Merge branch 'onedr0p:main' into main

gdoteof · Jun 10, 2023 · 74b9813 · 74b9813
2 parents 30ac2c0 + 859b8c2
commit 74b9813
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -135,6 +135,8 @@ In order to expose services to the internet you will need to create a [Cloudflar
    task configure
    ```
 
+⚠️ This will print out the clear-text passwords for Grafana and Weave Gitops if you had them set to `generated` in your `.config.env`. Take note of these, you'll need them to log into the applications.
+
 ### ⚡ Preparing Ubuntu Server with Ansible
 
 1. Ensure you are able to SSH into your nodes from your workstation using a private SSH key **without a passphrase**. This is how Ansible is able to connect to your remote nodes.

diff --git a/kubernetes/apps/default/hajimari/app/helmrelease.yaml b/kubernetes/apps/default/hajimari/app/helmrelease.yaml
@@ -46,8 +46,6 @@ spec:
         enabled: true
         ingressClassName: nginx
         annotations:
-          nginx.ingress.kubernetes.io/whitelist-source-range: |
-            10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
           hajimari.io/enable: "false"
         hosts:
           - host: &host "hajimari.${SECRET_DOMAIN}"

diff --git a/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml
@@ -28,13 +28,12 @@ spec:
   values:
     adminUser:
       create: true
+      createSecret: false
       username: admin
     ingress:
       enabled: true
       className: nginx
       annotations:
-        nginx.ingress.kubernetes.io/whitelist-source-range: |
-          10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
         hajimari.io/icon: sawtooth-wave
       hosts:
         - host: &host "gitops.${SECRET_DOMAIN}"
@@ -52,9 +51,4 @@ spec:
       create: true
       impersonationResourceNames: ["admin"]
     podAnnotations:
-      secret.reloader.stakater.com/reload: weave-gitops-secret
-  valuesFrom:
-    - kind: Secret
-      name: weave-gitops-secret
-      valuesKey: adminPassword
-      targetPath: adminUser.passwordHash
+      secret.reloader.stakater.com/reload: cluster-user-auth
diff --git a/tmpl/kubernetes/weave-gitops-secret.sops.yaml b/tmpl/kubernetes/weave-gitops-secret.sops.yaml
@@ -1,8 +1,10 @@
+---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: weave-gitops-secret
+  name: cluster-user-auth
   namespace: flux-system
 type: Opaque
 stringData:
-  adminPassword: "${BOOTSTRAP_WEAVE_GITOPS_ADMIN_PASSWORD}"
+  username: admin
+  password: "${BOOTSTRAP_WEAVE_GITOPS_ADMIN_PASSWORD}"