feat: La Suite email/messages, buildkitd, monitoring, vault and storage updates

- Add Messages (email) service: backend, frontend, MTA in/out, MPA, SOCKS proxy, worker, DKIM config, and theme customization - Add Collabora deployment for document collaboration - Add Drive frontend nginx config and values - Add buildkitd namespace for in-cluster container builds - Add SeaweedFS remote sync and additional S3 buckets - Update vault secrets across namespaces (devtools, lasuite, media, monitoring, ory, storage) with expanded credential management - Update monitoring: rename grafana→metrics OAuth2Client, add Prometheus remote write and additional scrape configs - Update local/production overlays with resource patches - Remove stale login-ui resource patch from production overlay
2026-03-10 19:00:57 +00:00
parent e5741c4df6
commit ccfe8b877a
50 changed files with 1885 additions and 236 deletions
--- a/base/storage/vault-secrets.yaml
+++ b/base/storage/vault-secrets.yaml
@@ -11,6 +11,31 @@ spec:
    role: vso
    serviceAccount: default
 ---
+# Scaleway S3 credentials for SeaweedFS remote sync.
+# Same KV path as barman; synced separately so storage namespace has its own Secret.
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: scaleway-s3-creds
+  namespace: storage
+spec:
+  vaultAuthRef: vso-auth
+  mount: secret
+  type: kv-v2
+  path: scaleway-s3
+  refreshAfter: 30s
+  destination:
+    name: scaleway-s3-creds
+    create: true
+    overwrite: true
+    transformation:
+      excludeRaw: true
+      templates:
+        ACCESS_KEY_ID:
+          text: "{{ index .Secrets \"access-key-id\" }}"
+        SECRET_ACCESS_KEY:
+          text: "{{ index .Secrets \"secret-access-key\" }}"
+---
 apiVersion: secrets.hashicorp.com/v1beta1
 kind: VaultStaticSecret
 metadata:
@@ -22,6 +47,9 @@ spec:
  type: kv-v2
  path: seaweedfs
  refreshAfter: 30s
+  rolloutRestartTargets:
+    - kind: Deployment
+      name: seaweedfs-filer
  destination:
    name: seaweedfs-s3-credentials
    create: true
@@ -45,6 +73,9 @@ spec:
  type: kv-v2
  path: seaweedfs
  refreshAfter: 30s
+  rolloutRestartTargets:
+    - kind: Deployment
+      name: seaweedfs-filer
  destination:
    name: seaweedfs-s3-json
    create: true