Erich Blume
0d3269e8d6
Deploy the full ESO stack on ringtail, matching the indri pattern: - 4 ArgoCD apps (1password-connect, external-secrets-crds, external-secrets, external-secrets-config) targeting ringtail k3s cluster - ExternalSecret for forgejo-runner-amd64 token (replaces Ansible-managed secret) - Ansible playbook bootstraps 1Password Connect credentials instead of directly managing runner tokens Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
32 lines
1,002 B
YAML
32 lines
1,002 B
YAML
# 1Password Connect for ringtail k3s cluster
|
|
# Same chart/values as indri, different destination
|
|
#
|
|
# Prerequisites:
|
|
# 1. Bootstrap secrets via ansible (provision-ringtail creates 1password namespace,
|
|
# op-credentials and onepassword-token secrets)
|
|
# 2. Sync BEFORE external-secrets-ringtail
|
|
#
|
|
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: 1password-connect-ringtail
|
|
namespace: argocd
|
|
spec:
|
|
project: default
|
|
sources:
|
|
- repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/connect-helm-charts.git
|
|
targetRevision: connect-2.3.0
|
|
path: charts/connect
|
|
helm:
|
|
releaseName: onepassword-connect
|
|
valueFiles:
|
|
- $values/argocd/manifests/1password-connect/values.yaml
|
|
- repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git
|
|
targetRevision: main
|
|
ref: values
|
|
destination:
|
|
server: https://ringtail.tail8d86e.ts.net:6443
|
|
namespace: 1password
|
|
syncPolicy:
|
|
syncOptions:
|
|
- CreateNamespace=true
|