feat: migrate to MANUAL_ prefix

chart/README.md

@@ -17,7 +17,7 @@ AtomiCloud's Deployment Platform via ArgoCD
 |-----|------|---------|-------------|
 | admin | bool | `true` | Enable Admin Access |
 | applicationWait | bool | `true` | Enable waiting in sync-waves |
-| argo-cd | object | `{"configs":{"cm":{"create":false},"params":{"create":false}},"dex":{"enabled":false},"global":{"logging":{"format":"json","level":"info"}}}` | ArgoCD Specific configuration. See [ArgoCD Helm Documentation](https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd) |
+| argo-cd | object | `{"configs":{"cm":{"create":false},"params":{"create":false},"rbac":{"create":false}},"dex":{"enabled":false},"global":{"logging":{"format":"json","level":"info"}}}` | ArgoCD Specific configuration. See [ArgoCD Helm Documentation](https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd) |
 | banner | string | `""` | Banner to show in ArgoCD UI |
 | connector | object | `{"clusters":{},"policy":{"creation":"Owner","deletion":"Retain"},"secretStore":{"kind":"SecretStore","name":"doppler"}}` | Connectors to other cluster |
 | connector.clusters | object | `{}` | Clusters to connect to |
@@ -58,14 +58,14 @@ AtomiCloud's Deployment Platform via ArgoCD
 | rbac.name | string | `"Atomi"` | Name of the OIDC Provider |
 | rbac.requestedScopes | list | `["openid","profile","email","https://atomi.cloud/roles"]` | Scopes to request from OIDC |
 | serviceTree | object | `{"layer":"1","platform":"sulfoxide","service":"chlorine"}` | AtomiCloud Service Tree. See [ServiceTree](https://atomicloud.larksuite.com/wiki/OkfJwTXGFiMJkrk6W3RuwRrZs64?theme=DARK&contentTheme=DARK#MHw5d76uDo2tBLx86cduFQMRsBb) |
-| sso | object | `{"external":{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"/suicune/auth0/client_secret","secretStore":{"kind":"ClusterStore","name":"doppler"}},"internal":{"enable":false,"secret":""},"secretName":"argo-cd-sso-secret"}` | SSO Secret using OIDC |
-| sso.external | object | `{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"/suicune/auth0/client_secret","secretStore":{"kind":"ClusterStore","name":"doppler"}}` | External Secret Configuration |
+| sso | object | `{"external":{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"","secretStore":{"kind":"ClusterStore","name":"doppler"}},"internal":{"enable":false,"secret":""},"secretName":"argo-cd-sso-secret"}` | SSO Secret using OIDC |
+| sso.external | object | `{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"","secretStore":{"kind":"ClusterStore","name":"doppler"}}` | External Secret Configuration |
 | sso.external.enable | bool | `true` | Enable External Secret |
 | sso.external.policy | object | `{"creation":"Owner","deletion":"Retain"}` | External Secret Policy |
 | sso.external.policy.creation | string | `"Owner"` | Creation policy |
 | sso.external.policy.deletion | string | `"Retain"` | Deletion policy |
 | sso.external.refreshInterval | string | `"1h"` | Refresh Interval for fetching the secret from remote |
-| sso.external.remoteSecretName | string | `"/suicune/auth0/client_secret"` | Secret Remote Reference for OIDC Client Secret |
+| sso.external.remoteSecretName | string | `""` | Secret Remote Reference for OIDC Client Secret |
 | sso.external.secretStore.kind | string | `"ClusterStore"` | Kind of the Secret Store: `ClusterSecretStore` or `SecretStore` |
 | sso.external.secretStore.name | string | `"doppler"` | Name of the Secret Store |
 | sso.internal | object | `{"enable":false,"secret":""}` | Internal Secret, Hard coded secrets |

chart/templates/post-install/cluster_external_secret.yaml → chart/templates/post-install/cluster_secret.yaml

@@ -20,19 +20,20 @@ spec:
     name: {{ $lk }}-{{ $ck }}-cluster-secret
     creationPolicy: {{ $.Values.connector.policy.creation }}
     deletionPolicy: {{ $.Values.connector.policy.deletion }}
+    template:
+      metadata:
+        labels: {{- include "sulfoxide-helium.labels" $ | nindent 10 }}
+          argocd.argoproj.io/secret-type: cluster
+        annotations: {{- include "sulfoxide-helium.annotations" $ | nindent 10 }}
+          argocd.argoproj.io/secret-type: cluster
+      data:
+        name: '{{ `{{ get ( .kubeconfig | fromJson ) "name" }}` }}'
+        server: '{{ `{{ get ( .kubeconfig | fromJson ) "server" }}` }}'
+        config: '{{ `{{ get ( .kubeconfig | fromJson ) "config" }}` }}'
   data:
-    - secretKey: name
+    - secretKey: kubeconfig
       remoteRef:
         key: "{{ $cv.remoteSecretName }}"
-        property: name
-    - secretKey: server
-      remoteRef:
-        key: "{{ $cv.remoteSecretName }}"
-        property: server
-    - secretKey: config
-      remoteRef:
-        key: "{{ $cv.remoteSecretName }}"
-        property: config
 ---
 {{- end }}
 {{- end }}

chart/values.suicune.opal-ruby.yaml

@@ -31,26 +31,30 @@ github:
   external:
     enable: true
     refreshInterval: 1h
-    usernameRef: "GITHUB_USERNAME"
-    passwordRef: "GITHUB_PASSWORD"
+    usernameRef: "MANUAL_GITHUB_USERNAME"
+    passwordRef: "MANUAL_GITHUB_PASSWORD"
 
 sso:
   internal:
     enable: false
   external:
     enable: true
-    remoteSecretName: /suicune/manual/argocd/auth0-client-secret
+    remoteSecretName: "MANUAL_AUTH0_CLIENT_SECRET"
 
-#  clusters:
-#    pichu:
-#      opal:
-#        # -- refresh interval for fetching the secret from remote
-#        refreshInterval: 24h
-#        # -- secret for the cluster
-#        remoteSecretName: /suicune/auto/argocd/cluster-connector-pichu-opal
-#        # -- enable App of Apps
-#        aoa:
-#          enable: true
+connector:
+  clusters:
+    suicune:
+      opal:
+        refreshInterval: 1h
+        remoteSecretName: SUICUNE_OPAL_KUBECONFIG
+        aoa:
+          enable: false
+    entei:
+      opal:
+        refreshInterval: 1h
+        remoteSecretName: ENTEI_OPAL_KUBECONFIG
+        aoa:
+          enable: false
 #          repo: https://github.com/AtomiCloud/helm.systems_app-of-apps
 #          version: HEAD
 #          path: chart

chart/values.yaml

@@ -11,6 +11,8 @@ argo-cd:
       create: false
     params:
       create: false
+    rbac:
+      create: false
   global:
     logging:
       format: json
@@ -127,7 +129,7 @@ sso:
     # -- Refresh Interval for fetching the secret from remote
     refreshInterval: 1h
     # -- Secret Remote Reference for OIDC Client Secret
-    remoteSecretName: /suicune/auth0/client_secret
+    remoteSecretName: ""
     secretStore:
       # -- Name of the Secret Store
       name: doppler