beekhof · September 30, 2022 11:01
diff --git a/explicit-secrets.patch b/explicit-secrets.patch
 diff --git a/clustergroup/templates/plumbing/cluster-external-secrets.yaml b/clustergroup/templates/plumbing/cluster-external-secrets.yaml
 index 52f5ca5..2f8db26 100644
 --- a/clustergroup/templates/plumbing/cluster-external-secrets.yaml
 +++ b/clustergroup/templates/plumbing/cluster-external-secrets.yaml
 @@ -34,10 +34,10 @@ spec:
   data:
   - secretKey: kubeBearer
     remoteRef:
 -      key: {{ $.Values.secretsBase.key }}/cluster_{{ .Values.clusterGroup.targetCluster }}
 +      key: {{ $.Values.hostedSite.bearer_secret_key }}
       property: bearerToken
   - secretKey: kubeCA
     remoteRef:
 -      key: {{ $.Values.secretsBase.key }}/cluster_{{ .Values.clusterGroup.targetCluster }}_ca
 +      key: {{ $.Values.hostedSite.ca_secret_key }}
       property: b64content
 {{- end }}
 diff --git a/clustergroup/templates/plumbing/hosted-sites.yaml b/clustergroup/templates/plumbing/hosted-sites.yaml
 index cdb8c15..c7d68ed 100644
 --- a/clustergroup/templates/plumbing/hosted-sites.yaml
 +++ b/clustergroup/templates/plumbing/hosted-sites.yaml
 @@ -64,6 +64,10 @@ spec:
         value: {{ .name }}
       - name: enabled
         value: core
 +      - name: hostedSite.bearer_secret_key
 +        value: {{ .bearer_secret_key }}
 +      - name: hostedSite.ca_secret_key
 +        value: {{ .ca_secret_key }}
       - name: clusterGroup.name
         value: {{ $group.name }}
      {{- range $group.helmOverrides }}
 diff --git a/examples/values-example.yaml b/examples/values-example.yaml
 index bd7d772..7618a21 100644
 --- a/examples/values-example.yaml
 +++ b/examples/values-example.yaml
 @@ -96,9 +96,13 @@ clusterGroup:
     # ??what does it contain??
     hostedArgoSites:
     - name: perth
 -      domain: beekhof.net
 +      domain: perth1.beekhof.net
 +      bearer_secret_key: secret/data/hub/cluster_perth
 +      ca_secret_key: secret/data/hub/cluster_perth_ca
     - name: sydney
 -      domain: beekhof.net
 +      domain: syd.beekhof.net
 +      bearer_secret_key: secret/data/hub/cluster_sydney
 +      ca_secret_key: secret/data/hub/cluster_syndey_ca
     helmOverrides:
     - name: clusterGroup.isHubCluster
       value: "false"
 diff --git a/tests/clustergroup-normal.expected.yaml b/tests/clustergroup-normal.expected.yaml
 index c027af7..474f582 100644
 --- a/tests/clustergroup-normal.expected.yaml
 +++ b/tests/clustergroup-normal.expected.yaml
 @@ -138,9 +138,13 @@ data:
         - name: clusterGroup.isHubCluster
           value: "false"
         hostedArgoSites:
 -        - domain: beekhof.net
 +        - bearer_secret_key: secret/data/hub/cluster_perth
 +          ca_secret_key: secret/data/hub/cluster_perth_ca
 +          domain: perth1.beekhof.net
           name: perth
 -        - domain: beekhof.net
 +        - bearer_secret_key: secret/data/hub/cluster_sydney
 +          ca_secret_key: secret/data/hub/cluster_syndey_ca
 +          domain: syd.beekhof.net
           name: sydney
         name: argo-edge
       name: example
 @@ -630,13 +634,17 @@ spec:
       - name: global.hubClusterDomain
         value: apps.hub.example.com
       - name: global.localClusterDomain
 -        value: apps.beekhof.net
 +        value: apps.perth1.beekhof.net
       - name: global.clusterDomain
 -        value: beekhof.net
 +        value: perth1.beekhof.net
