From dd686f728314559f3e40065acf662d713ecd63c1 Mon Sep 17 00:00:00 2001 From: Tom Neuber Date: Mon, 30 Sep 2024 19:10:44 +0200 Subject: [PATCH] argo: add argo sops key & kustomization file --- .gitignore | 4 ++-- .sops.yaml | 11 +++++++++++ argo/kustomization.yaml | 6 ++++++ argo/secret-generator.yaml | 10 ++++++++++ argo/sops-secret.yaml | 37 +++++++++++++++++++++++++++++++++++++ 5 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 .sops.yaml create mode 100644 argo/kustomization.yaml create mode 100644 argo/secret-generator.yaml create mode 100644 argo/sops-secret.yaml diff --git a/.gitignore b/.gitignore index 83bc8e9..e152f54 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -**/secret.yaml **/temp.yaml **/credentials -**/.DS_Store \ No newline at end of file +**/.DS_Store +*.agekey diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..2f5281c --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,11 @@ +--- +keys: + - &argo age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz + - &tom age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn +creation_rules: + - path_regex: .* + encrypted_regex: ^(data|stringData)$ + key_groups: + - age: + - *argo + - *tom diff --git a/argo/kustomization.yaml b/argo/kustomization.yaml new file mode 100644 index 0000000..dd98dfe --- /dev/null +++ b/argo/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +generators: + - ./secret-generator.yaml +resources: + - ./cm.yaml diff --git a/argo/secret-generator.yaml b/argo/secret-generator.yaml new file mode 100644 index 0000000..271743c --- /dev/null +++ b/argo/secret-generator.yaml @@ -0,0 +1,10 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./sops-secret.yaml diff --git a/argo/sops-secret.yaml b/argo/sops-secret.yaml new file mode 100644 index 0000000..821e183 --- /dev/null +++ b/argo/sops-secret.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Secret +metadata: + name: sops-age + namespace: argocd +type: Opaque +data: + keys.txt: ENC[AES256_GCM,data:EQvfQQy6rco2iqbVLn/3jxsNTcU1tbfCkkAP9D3ggD/MJcIaQ3ZdxonbnnYUS34mmhEwba9R3vn80EQCj0M5jU5ucMeU+E25HbQAJFPBI2pvXuRQy8nMVtRwgrJZdaFKBUzGjtNrSj04y1y6QdIsIMqkn8byi5RthJ86IYo4if4WNPJp1EyiM/3+PTn/fLT/QtzU83LUz8D/hPTtUYJCxyeHEYBuC/niHfT1NgqsBRspI13bPUmxBjmtew1docQL61QSRdflopD7vxb9b6elQ/Zj4vs/TK0ILT5do1KkRGnZT8hRTnqnArcLdTr8xR5gVlIFFInncvzdLPsN,iv:JvuOYExMwMBlgM/W83ttlnvUPkuFPVvkBNwzumBxpLU=,tag:AXJOv4ZO0znONF9VG+5j3g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeitkMzBjTGxSM09RTnFB + N0UxRytKMmszMHhKVFY3b0pNcHIwWHcwbUNjClY4cHMvemhzRkNXRVhtcVRtN1c4 + OGtaWFkwTWYwNHNTL3lMVmlYOGREYTAKLS0tIEZxNm1IMmFxdzB2dUhvdlNsUUxl + UHdKaW8ydkpoLzQ0dEVyc0plaVhCTlUK6PF6CVvLDDTIozhRYHZxgcNeeKQPJAPr + Ay/35PSwzZ4RVJyAKqyhkkQSXkwLsytV1AC527NEZbmBniGgioyFHA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZ1BmeUNLT1RQR3cybzQx + aTRJVXkzQTFmNVowTmpVckJHdmRWTlVtSEV3Cm1oakp0c0NoRnF5c3pIb01ja2g3 + UE1hUXV2bmNqeFlPM2tsY0J0UndYVTgKLS0tIDRBaGVBK0xlSFVFVVdXZjQ1RXhQ + UUo1Q0lXVjNGWllzYnlJS29qZHdZZGsK8Z1JWhY9HSY5xm6gZaT3TB2eqMysNxgL + MDk4gaQq8qbrMF/jN40ljt1ZgtAlY2gQKFyqygUNiwgHxN8iC2upng== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-30T17:09:05Z" + mac: ENC[AES256_GCM,data:Qvm2+3NQy9oywWveAhJdvnmg9tQzdCwjQSczYAS2j5Y0nPw3VeCT27Efm0A591fsvUhjukcDnX2ogEkKtPPJgq5VAJtGLXh2akAdjFxYxm8UPkgw8e6ev/R4kQQdTQ0if8qeeIO3CHEvAKhmrGimbg4DDHgPvyGoiHtTbBBFFr0=,iv:EDmPxMOXpHdyTmGbHFYAholnzi+WLc+GBXmu0k3GAuE=,tag:ThMbGppwFUocX7g2bsWI7w==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.0