From 068d9339b931cd5e8be5a37fcdc859b46fb9798b Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Tue, 6 Jan 2026 16:43:34 +0900 Subject: [PATCH] REFACTOR(repo): move vault/ to manifests/ - Move ExternalSecret files from vault/ to manifests/secret.yaml - Merge multiple secrets with --- separator (immich) - Update kustomization.yaml references - Remove vault/ folders Apps: umami, immich, code-server --- code-server/kustomization.yaml | 2 +- .../secret.yaml} | 0 immich/kustomization.yaml | 3 +-- .../secret.yaml} | 20 +++++++++++++++++++ immich/vault/immich-postgres-password.yaml | 18 ----------------- umami/kustomization.yaml | 2 +- .../secret.yaml} | 0 7 files changed, 23 insertions(+), 22 deletions(-) rename code-server/{vault/code-server-password.yaml => manifests/secret.yaml} (100%) rename immich/{vault/immich-oidc.yaml => manifests/secret.yaml} (50%) delete mode 100644 immich/vault/immich-postgres-password.yaml rename umami/{vault/umami-password.yaml => manifests/secret.yaml} (100%) diff --git a/code-server/kustomization.yaml b/code-server/kustomization.yaml index 3c12939..a700a40 100644 --- a/code-server/kustomization.yaml +++ b/code-server/kustomization.yaml @@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: code-server resources: -- vault/code-server-password.yaml +- manifests/secret.yaml - manifests/rbac.yaml diff --git a/code-server/vault/code-server-password.yaml b/code-server/manifests/secret.yaml similarity index 100% rename from code-server/vault/code-server-password.yaml rename to code-server/manifests/secret.yaml diff --git a/immich/kustomization.yaml b/immich/kustomization.yaml index 50fb4cd..0455a27 100644 --- a/immich/kustomization.yaml +++ b/immich/kustomization.yaml @@ -2,6 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - manifests/pvc.yaml -- vault/immich-postgres-password.yaml -- vault/immich-oidc.yaml +- manifests/secret.yaml namespace: immich diff --git a/immich/vault/immich-oidc.yaml b/immich/manifests/secret.yaml similarity index 50% rename from immich/vault/immich-oidc.yaml rename to immich/manifests/secret.yaml index 1d8114e..32e4614 100644 --- a/immich/vault/immich-oidc.yaml +++ b/immich/manifests/secret.yaml @@ -1,5 +1,25 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret +metadata: + name: immich-postgres-password + namespace: immich +spec: + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: vault-backend + target: + name: immich-postgres-password + creationPolicy: Owner + data: + - secretKey: password + remoteRef: + key: databases/postgresql + property: PASSWORD + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret metadata: name: immich-oidc namespace: immich diff --git a/immich/vault/immich-postgres-password.yaml b/immich/vault/immich-postgres-password.yaml deleted file mode 100644 index 2ab759e..0000000 --- a/immich/vault/immich-postgres-password.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: immich-postgres-password - namespace: immich -spec: - refreshInterval: 1h - secretStoreRef: - kind: ClusterSecretStore - name: vault-backend - target: - name: immich-postgres-password - creationPolicy: Owner - data: - - secretKey: password - remoteRef: - key: databases/postgresql - property: PASSWORD diff --git a/umami/kustomization.yaml b/umami/kustomization.yaml index e6b1b38..c027c9c 100644 --- a/umami/kustomization.yaml +++ b/umami/kustomization.yaml @@ -1,5 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- vault/umami-password.yaml +- manifests/secret.yaml - manifests/ingress.yaml diff --git a/umami/vault/umami-password.yaml b/umami/manifests/secret.yaml similarity index 100% rename from umami/vault/umami-password.yaml rename to umami/manifests/secret.yaml