       - name: clusterGroup.targetCluster
         value: perth
       - name: enabled
         value: core
 +      - name: hostedSite.bearer_secret_key
 +        value: secret/data/hub/cluster_perth
 +      - name: hostedSite.ca_secret_key
 +        value: secret/data/hub/cluster_perth_ca
       - name: clusterGroup.name
         value: argo-edge
       - name: clusterGroup.isHubCluster
 @@ -688,9 +696,9 @@ spec:
       - name: global.hubClusterDomain
         value: apps.hub.example.com
       - name: global.localClusterDomain
 -        value: apps.beekhof.net
 +        value: apps.perth1.beekhof.net
       - name: global.clusterDomain
 -        value: beekhof.net
 +        value: perth1.beekhof.net
       - name: enabled
         value: plumbing
       - name: clusterGroup.targetCluster
 @@ -746,13 +754,17 @@ spec:
       - name: global.hubClusterDomain
         value: apps.hub.example.com
       - name: global.localClusterDomain
 -        value: apps.beekhof.net
 +        value: apps.syd.beekhof.net
       - name: global.clusterDomain
 -        value: beekhof.net
 +        value: syd.beekhof.net
       - name: clusterGroup.targetCluster
         value: sydney
       - name: enabled
         value: core
 +      - name: hostedSite.bearer_secret_key
 +        value: secret/data/hub/cluster_sydney
 +      - name: hostedSite.ca_secret_key
 +        value: secret/data/hub/cluster_syndey_ca
       - name: clusterGroup.name
         value: argo-edge
       - name: clusterGroup.isHubCluster
 @@ -804,9 +816,9 @@ spec:
       - name: global.hubClusterDomain
         value: apps.hub.example.com
       - name: global.localClusterDomain
 -        value: apps.beekhof.net
 +        value: apps.syd.beekhof.net
       - name: global.clusterDomain
 -        value: beekhof.net
 +        value: syd.beekhof.net
       - name: enabled
         value: plumbing
       - name: clusterGroup.targetCluster
	diff --git a/clustergroup/templates/plumbing/cluster-external-secrets.yaml b/clustergroup/templates/plumbing/cluster-external-secrets.yaml
	index 52f5ca5..2f8db26 100644
	--- a/clustergroup/templates/plumbing/cluster-external-secrets.yaml
	+++ b/clustergroup/templates/plumbing/cluster-external-secrets.yaml
	@@ -34,10 +34,10 @@ spec:
	data:
	- secretKey: kubeBearer
	remoteRef:
	- key: {{ $.Values.secretsBase.key }}/cluster_{{ .Values.clusterGroup.targetCluster }}
	+ key: {{ $.Values.hostedSite.bearer_secret_key }}
	property: bearerToken
	- secretKey: kubeCA
	remoteRef:
	- key: {{ $.Values.secretsBase.key }}/cluster_{{ .Values.clusterGroup.targetCluster }}_ca
	+ key: {{ $.Values.hostedSite.ca_secret_key }}
	property: b64content
	{{- end }}
	diff --git a/clustergroup/templates/plumbing/hosted-sites.yaml b/clustergroup/templates/plumbing/hosted-sites.yaml
	index cdb8c15..c7d68ed 100644
	--- a/clustergroup/templates/plumbing/hosted-sites.yaml
	+++ b/clustergroup/templates/plumbing/hosted-sites.yaml
	@@ -64,6 +64,10 @@ spec:
	value: {{ .name }}
	- name: enabled
	value: core
	+ - name: hostedSite.bearer_secret_key
	+ value: {{ .bearer_secret_key }}
	+ - name: hostedSite.ca_secret_key
	+ value: {{ .ca_secret_key }}
	- name: clusterGroup.name
	value: {{ $group.name }}
	{{- range $group.helmOverrides }}
	diff --git a/examples/values-example.yaml b/examples/values-example.yaml
	index bd7d772..7618a21 100644
	--- a/examples/values-example.yaml
	+++ b/examples/values-example.yaml
	@@ -96,9 +96,13 @@ clusterGroup:
