aaron/k8s-deployments
1
0
Fork 0
Code Issues 2 Pull requests 2 Activity

change secrets to bamboozle helm

Browse source
This commit is contained in:
Aaron Riedel 2024-11-06 21:53:57 +01:00
parent ebc3577cc2
commit 7a6ddda1f3
Signed by: aaron
GPG key ID: 643004654D40D577
2 changed files with 8 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
openproject/secret.yaml
View file

@ -6,9 +6,11 @@ metadata:
labels: labels:
app.kubernetes.io/name: openproject-secret app.kubernetes.io/name: openproject-secret
app.kubernetes.io/part-of: openproject app.kubernetes.io/part-of: openproject
data: stringData:
clientId: ENC[AES256_GCM,data:0wOW8ShKuySyE/4YB8Z85bjZrXNQNRD2667Ex8DnCLWPPSlTeC2lGTJqJU15C+lu/sH42tPMkwU=,iv:yTjzkoI6HP44qyivl3P4nm5AhehrFRTEyHl0Da6g1Yc=,tag:vacZEXyA6UMdABmwg302pg==,type:str] OPENPROJECT_OPENID__CONNECT_AUTHENTIK_IDENTIFIER: ENC[AES256_GCM,data:YRSk6WbIi03tMl5PE+jVeWUjiEsMogGSjcd71DWmdhrs9hx0gHz/6Q==,iv:9a5cATFe+sGFVvIcIq702XZpWbwCpkEgbHL04WC73RU=,tag:t/TAeA5lkVS4V5EWZjP96w==,type:str]
clientSecret: ENC[AES256_GCM,data:waV+v7EAFxxoPRum8LUqZytX9xIUqnUYcjca2kaw84z+8x+iAG91IGc22ZFzabrbVn/CMX9KTbcubuPc+d9hIYiKWnjbGZzNOHqiWwOynFgF3Mpv+qN6CxmOZf82v6A9o6tFi2/zNrxrByD6cH6C+1+VpT4qmKf7C5oARJGboV3lejUVmksEdK2t32m17js9b68ksraN74mtJzGztVv/O+fujSpG5/RdheZ5Uw==,iv:2TIM8rY6kTieUWLY6FIjYGyihK9N2PIJPWkOUEXiklg=,tag:bPWPFuwjHdDtsCxxS5Q2sA==,type:str] OPENPROJECT_OPENID__CONNECT_AUTHENTIK_SECRET: ENC[AES256_GCM,data:iP1vQTVCS9iB5qBvsT4HCpXg/7vEaqEvMBG8pkjapx7fwdzUvPnumqT/4kjT2A0G0B8hvbNbLXlBx3u3bznUjFCyQXizDmsP7y5IewtQD9x1Gjcc/3PyijUauXTIYt3DjjhJqStiDsc855LGbdBukowdQNZwTdHGYkEmZmlyNnw=,iv:msO6nSphjMFwnRZ+bzyPJDOMfAVMpYzf6bXq6m5OYJU=,tag:zxYWhn3zXHKdGNwyAoOq6g==,type:str]
OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: ENC[AES256_GCM,data:d4kh/eBE35VT5dE3oIAQiIIaC54=,iv:0/Tvwi5zWHetytYPWsSTEcVX8cc7MjwQQpgD2j/2blg=,tag:WTuGgku1aQYcChf1dTShBw==,type:str]
OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: ENC[AES256_GCM,data:MrOc+zr6qkv+55vjuCciijW1bnjKyjxr0mbbH/IajNjMvDIVqq7GDg==,iv:0+GBZuWA6t5Pp5gKeIczrFKdTYMznV2fTSuJxS/y6Do=,tag:zq9QtqFANlUFJL737Sa8jw==,type:str]
type: Opaque type: Opaque
sops: sops:
kms: [] kms: []
@ -34,50 +36,8 @@ sops:
cEk2ZEp3UzArK1NEL0E2Zkwzd1dnMW8KWWQ861ukoDUh7l1iFBnnrsInQWfeYgD9 cEk2ZEp3UzArK1NEL0E2Zkwzd1dnMW8KWWQ861ukoDUh7l1iFBnnrsInQWfeYgD9
d1y8yHr1kLZX66xg9erbaQbA+xtRRD+5sctypxJWPNkDO+rW+pfrAQ== d1y8yHr1kLZX66xg9erbaQbA+xtRRD+5sctypxJWPNkDO+rW+pfrAQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-06T20:12:29Z" lastmodified: "2024-11-06T20:53:34Z"
mac: ENC[AES256_GCM,data:K9EFJwzgr/GjUFEgTzvI6J5RJyT5k0emBOEFqbdM2yAjBX/xsyrTz3IV/fsBDzNvFKjpKBb4goqoh42Ezs23TGblYnzmGo1EJQGTWKNtp3VdaPihgzzUnL7yjYyula+GaMlTM3zL4XySLne1jjmfXVsPywTbktRTXb1hqSOy3tw=,iv:sMW4f1j+uEWRqROc/npnCw6qSzDfGR4fl8X2z5h85tM=,tag:ScoBCZH0ILu5C7hwhSXfeA==,type:str] mac: ENC[AES256_GCM,data:3LaUkQy4IViYIjKHOJ71pIcPipv3p44ENAd31270uGsZNmOAlGqPcylF7Dlc475UfKrHXAZaagGKF80VkTaE6xca+Uq9ihUg0U5ovLyVbxBXMEjmycCBJXaKry17kju3eQec5dinqEBQ7+uU39lSKdhGPPvbZDYxu3WeZBWzrSQ=,iv:VN+W6S8t9RW06DnSoo+AY630bo4PVF027qtanv2YRh8=,tag:urMNwqclobcL7bxCJY5NbA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.0
