From bdeece83f754b25801d41b95081a0743e4ac5a88 Mon Sep 17 00:00:00 2001
From: Jorge Morales Pou <jorgemoralespou@gmail.com>
Date: Thu, 5 Oct 2023 17:30:25 +0200
Subject: [PATCH] Removing environment config variable

---
 .../publish-sample-manifest-images.yaml       |  2 +-
 README.md                                     |  6 +--
 .../src/bundle/config/values-schema.yaml      |  2 -
 resources/crd.yaml                            | 10 +---
 test/gitops-app/versions.yaml                 |  1 -
 vault.yaml                                    | 48 +++++++++++++++++++
 6 files changed, 53 insertions(+), 16 deletions(-)
 create mode 100644 vault.yaml

diff --git a/.github/workflows/publish-sample-manifest-images.yaml b/.github/workflows/publish-sample-manifest-images.yaml
index a46e36c..357f09b 100644
--- a/.github/workflows/publish-sample-manifest-images.yaml
+++ b/.github/workflows/publish-sample-manifest-images.yaml
@@ -50,7 +50,7 @@ jobs:
                  --file ./test/portal-app/workshops/${{ matrix.bundle }} \
                  --image ghcr.io/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:${REPOSITORY_TAG}
         env:
-          REPOSITORY_TAG: ${{ steps.version.outputs.version}}
+          REPOSITORY_TAG: ${{ steps.version.outputs.version }}
 
       - name: Install crane
         uses: imjasonh/setup-crane@v0.1
diff --git a/README.md b/README.md
index ebcf8ff..5815d2a 100644
--- a/README.md
+++ b/README.md
@@ -189,15 +189,13 @@ It will remove the carvel application and dependent config and security config.
 This will produce a list of Carvel Apps with the required k8s credentials and configuration for courses, workshops, ....
 
 ```
-ytt -v environment=test \
-    -v mode=app_per_bundle \
+ytt -v mode=app_per_bundle \
     --data-values-file test/gitops-app/versions.yaml \
     -f overlays/gitops-app/src/bundle/config
 ```
 
 ```
-ytt -v environment=test \
-    -v mode=one_app \
+ytt -v mode=one_app \
     --data-values-file test/gitops-app/versions.yaml \
     -f overlays/gitops-app/src/bundle/config
 ```
diff --git a/overlays/gitops-app/src/bundle/config/values-schema.yaml b/overlays/gitops-app/src/bundle/config/values-schema.yaml
index eefa172..579b7c1 100644
--- a/overlays/gitops-app/src/bundle/config/values-schema.yaml
+++ b/overlays/gitops-app/src/bundle/config/values-schema.yaml
@@ -3,8 +3,6 @@
 #@schema/validation one_of=["app_per_bundle", "one_app"]
 mode: "app_per_bundle"
 #@schema/validation min_len=1
-environment: ""
-#@schema/validation min_len=1
 syncPeriod: "0h10m0s"
 overlays:
   #@schema/validation min_len=1
diff --git a/resources/crd.yaml b/resources/crd.yaml
index 1fd5822..c1d89aa 100644
--- a/resources/crd.yaml
+++ b/resources/crd.yaml
@@ -4,8 +4,6 @@ kind: App
 metadata:
   name: workshops-gitops
   namespace: package-installs
-  annotations:
-    educates_gitops_environment: "sample-environment"
 spec:
   serviceAccountName: workshops-gitops-package-installs
   syncPeriod: "0h2m0s"
@@ -18,18 +16,14 @@ spec:
         url: https://github.com/educates/educates-workshop-gitops-configurer
         ref: origin/main
         subPath: "config/sample-environment"
-      path: environments
+      path: environment
   template:
     - ytt:
         ignoreUnknownComments: true
         paths:
           - config
         valuesFrom:
-          - path: environments/versions.yaml
-          - downwardAPI:
-              items:
-                - name: environment
-                  fieldPath: metadata.annotations['educates_gitops_environment']
+          - path: environment/versions.yaml
   deploy:
     - kapp:
         rawOptions: ["--app-changes-max-to-keep=5", "--wait-timeout=5m"]
diff --git a/test/gitops-app/versions.yaml b/test/gitops-app/versions.yaml
index 08ea580..deeecec 100644
--- a/test/gitops-app/versions.yaml
+++ b/test/gitops-app/versions.yaml
@@ -9,7 +9,6 @@ overlays:
 config:
   url: https://github.com/educates/educates-workshop-gitops-configurer
   ref: origin/test-branch
-  subPath: environment
   credentials:
     # username: "jorgemoralespou"
     # password: "xxyyzzxxyyzzxxyyzzxxyyzz"
diff --git a/vault.yaml b/vault.yaml
new file mode 100644
index 0000000..8b9f594
--- /dev/null
+++ b/vault.yaml
@@ -0,0 +1,48 @@
+# Examples from: https://external-secrets.io/latest/provider/hashicorp-vault/
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-token
+stringData:
+  token: hvs.CAESIEgpCku8AQFMhtjg1T1U0jZfZB7RF1TzYeu6bJOx7DhyGh4KHGh2cy5NT0RJVW5BNmhoYXVSNVNRaGNBazFudks
+---
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: vault-backend
+spec:
+  provider:
+    vault:
+      server: "https://vault.console.cerberus.vmware.com/3cc42480-60bc-49a0-9f2f-2f77c049a6cb"
+      path: "secret"
+      # Version is the Vault KV secret engine version.
+      # This can be either "v1" or "v2", defaults to "v2"
+      version: "v2"
+      auth:
+        # points to a secret that contains a vault token
+        # https://www.vaultproject.io/docs/auth/token
+        tokenSecretRef:
+          name: "vault-token"
+          key: "token"
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: vault-example
+spec:
+  refreshInterval: "15s"
+  secretStoreRef:
+    name: vault-backend
+    kind: SecretStore
+  target:
+    name: example-sync
+  data:
+    - secretKey: access-key-id
+      remoteRef:
+        key: /aws
+        property: access-key-id
+    - secretKey: service-account-user
+      remoteRef:
+        key: /aws
+        property: service-account-user