From 214ec8d71cd470edba6cdd4bf42dc46e03dc5254 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@tobru.ch>
Date: Mon, 16 Mar 2020 21:42:10 +0100
Subject: [PATCH] configure secret and redirect to tls

---
 graphs/grafana-config.yaml |  4 ++++
 graphs/grafana.yaml        | 24 +++---------------------
 graphs/secret.yaml         | 17 +++++++++++++++++
 3 files changed, 24 insertions(+), 21 deletions(-)
 create mode 100644 graphs/secret.yaml

diff --git a/graphs/grafana-config.yaml b/graphs/grafana-config.yaml
index ae9ba3a..8f9a2e6 100644
--- a/graphs/grafana-config.yaml
+++ b/graphs/grafana-config.yaml
@@ -8,6 +8,7 @@ ingress:
     secretName: graphs-tbrnt-ch-cert
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
+    ingress.kubernetes.io/ssl-redirect: "true"
 
 persistence:
   enabled: true
@@ -16,3 +17,6 @@ persistence:
 
 rbac:
   namespaced: true
+
+admin:
+  existingSecret: admin-creds
diff --git a/graphs/grafana.yaml b/graphs/grafana.yaml
index 4d41de9..1dbcec8 100644
--- a/graphs/grafana.yaml
+++ b/graphs/grafana.yaml
@@ -112,24 +112,6 @@ metadata:
   name: graphs-grafana-test
   namespace: graphs
 ---
-# Source: grafana/templates/secret.yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: graphs-grafana
-  namespace: graphs
-  labels:
-    helm.sh/chart: grafana-5.0.7
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: graphs
-    app.kubernetes.io/version: "6.6.2"
-    app.kubernetes.io/managed-by: Helm
-type: Opaque
-data:
-  admin-user: "YWRtaW4="
-  admin-password: "aHJYRjhyYWlERnU4dXZXSEV1MG1wU3pNNDlvS0ZEWXZ1WHl3dTRiYw=="
-  ldap-toml: ""
----
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
@@ -334,7 +316,6 @@ spec:
         checksum/config: 378f8b0535bbb95fa6bc2a67c0998ab74f1a81e500ded52735991a4544090318
         checksum/dashboards-json-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
         checksum/sc-dashboard-provider-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
-        checksum/secret: 192d9b188535705296445a5c4c2fe86de6e0b4058777e7cdb2709917f9bf7c55
     spec:
       
       serviceAccountName: graphs-grafana
@@ -374,12 +355,12 @@ spec:
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
-                  name: graphs-grafana
+                  name: admin-creds
                   key: admin-user
             - name: GF_SECURITY_ADMIN_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: graphs-grafana
+                  name: admin-creds
                   key: admin-password
           livenessProbe:
             failureThreshold: 10
@@ -416,6 +397,7 @@ metadata:
     app.kubernetes.io/managed-by: Helm
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
+    ingress.kubernetes.io/ssl-redirect: "true"
 spec:
   tls:
     - hosts:
diff --git a/graphs/secret.yaml b/graphs/secret.yaml
new file mode 100644
index 0000000..6099fe1
--- /dev/null
+++ b/graphs/secret.yaml
@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: admin-creds
+  namespace: graphs
+spec:
+  encryptedData:
+    admin-password: AgAPA7EIbyulIECYXUYJb+pjXoSwbxAr0IHRHTmxpsjhXbvP4arcjLsvoevzgXg2uBFGGkKfbi46opGMV5CqQqB9BeQhHTmhXuhzAEdrOBTCXXGYx7kjp4q3Z6UWeSATp2v1HDBM6MZS8qowpG4vRi/wOp06bcMJLz7UHIII0XwQrQfg/AOFYiGpuQnVgDkuEACXnjoJmfdms0nZ2QVXXFWrWyakwLDLm781aoEZPKfLAgBMaSl6mFt76NypxAlUA+z1aiaqmUXDUQ51xvLc2PC38H4b47lE4/uI/Xxr+8WPxiCXk6L3YQ1VYuiVwAOc0vDfwqyg+PvoGBwacBq77SNgyqsIOfbyeZodtBiNT5ysK/BP2HsDj/D2Qpd38JgoEghtbK3PcKB5VtNorzns6bumOIx7pjCntDfJ5IY7sv4Pw4Kxwjl19fjrC7tm7XQsbp4OEQd0VE8XAt0Ale3veM4L3fBNQFOMxa/Jj1fMVyMBJYuV+Fzv+fOLMuXeKYeyuA72r6gJfzfd15V4mOrwAmZtJeEv8Cb3PQp8YbIiPYdLX5sVVWI4sbSz/MAxhEMFF2S/zsc2PlNeubKYhL7C6crcNXXPIEptAIcQs8dx4x/AILksJ1f+BmZ4LGhM201O1o2hCTiaH0EBzSjyUw/sb6xMVQvr4Rd5i7YqivlGax8D+YKzHmEY73QW+RQ8eAtcy+aAMq1azkWZn3VhlnGdVjU+7GduEmoXYqOVMvLhpFXlng==
+    admin-user: AgBdnz9JmsUMEQ16zJbdVpgXJEPCZId8g/GRLEC8TCa9SIywyvXxFmivQoL6cwQpJouYkHFlg+xjhJ22r31U1wb9lb2bd2bNDWbDANNRoB8bl7mi9FmGIN8FPj7PMf1HTes9rwXGSxrUx5fmgjSJVc4diuZCwKrBM6IqmaTomRTAtJok5qiy6vTP6+3p03uBoizl95xg2oytoUq3r/NJiUCSLAqKxQhR1Kqhi2ttQ3lL5VBEIRAmCScAQFI+FG3dStysjPZQza/BGHAJOP7tLBYgPyOsTiocWY580IGk/ETxnrtfFvaiERPkV6vwdI+hShfdmZJEM/1DeqbD5jOCB5s7v3bG9cL9ERkceD/HR4t/h8fZTEr7ya971Rr+7rJpoIr8g7JfJYFdQH177J1dGiK/REHZANpGDfmrw8F3T91eD9wgJF4FfrG4Aj8nGVqqekAxmlDQ1kf+pNec+c3dVj58dgyKAzifNldNowXZvA3WVw7nQ9RUI+MjluqcdB1Qhr5IGFewHd8Bjr4G1EF2Gbj7cZFudY919nmXYNNSA2cb90Flwfk4apjyxHvP/Tfy0kwdx1uK3Z3vkh5aKGAH9VKE7V4A/sB4ttkmFqlr/HfR1zSghBjRtuzbZxo0NpRCrfKh6MzT/kzijBC2GJu3ICSj7Lp3gM2pXjkbo1hnbz2BoMuxrPfM6Po9KRJmEOergv8VCxUwAA==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: admin-creds
+      namespace: graphs
+status: {}
+