Unify infisical secret resources

Brutus5000 · Brutus5000 · commit 3ab398c5cfbd · 2025-12-07T21:22:34.000+01:00
diff --git a/apps/debezium/Chart.yaml b/apps/debezium/Chart.yaml
@@ -1,3 +1,7 @@
 apiVersion: v2
 name: debezium
 version: 1.0.0
+dependencies:
+  - name: infisical-secret
+    version: 1.0.0
+    repository: file://../../common/infisical-secret
diff --git a/apps/debezium/values.yaml b/apps/debezium/values.yaml
@@ -0,0 +1,2 @@
+infisical-secret:
+  name: debezium
diff --git a/common/infisical-secret/Chart.yaml b/common/infisical-secret/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+name: infisical-secret
+version: 1.0.0
+type: library
+description: "Common chart for reusing infisical secret resources"
diff --git a/common/infisical-secret/templates/secret.yaml b/common/infisical-secret/templates/secret.yaml
@@ -1,20 +1,21 @@
+{{ if .Values.infisical.enabled }}
 apiVersion: secrets.infisical.com/v1alpha1
 kind: InfisicalSecret
 metadata:
-  name: debezium
-  namespace: faf-apps
+  name: {{ .Values.name }}
+  namespace: {{ .Values.targetNamespace }}
 spec:
   authentication:
     universalAuth:
       credentialsRef:
         secretName: infisical-machine-identity
-        secretNamespace: faf-ops
+        secretNamespace: {{ .Values.secretNamespace }}
       secretsScope:
         projectSlug: {{.Values.infisical.projectSlug}}
         envSlug: {{.Values.infisical.envSlug}}
-        secretsPath: "/debezium"
+        secretsPath: {{ coalesce .Values.overrideSecretPath .Values.name }}
   managedSecretReference:
-    secretName: debezium
-    secretNamespace: faf-apps
+    secretName: {{ .Values.name }}
+    secretNamespace: {{ .Values.targetNamespace }}
     creationPolicy: "Owner"
-
+  {{- end }}
diff --git a/common/infisical-secret/values.yaml b/common/infisical-secret/values.yaml
@@ -0,0 +1,4 @@
+name: null # Define your own!
+overrideSecretPath: null # Optional, if name != secretPath
+targetNamespace: faf-apps
+secretNamespace: faf-ops
diff --git a/config/local.yaml b/config/local.yaml
@@ -0,0 +1,7 @@
+hostName: "localhost"
+environment: "local"
+baseDomain: "localhost"
+infisical:
+  enabled: false
+traefik:
+  tlsStoreSecret: "cloudflare-faf-com"
diff --git a/config/prod.yaml b/config/prod.yaml
@@ -1,16 +1,9 @@
 hostName: "fafprod3"
 environment: "prod"
 infisical:
+  enabled: true
   projectSlug: "k3s-cluster-zj-th"
   envSlug: "prod"
 baseDomain: "faforever.com"
 traefik:
   tlsStoreSecret: "cloudflare-faf-com"
-zfs:
-  nodeId: "fafprod3"
-  poolName: "tank/faf"
-  datasetPrefix: "k8s-"
-# On NixOS, we need to declare the ZFS binary path explicitly
-zfs-localpv:
-  zfs:
-    bin: "/run/current-system/sw/bin/zfs"
diff --git a/config/test.yaml b/config/test.yaml
@@ -1,16 +1,9 @@
 hostName: "faftest2"
 environment: "test"
 infisical:
+  enabled: true
   projectSlug: "k3s-cluster-zj-th"
   envSlug: "test"
 baseDomain: "faforever.xyz"
 traefik:
   tlsStoreSecret: "cloudflare-faf-xyz"
-zfs:
-  nodeId: "faftest2"
-  poolName: "tank/faf"
-  datasetPrefix: ""
-# On NixOS, we need to declare the ZFS binary path explicitly
-zfs-localpv:
-  zfs:
-    bin: "/run/current-system/sw/bin/zfs"

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+infisical-secret:`
	`2`	`+ name: debezium`