From ca1cdd0634717cc80c0a25bd1be13ad6ba0d7b7d Mon Sep 17 00:00:00 2001 From: Ryan Blundon Date: Sun, 17 May 2026 21:10:10 -0500 Subject: [PATCH] fix(argocd): restore SSH repo credentials for Gitea --- cluster/platform/argocd/repository-secret.yaml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/cluster/platform/argocd/repository-secret.yaml b/cluster/platform/argocd/repository-secret.yaml index 71f350d..0c3acee 100644 --- a/cluster/platform/argocd/repository-secret.yaml +++ b/cluster/platform/argocd/repository-secret.yaml @@ -1,13 +1,15 @@ # ------------------------------------------------------------------------------ -# Repository Credential Secret — Gitea homelab repo (SSH) +# Repository Credential Secret — Gitea homelab repo # # ArgoCD discovers repository credentials via secrets with the label # argocd.argoproj.io/secret-type: repository # -# The SSH private key is injected by ESO from 1Password. -# In 1Password (mk-labs vault): -# Item: "gitea-argocd-ssh" -# Field: private-key → full contents of the ed25519 private key PEM block +# The actual token value is injected by the ExternalSecret (externalsecret.yaml) +# which merges into argocd-secret. This secret references that value. +# +# NOTE: The token field here uses a placeholder. The ExternalSecret populates +# argocd-secret with gitea.token, and ArgoCD resolves it via the +# stringData reference below. # ------------------------------------------------------------------------------ apiVersion: v1 kind: Secret @@ -21,6 +23,5 @@ stringData: url: git@gitea.mk-labs.cloud:rblundon/homelab.git sshPrivateKey: | -----BEGIN OPENSSH PRIVATE KEY----- - # This value is overwritten by ESO — placeholder only - # See externalsecret.yaml - -----END OPENSSH PRIVATE KEY----- \ No newline at end of file + # populated by ESO + -----END OPENSSH PRIVATE KEY-----