eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Fix miniflux secret to use CNPG-generated password

Browse source 
The miniflux user password is auto-generated by CloudNativePG and stored
in blumeops-pg-app secret. Updated README and secret template to document
the correct setup process.
This commit is contained in:
Erich Blume 2026-01-19 19:14:50 -08:00
commit ad2ad22ccf
2 changed files with 17 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

5
argocd/manifests/miniflux/README.md
View file

@ -14,7 +14,10 @@ RSS/Atom feed reader deployed via ArgoCD.
```bash
kubectl create namespace miniflux
op inject -i argocd/manifests/miniflux/secret-db.yaml.tpl | kubectl apply -f -
# The miniflux user password is auto-generated by CNPG in blumeops-pg-app secret
kubectl create secret generic miniflux-db -n miniflux \
--from-literal=url="$(kubectl -n databases get secret blumeops-pg-app -o jsonpath='{.data.uri}' | base64 -d)"
```
2. Apply the ArgoCD application:

22
argocd/manifests/miniflux/secret-db.yaml.tpl
View file

@ -1,9 +1,13 @@
# Apply with: op inject -i argocd/manifests/miniflux/secret-db.yaml.tpl | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: miniflux-db
namespace: miniflux
type: Opaque
stringData:
url: postgres://miniflux:{{ op://vg6xf6vvfmoh5hqjjhlhbeoaie/ns6wylqiuqgczpo7gq2akaxbti/password }}@blumeops-pg-rw.databases.svc.cluster.local:5432/miniflux?sslmode=disable
# Miniflux database connection secret
#
# The miniflux user password is auto-generated by CloudNativePG and stored in
# blumeops-pg-app secret in the databases namespace. To create this secret:
#
# 1. Get the URI from CNPG secret:
# kubectl -n databases get secret blumeops-pg-app -o jsonpath='{.data.uri}' | base64 -d
#
# 2. Create the secret (one-liner):
# kubectl create secret generic miniflux-db -n miniflux \
# --from-literal=url="$(kubectl -n databases get secret blumeops-pg-app -o jsonpath='{.data.uri}' | base64 -d)"
#
# Note: Uses internal k8s DNS hostname (blumeops-pg-rw.databases) not Tailscale