	# ??what does it contain??
	hostedArgoSites:
	- name: perth
	- domain: beekhof.net
	+ domain: perth1.beekhof.net
	+ bearer_secret_key: secret/data/hub/cluster_perth
	+ ca_secret_key: secret/data/hub/cluster_perth_ca
	- name: sydney
	- domain: beekhof.net
	+ domain: syd.beekhof.net
	+ bearer_secret_key: secret/data/hub/cluster_sydney
	+ ca_secret_key: secret/data/hub/cluster_syndey_ca
	helmOverrides:
	- name: clusterGroup.isHubCluster
	value: "false"
	diff --git a/tests/clustergroup-normal.expected.yaml b/tests/clustergroup-normal.expected.yaml
	index c027af7..474f582 100644
	--- a/tests/clustergroup-normal.expected.yaml
	+++ b/tests/clustergroup-normal.expected.yaml
	@@ -138,9 +138,13 @@ data:
	- name: clusterGroup.isHubCluster
	value: "false"
	hostedArgoSites:
	- - domain: beekhof.net
	+ - bearer_secret_key: secret/data/hub/cluster_perth
	+ ca_secret_key: secret/data/hub/cluster_perth_ca
	+ domain: perth1.beekhof.net
	name: perth
	- - domain: beekhof.net
	+ - bearer_secret_key: secret/data/hub/cluster_sydney
	+ ca_secret_key: secret/data/hub/cluster_syndey_ca
	+ domain: syd.beekhof.net
	name: sydney
	name: argo-edge
	name: example
	@@ -630,13 +634,17 @@ spec:
	- name: global.hubClusterDomain
	value: apps.hub.example.com
	- name: global.localClusterDomain
	- value: apps.beekhof.net
	+ value: apps.perth1.beekhof.net
	- name: global.clusterDomain
	- value: beekhof.net
	+ value: perth1.beekhof.net
	- name: clusterGroup.targetCluster
	value: perth
	- name: enabled
	value: core
	+ - name: hostedSite.bearer_secret_key
	+ value: secret/data/hub/cluster_perth
	+ - name: hostedSite.ca_secret_key
	+ value: secret/data/hub/cluster_perth_ca
	- name: clusterGroup.name
	value: argo-edge
	- name: clusterGroup.isHubCluster
	@@ -688,9 +696,9 @@ spec:
	- name: global.hubClusterDomain
	value: apps.hub.example.com
	- name: global.localClusterDomain
	- value: apps.beekhof.net
	+ value: apps.perth1.beekhof.net
	- name: global.clusterDomain
	- value: beekhof.net
	+ value: perth1.beekhof.net
	- name: enabled
	value: plumbing
	- name: clusterGroup.targetCluster
	@@ -746,13 +754,17 @@ spec:
	- name: global.hubClusterDomain
	value: apps.hub.example.com
	- name: global.localClusterDomain
	- value: apps.beekhof.net
	+ value: apps.syd.beekhof.net
	- name: global.clusterDomain
	- value: beekhof.net
	+ value: syd.beekhof.net
	- name: clusterGroup.targetCluster
	value: sydney
	- name: enabled
	value: core
	+ - name: hostedSite.bearer_secret_key
	+ value: secret/data/hub/cluster_sydney
	+ - name: hostedSite.ca_secret_key
	+ value: secret/data/hub/cluster_syndey_ca
	- name: clusterGroup.name
	value: argo-edge
	- name: clusterGroup.isHubCluster
	@@ -804,9 +816,9 @@ spec:
	- name: global.hubClusterDomain
	value: apps.hub.example.com
	- name: global.localClusterDomain
	- value: apps.beekhof.net
	+ value: apps.syd.beekhof.net
	- name: global.clusterDomain
	- value: beekhof.net
	+ value: syd.beekhof.net
	- name: enabled
	value: plumbing
	- name: clusterGroup.targetCluster