---
apiVersion: v1
kind: Secret
metadata:
name: openproject-objectstorage
namespace: openproject
labels:
app.kubernetes.io/name: openproject-objectstorage
app.kubernetes.io/part-of: openproject
data:
accessKeyId: ENC[AES256_GCM,data:DOrWAOQtyzQmTW7MLdVNvFfkGeQ4xufBY+B0eQ==,iv:goAohxqv7n5fWwzCuCQTSJt5brqmX58dn0w4eme093I=,tag:8RLbaVUx5LU9B6H4cEjcCA==,type:str]
secretAccessKey: ENC[AES256_GCM,data:plv3hYRwtmK3rnMa7xGobX/ZxFCgy4Ikb22uOG5EG907TZjsMVKKB05crMPXzB5qUy/pOf83AVo=,iv:QiFIhR6npXKBF7DkolGQBB4nm35MZcNjKodupclG3ks=,tag:BkHqAyIHEmhqfzXcEmA1Hw==,type:str]
type: Opaque
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14uxgmvw26e7f82gkvxl0zwnfc5l75rdn5sms4zj0xrtrnlgn4qlsqh3kkt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByT0xDY1ZMNUtydlZqNyt4
RGZhYTJCaTdoaUNDcUU3c2djUFFrb1NPWmdBClM4ZXZ6aUU0WU1NdmFLYWlHUVBy
VlU0VlZnRnQwenJPdGRSTFBac1ZlSTgKLS0tIGowNGZBZjgyMGxJbTZvOWRLS2Jr
ZTczeDVvYytjK0dzUDY0QXdaUlVyN3cKM+tC9agxFrnjpfPXoNXxCinTNXJ2gHyO
xmkLs958EAJZ8LuFfne01Sak/7ojRny+PzKb9TudIggCUoxAW8S0+w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxU2dyTnc3eCtSNFVBeFQ3
bTFndGdUYXVTdnpnRTJVQjI3Z0RRZ0FkQzJ3CjZ6ZHBpU2w1MDRFUzJQL1FKS1Ex
N011MUcyY0hlV0lYREo3Tmhhc1NXZG8KLS0tIGZpa3IyU244OXRGZ1hQdVlJbzZr
cEk2ZEp3UzArK1NEL0E2Zkwzd1dnMW8KWWQ861ukoDUh7l1iFBnnrsInQWfeYgD9
d1y8yHr1kLZX66xg9erbaQbA+xtRRD+5sctypxJWPNkDO+rW+pfrAQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-06T20:12:29Z"
mac: ENC[AES256_GCM,data:K9EFJwzgr/GjUFEgTzvI6J5RJyT5k0emBOEFqbdM2yAjBX/xsyrTz3IV/fsBDzNvFKjpKBb4goqoh42Ezs23TGblYnzmGo1EJQGTWKNtp3VdaPihgzzUnL7yjYyula+GaMlTM3zL4XySLne1jjmfXVsPywTbktRTXb1hqSOy3tw=,iv:sMW4f1j+uEWRqROc/npnCw6qSzDfGR4fl8X2z5h85tM=,tag:ScoBCZH0ILu5C7hwhSXfeA==,type:str]
pgp: [] pgp: []
encrypted_regex: ^(data|stringData)$ encrypted_regex: ^(data|stringData)$
version: 3.9.0 version: 3.9.0

5
openproject/values.yaml
View file

@ -19,12 +19,12 @@ workers:
default: default:
replicas: 2 replicas: 2
openproject: openproject:
extraEnvVarsSecret: openproject-secret
oidc: oidc:
enabled: true enabled: true
provider: authentik provider: authentik
displayName: aaronID displayName: aaronID
host: auth.ar21.de host: auth.ar21.de
existingSecret: openproject-secret
identifier: null identifier: null
secret: null secret: null
userinfoEndpoint: /application/o/userinfo/ userinfoEndpoint: /application/o/userinfo/
@ -32,9 +32,6 @@ openproject:
authorizationEndpoint: /application/o/authorize/ authorizationEndpoint: /application/o/authorize/
endSessionEndpoint: /application/o/openproject/end-session/ endSessionEndpoint: /application/o/openproject/end-session/
scope: "[openid email profile]" scope: "[openid email profile]"
secretKeys:
identifier: "clientId"
secret: "clientSecret"
persistence: persistence:
enabled: false enabled: false
s3: s3: