Skip to content

Commit 9addcba

Browse files
ildocildoc
committed
tmp
1 parent a7e5107 commit 9addcba

File tree

3 files changed

+43
-10
lines changed

3 files changed

+43
-10
lines changed

kubernetes/charts/invidious2/Chart.yaml renamed to kubernetes/charts/archived/invidious2/Chart.yaml

File renamed without changes.

kubernetes/charts/invidious2/templates/secret.yaml renamed to kubernetes/charts/archived/invidious2/templates/secret.yaml

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,11 @@
1-
apiVersion: external-secrets.io/v1
1+
apiVersion: external-secrets.io/v1beta1
22
kind: ExternalSecret
33
metadata:
44
name: vault-invidious-secrets
55
namespace: apps
6+
annotations:
7+
# Forza ArgoCD a creare questo secret PRIMA del deployment
8+
argocd.argoproj.io/sync-wave: "-10"
69
spec:
710
refreshInterval: "1h"
811
secretStoreRef:
@@ -12,18 +15,24 @@ spec:
1215
name: invidious-secrets
1316
creationPolicy: Owner
1417
data:
15-
# Username per Invidious deployment
18+
# Username per PostgreSQL
1619
- secretKey: postgresql-username
1720
remoteRef:
1821
key: kubernetes/apps/invidious
1922
property: db_user
2023

21-
# Password per Invidious deployment
24+
# Password per PostgreSQL - IMPORTANTE: stessa password per admin e user
2225
- secretKey: postgresql-password
2326
remoteRef:
2427
key: kubernetes/apps/invidious
2528
property: db_password
2629

30+
# Password postgres (admin) - USA LA STESSA PASSWORD
31+
- secretKey: postgresql-postgres-password
32+
remoteRef:
33+
key: kubernetes/apps/invidious
34+
property: db_password
35+
2736
# Chiave per companion
2837
- secretKey: invidious-companion-key
2938
remoteRef:

kubernetes/charts/invidious2/values.yaml renamed to kubernetes/charts/archived/invidious2/values.yaml

Lines changed: 31 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -63,18 +63,37 @@ invidious:
6363
# Usa un tag completo, non solo "17"
6464
tag: "17.6.0"
6565
auth:
66+
# Username DEVE corrispondere a quello in Vault
6667
username: kemal
6768
database: invidious
68-
# IMPORTANTE: Il secret DEVE essere specificato qui
69+
# Riferimento al secret esistente
6970
existingSecret: "invidious-secrets"
70-
# Le chiavi nel secret che PostgreSQL cercherà
71+
# Mapping delle chiavi nel secret
7172
secretKeys:
72-
# Queste sono le chiavi CORRETTE per il chart Bitnami
73-
adminPasswordKey: "postgresql-password"
74-
userPasswordKey: "postgresql-password"
75-
replicationPasswordKey: "postgresql-password"
73+
# IMPORTANTE: PostgreSQL Bitnami si aspetta questa struttura
74+
adminPasswordKey: "postgresql-postgres-password" # Password per utente 'postgres'
75+
userPasswordKey: "postgresql-password" # Password per utente 'kemal'
7676

77-
# Configurazione persistence (struttura corretta per Bitnami chart v16.x)
77+
primary:
78+
persistence:
79+
enabled: true
80+
size: 10Gi
81+
storageClass: nfs-csi
82+
83+
# Aggiungi init container per aspettare il secret
84+
initContainers:
85+
- name: wait-for-secret
86+
image: bitnami/kubectl:latest
87+
command:
88+
- sh
89+
- -c
90+
- |
91+
until kubectl get secret invidious-secrets -n apps; do
92+
echo "Waiting for secret invidious-secrets..."
93+
sleep 5
94+
done
95+
echo "Secret found!"
96+
7897
persistence:
7998
enabled: true
8099
size: 10Gi
@@ -132,6 +151,7 @@ invidious:
132151
config:
133152
db:
134153
user: kemal
154+
password: "" # Verrà preso da existingSecret
135155
host: "" # Verrà auto-popolato dal chart
136156
port: 5432
137157
dbname: invidious
@@ -147,6 +167,10 @@ invidious:
147167
# Companion integration
148168
invidious_companion:
149169
- private_url: "" # Verrà auto-popolato dal chart
170+
171+
# Questi verranno presi da existingSecret
172+
invidious_companion_key: ""
173+
hmac_key: ""
150174

151175
# IMPORTANTE: Riferimento al secret esterno per le chiavi sensibili
152176
existingSecret: "invidious-secrets"

0 commit comments

Comments
 (0)