add crossplane secrets to vault and create ns

konstructio · Mar 11, 2024 · 7f7ab85 · 7f7ab85
1 parent 47e55e5
commit 7f7ab85
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 0 deletions.
diff --git a/extensions/k3s/secrets.go b/extensions/k3s/secrets.go
@@ -92,6 +92,13 @@ func BootstrapK3sMgmtCluster(clientset *kubernetes.Clientset, cl *pkgtypes.Clust
 				"origin-ca-api-key": []byte(cl.CloudflareAuth.OriginCaIssuerKey),
 			},
 		},
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "crossplane-secrets", Namespace: "crossplane-system"},
+			Data: map[string][]byte{
+				"username": []byte(cl.GitAuth.User),
+				"password": []byte(cl.GitAuth.Token),
+			},
+		},
 	}
 	for _, secret := range createSecrets {
 		_, err := clientset.CoreV1().Secrets(secret.ObjectMeta.Namespace).Get(context.TODO(), secret.ObjectMeta.Name, metav1.GetOptions{})

diff --git a/internal/controller/vault.go b/internal/controller/vault.go
@@ -353,6 +353,11 @@ func (clctrl *ClusterController) WriteVaultSecrets() error {
 		"origin-ca-api-key": cl.CloudflareAuth.OriginCaIssuerKey,
 	})
 
+	_, err = vaultClient.KVv2("secret").Put(context.Background(), "crossplane", map[string]interface{}{
+		"username": cl.GitAuth.User,
+		"password": cl.GitAuth.Token,
+	})
+
 	if cl.CloudProvider == "google" {
 		log.Info("writing google specific secrets to vault secret store")
 		homeDir, err := os.UserHomeDir()

diff --git a/pkg/providerConfigs/bootstrapSecrets.go b/pkg/providerConfigs/bootstrapSecrets.go
@@ -153,6 +153,7 @@ func K8sNamespaces(clientset *kubernetes.Clientset) error {
 		"atlantis",
 		"chartmuseum",
 		"cert-manager",
+		"crossplane-system",
 		"kubefirst",
 		"external-dns",
 		"external-secrets-operator",