re-ecnrypt all secrets, update some values

2026-02-04 13:09:53 +00:00 · 2025-12-13 11:33:20 -05:00
parent f12e27c5c6
commit 6e63085fb3
22 changed files with 111 additions and 176 deletions
--- a/infrastructure/controllers/external-dns/release.yaml
+++ b/infrastructure/controllers/external-dns/release.yaml
@@ -4,36 +4,25 @@ metadata:
  name: external-dns
  namespace: external-dns
 spec:
-  chartRef:
-    kind: OCIRepository
-    name: external-dns
+  chart:
+    spec:
+      chart: external-dns
+      version: v1.19.x
+      sourceRef:
+        kind: HelmRepository
+        name: external-dns
  interval: 15m
  releaseName: external-dns
  values:
    sources:
      - crd
-      # - service
-      # - ingress
-      # - contour-httpproxy
-    provider: cloudflare
-    cloudflare:
-      ## @param cloudflare.apiToken When using the Cloudflare provider, `CF_API_TOKEN` to set (optional)
-      ##
-      apiToken: ""
-      ## @param cloudflare.apiKey When using the Cloudflare provider, `CF_API_KEY` to set (optional)
-      ##
-      apiKey: ""
-      ## @param cloudflare.secretName When using the Cloudflare provider, it's the name of the secret containing cloudflare_api_token or cloudflare_api_key.
-      ## This ignores cloudflare.apiToken, and cloudflare.apiKey
-      ##
-      secretName: "cloudflare-api-key"
-      ## @param cloudflare.email When using the Cloudflare provider, `CF_API_EMAIL` to set (optional). Needed when using CF_API_KEY
-      ##
-      email: "michael@michaelthomson.dev"
-      ## @param cloudflare.proxied When using the Cloudflare provider, enable the proxy feature (DDOS protection, CDN...) (optional)
-      ##
-      proxied: false
-    crd:
-      ## @param crd.create Install and use the integrated DNSEndpoint CRD
-      ##
-      create: true
+    provider:
+      name: cloudflare
+    env:
+      - name: CF_API_KEY
+        valueFrom:
+          secretKeyRef:
+            name: secret
+            key: cloudflare_api_key
+      - name: CF_API_EMAIL
+        value: michael@michaelthomson.dev
--- a/infrastructure/controllers/external-dns/repository.yaml
+++ b/infrastructure/controllers/external-dns/repository.yaml
@@ -1,10 +1,8 @@
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: OCIRepository
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
 metadata:
  name: external-dns
  namespace: external-dns
 spec:
  interval: 15m
-  url: oci://registry-1.docker.io/bitnamicharts/external-dns
-  ref:
-    semver: ">=8.0.0"
+  url: https://kubernetes-sigs.github.io/external-dns/
--- a/infrastructure/controllers/external-dns/sealedsecret-cloudflare-api-key.yaml
+++ b/infrastructure/controllers/external-dns/sealedsecret-cloudflare-api-key.yaml
@@ -1,21 +0,0 @@
-{
-  "kind": "SealedSecret",
-  "apiVersion": "bitnami.com/v1alpha1",
-  "metadata": {
-    "name": "cloudflare-api-key",
-    "namespace": "external-dns",
-    "creationTimestamp": null
-  },
-  "spec": {
-    "template": {
-      "metadata": {
-        "name": "cloudflare-api-key",
-        "namespace": "external-dns",
-        "creationTimestamp": null
-      }
-    },
-    "encryptedData": {
-      "cloudflare_api_key": "AgDbQ3Suck0P6dSEtuB8cfk4P47jVuieaekex+miPlhrB3I7n/YLPK3lEdoYAt49NrciMlq877iniuYylwnh8HOSevvZ47H86KthofJY3iu8anTTS5q4dkxonnqHuBPH0LTg+uvdkChxe7kuozePB0XJjQV4qdejEDTh6Q7es5dzIW9kdxHGlDRyIsgeI+YpZCZOApzU+bR+ARt39AWWpyRkn140CSAFjsF6XRJ+Enwsn9nbfZfb71s3J8hy/3BCY8fCPuqAXWoQY9pr4BwYo6TjFthlesMYZ3rsAPuBelwEO9OeWySKfVOZx3ZbTdG0aObYhr1KOMs1wTSbu0Y9Ob59WZRT78eXD3B9Un2Bm5GhQLZaw0KAwzg1uLZ2LGcOcV3Dzd5XXLa8/pajrlF/iJQkMYZlaLVfgakhi5TpM4QCTHD4Wj95ZzO16VqJ8ak4qU+l3eJ/GuO+cnMtvAF/VjEiGj9PF9fZRkcPl7HoDTOGeXgbvVcWsSyktZe9BeAkHmB326bK8gnvs6MwJZC/SFR187ngBkSDOQ89LNx1pNnu4SNYu6EHvtaNI62+a6AsNsdrku3fTW0bdNI7rPwZvmL257mnnF7ih4BZvRDxBWudAcQyw+YZdlQC5NRpFr7e0ZgFP1CvDjvNtBBaZsHELKJyFCy7vhhiOrrHpYGZfvTFgGd2/ny2n92HyhJtvpMSJNfaqjAOVu7Kp5bFa99GSSP1CZXjxHxCEzVblZdyOGW63iMwgNp7"
-    }
-  }
-}
--- a/infrastructure/controllers/external-dns/secret.yaml
+++ b/infrastructure/controllers/external-dns/secret.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: secret
+  namespace: external-dns
+spec:
+  encryptedData:
+    cloudflare_api_key: AgDB/8qYE4xI1LOJyJ73afBphwIazvJFS6JPWzC+4R7D/J83Rc14udHVf1bLr8bbkGfXBs9FOis6kVu480JFoNnsXZLdTxViwj573l9GgfOQugCFqn+R8tqpgyzhqpMCYrxJHifn1VZw7a95XJ494tYA7tAO+45SBBXjCVrXO/ZF4gpQpk0yyW6tnV/2cna678dG9ZoL+W7zVlYZ72RrZoGyHTjEUnadmCCR0cPJA0Pd7zho3QLczrnGe2WFRK5TbxaVerr9yPQjx18H2J489UePd0C2OeDkMorev8OxxdA+Wvq8AVpokMoOGgQ+qJ9eDdNDrJjJKi2Vs/FsT3q5B5iwuGwGSITtz3kk/POnnfU+IzzGEYUns5rgC1TrcO49Xk6W7d7ft5HUi0wdWLaeveox/jkIcM15QvXJQuf4RfphNoeQ1gp59ngRh2Oij2vlU/HZ+2eSHU4zMxC+LY9/JIXBytrPOfjvNehLQigeZQ4VQCcnzqqUEi1t8ptwqeFwhG+rWCJlNK5HZoS7p5gw5O+t55IL5bStaP/9teoMoOwyRgsBKz6Jclg0h1dF+UxEf3xsFxV/I4dEvFkz6e2jXtD823/uVG6p06LN2YsdK+2c1dey9JeYfHltha8p7+JWVaKMYjncWLwpIrNpjB+xljUCtzY7S7AKxp4IvGaeVDq1tKa/zqK9/c37/Fxi5bMgTcynX/xxU2bRuDLvHFA52yCwBKLHgE3TPJAS5/M9J4/iTplmLFl6
+  template:
+    metadata:
+      name: secret
+      namespace: external-dns