From fb2361d148249891a10679eeb3f6399f883636fe Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Mon, 22 Apr 2024 00:07:52 +0800
Subject: [PATCH] fix(reloader): add to Flux kustomize-controller, don't reload
 code-server Talos SA

---
 kube/clusters/biohazard/flux/flux-install.yaml         | 10 +++++++++-
 kube/deploy/apps/code-server/app/hr.yaml               |  3 +++
 .../apps/code-server/app/talos-serviceaccount.yaml     |  8 ++++++++
 3 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 kube/deploy/apps/code-server/app/talos-serviceaccount.yaml

diff --git a/kube/clusters/biohazard/flux/flux-install.yaml b/kube/clusters/biohazard/flux/flux-install.yaml
index ada38e76..922fc679 100644
--- a/kube/clusters/biohazard/flux/flux-install.yaml
+++ b/kube/clusters/biohazard/flux/flux-install.yaml
@@ -9,7 +9,7 @@ spec:
   interval: 10m
   url: oci://ghcr.io/fluxcd/flux-manifests
   ref:
-    tag: v2.2.3@sha256:187f6a409354d1a6156bb9ede0c81da13e1daccef421203575d23679ccc9b320
+    tag: v2.2.3
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
@@ -88,4 +88,12 @@ spec:
       target:
         kind: Deployment
         name: helm-controller
+    - patch: | # Reloader reloads Flux kustomize-controller to force re-envsubst with new values
+        - op: add
+          path: /metadata/annotations
+          value:
+            secret.reloader.stakater.com/reload: biohazard-vars,biohazard-secrets
+      target:
+        kind: Deployment
+        name: kustomize-controller
 
diff --git a/kube/deploy/apps/code-server/app/hr.yaml b/kube/deploy/apps/code-server/app/hr.yaml
index 0624de2e..3ca5af7f 100644
--- a/kube/deploy/apps/code-server/app/hr.yaml
+++ b/kube/deploy/apps/code-server/app/hr.yaml
@@ -19,6 +19,9 @@ spec:
       main:
         type: deployment
         replicas: 1
+        annotations: &anno
+          reloader.stakater.com/auto: "false"
+          secret.reloader.stakater.com/reload: "code-server-secrets"
         pod:
           labels:
             tailscale.com/expose: "true"
diff --git a/kube/deploy/apps/code-server/app/talos-serviceaccount.yaml b/kube/deploy/apps/code-server/app/talos-serviceaccount.yaml
new file mode 100644
index 00000000..4b39da55
--- /dev/null
+++ b/kube/deploy/apps/code-server/app/talos-serviceaccount.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: talos
+  namespace: code-server
+  annotations:
+    kustomize.toolkit.fluxcd.io/ssa: Merge
+    reloader.stakater.com/match: "false"