.topaz.yaml @@ -22,15 +22,4 @@ external-secrets: podLabels: <<: *tags podAnnotations: - <<: *tags - -storeName: infisical - -rootToken: - name: root-token - clientIdKey: CLIENT_ID - clientSecretKey: CLIENT_SECRET - type: infisical - project: sulfoxide-sos - secretsPath: / - hostAPI: https://secrets.atomi.cloud \ No newline at end of file + <<: *tags \ No newline at end of file diff --git a/chart/values.pikachu.amber.yaml b/chart/values.pikachu.amber.yaml index 07900e3..cf1ead3 100644 --- a/chart/values.pikachu.amber.yaml +++ b/chart/values.pikachu.amber.yaml @@ -22,15 +22,4 @@ external-secrets: podLabels: <<: *tags podAnnotations: - <<: *tags - -storeName: infisical - -rootToken: - name: root-token - clientIdKey: CLIENT_ID - clientSecretKey: CLIENT_SECRET - type: infisical - project: sulfoxide-sos - secretsPath: / - hostAPI: https://secrets.atomi.cloud \ No newline at end of file + <<: *tags \ No newline at end of file diff --git a/chart/values.pikachu.onyx.yaml b/chart/values.pikachu.onyx.yaml deleted file mode 100644 index 39734cd..0000000 --- a/chart/values.pikachu.onyx.yaml +++ /dev/null @@ -1,26 +0,0 @@ -serviceTree: - landscape: &landscape pikachu - cluster: &cluster onyx - -tags: &tags - atomi.cloud/landscape: *landscape - atomi.cloud/cluster: *cluster - -external-secrets: - podAnnotations: - <<: *tags - podLabels: - <<: *tags - - webhook: - podLabels: - <<: *tags - podAnnotations: - <<: *tags - - certController: - podLabels: - <<: *tags - podAnnotations: - <<: *tags - diff --git a/chart/values.raichu.amber.yaml b/chart/values.raichu.amber.yaml index a3de8a8..2f164eb 100644 --- a/chart/values.raichu.amber.yaml +++ b/chart/values.raichu.amber.yaml @@ -23,14 +23,3 @@ external-secrets: <<: *tags podAnnotations: <<: *tags - -storeName: infisical - -rootToken: - name: root-token - clientIdKey: CLIENT_ID - clientSecretKey: CLIENT_SECRET - type: infisical - project: sulfoxide-sos - secretsPath: / - hostAPI: https://secrets.atomi.cloud \ No newline at end of file diff --git a/chart/values.raichu.onyx.yaml b/chart/values.raichu.onyx.yaml deleted file mode 100644 index 9085be3..0000000 --- a/chart/values.raichu.onyx.yaml +++ /dev/null @@ -1,26 +0,0 @@ -serviceTree: - landscape: &landscape raichu - cluster: &cluster onyx - -tags: &tags - atomi.cloud/landscape: *landscape - atomi.cloud/cluster: *cluster - -external-secrets: - podAnnotations: - <<: *tags - podLabels: - <<: *tags - - webhook: - podLabels: - <<: *tags - podAnnotations: - <<: *tags - - certController: - podLabels: - <<: *tags - podAnnotations: - <<: *tags - diff --git a/chart/values.raichu.topaz.yaml b/chart/values.raichu.topaz.yaml index cdb165b..d3f4d3e 100644 --- a/chart/values.raichu.topaz.yaml +++ b/chart/values.raichu.topaz.yaml @@ -23,14 +23,3 @@ external-secrets: <<: *tags podAnnotations: <<: *tags - -storeName: infisical - -rootToken: - name: root-token - clientIdKey: CLIENT_ID - clientSecretKey: CLIENT_SECRET - type: infisical - project: sulfoxide-sos - secretsPath: / - hostAPI: https://secrets.atomi.cloud \ No newline at end of file diff --git a/chart/values.yaml b/chart/values.yaml index 180f3cf..5e19aa5 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -33,19 +33,25 @@ rootToken: # -- To create the secret or use existing secret create: false # -- Type of ClusterSecretStore to be created - type: doppler + type: infisical # -- Name of secret to be created - name: root-token - # -- The Kubernetes Secret Key holding the Root Doppler Token - key: "DOPPLER_TOKEN" + name: cobalt-infisical + # -- The Kubernetes Secret Key holding the Root Infisical Client ID + clientIdKey: "CLIENT_ID" + # -- The Kubernetes Secret Key holding the Root Infisical Client Secret + clientSecretKey: "CLIENT_SECRET" # -- The Root Doppler Token Value for deploying SecretStore. This value is sensitive value: "" # -- Project - project: "" + project: "sulfoxide-sos" + # -- The path to the secrets in infisical project + secretsPath: / + # -- The host API of infisical + hostAPI: https://secrets.atomi.cloud # -- The name of the doppler ClusterSecretStore that is going to be deployed -storeName: doppler +storeName: infisical # -- External Secrets Configuration. See [External Secrets Operator Documentation](https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets) external-secrets: