github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-01-27 10:18:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

[platform] Add secret selectors to CozyRDs

Browse Source 
This patch populates existing CozystackResourceDefinitions with minimal
working examples of secret selectors to take advantage of the newest
revision of the ancestor tracking webhook.

```release-note
[platform] Specify secret selectors for existing managed apps in their
respective CozystackResourceDefinitions, which provides the last bit of
information necessary for the lineage webhook to correctly mark secrets
as user-facing or not.
```

Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
This commit is contained in:
Timofei Larkin
2025-09-24 11:50:52 +03:00
parent 562145e69b
commit 4620f7dfa1
2 changed files with 119 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/apps/postgres/templates/db.yaml
View File

@@ -78,7 +78,7 @@ spec:
labels:
policy.cozystack.io/allow-to-apiserver: "true"
app.kubernetes.io/name: postgres.apps.cozystack.io
app.kubernets.io/instance: {{ $.Release.Name }}
app.kubernetes.io/instance: {{ $.Release.Name }}
---
apiVersion: cozystack.io/v1alpha1
kind: WorkloadMonitor
@@ -91,5 +91,5 @@ spec:
type: postgres
selector:
app.kubernetes.io/name: postgres.apps.cozystack.io
app.kubernets.io/instance: {{ $.Release.Name }}
app.kubernetes.io/instance: {{ $.Release.Name }}
version: {{ $.Chart.Version }}

117
packages/system/cozystack-api/templates/cozystack-resource-definitions.yaml
View File

@@ -19,6 +19,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -41,6 +46,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -63,6 +73,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -85,6 +100,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -107,6 +127,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -129,6 +154,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -151,6 +181,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -173,6 +208,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -195,6 +235,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -217,6 +262,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -239,6 +289,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -261,6 +316,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -283,6 +343,13 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
- matchLabels:
cnpg.io/userType: superuser
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -305,6 +372,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -327,6 +399,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -349,6 +426,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -371,6 +453,11 @@ spec:
kind: HelmRepository
name: cozystack-apps
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -393,6 +480,11 @@ spec:
kind: HelmRepository
name: cozystack-extra
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -415,6 +507,11 @@ spec:
kind: HelmRepository
name: cozystack-extra
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -437,6 +534,11 @@ spec:
kind: HelmRepository
name: cozystack-extra
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -459,6 +561,11 @@ spec:
kind: HelmRepository
name: cozystack-extra
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -481,6 +588,11 @@ spec:
kind: HelmRepository
name: cozystack-extra
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]
---
apiVersion: cozystack.io/v1alpha1
kind: CozystackResourceDefinition
@@ -503,3 +615,8 @@ spec:
kind: HelmRepository
name: cozystack-extra
namespace: cozy-public
secrets:
exclude:
- matchLabels:
apps.cozystack.io/tenantresource: "false"
include: [{}]