rohow
45 行
1.8 KiB
YAML
45 行
1.8 KiB
YAML
# 给CNPG和Valkey自动生成的secrets添加Reflector注解
|
|
# 通过SSA force合并注解到已有secrets 使其自动复制到消费方命名空间
|
|
#
|
|
# cnpg17-cluster-hk-app → apps (halo), infra-net (crowdsec)
|
|
# cnpg17-cluster-sh-app → infra-gitops (gitea), infra-monitor (grafana)
|
|
# valkey-cluster-sh → infra-gitops (gitea)
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: cnpg17-cluster-hk-app
|
|
namespace: infra-data
|
|
annotations:
|
|
kustomize.toolkit.fluxcd.io/prune: disabled
|
|
kustomize.toolkit.fluxcd.io/ssa: Merge
|
|
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
|
|
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "apps,infra-net"
|
|
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
|
|
reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "apps,infra-net"
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: cnpg17-cluster-sh-app
|
|
namespace: infra-data
|
|
annotations:
|
|
kustomize.toolkit.fluxcd.io/prune: disabled
|
|
kustomize.toolkit.fluxcd.io/ssa: Merge
|
|
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
|
|
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "infra-gitops,infra-monitor"
|
|
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
|
|
reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "infra-gitops,infra-monitor"
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: valkey-cluster-sh
|
|
namespace: infra-data
|
|
annotations:
|
|
kustomize.toolkit.fluxcd.io/prune: disabled
|
|
kustomize.toolkit.fluxcd.io/ssa: Merge
|
|
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
|
|
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "infra-gitops"
|
|
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
|
|
reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "infra-gitops"
|