argo: add argo sops key & kustomization file
This commit is contained in:
parent
f87f57fc94
commit
dd686f7283
5 changed files with 66 additions and 2 deletions
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -1,4 +1,4 @@
|
||||||
**/secret.yaml
|
|
||||||
**/temp.yaml
|
**/temp.yaml
|
||||||
**/credentials
|
**/credentials
|
||||||
**/.DS_Store
|
**/.DS_Store
|
||||||
|
*.agekey
|
||||||
|
|
11
.sops.yaml
Normal file
11
.sops.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
keys:
|
||||||
|
- &argo age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
|
||||||
|
- &tom age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: .*
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *argo
|
||||||
|
- *tom
|
6
argo/kustomization.yaml
Normal file
6
argo/kustomization.yaml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
generators:
|
||||||
|
- ./secret-generator.yaml
|
||||||
|
resources:
|
||||||
|
- ./cm.yaml
|
10
argo/secret-generator.yaml
Normal file
10
argo/secret-generator.yaml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: secret-generator
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |
|
||||||
|
exec:
|
||||||
|
path: ksops
|
||||||
|
files:
|
||||||
|
- ./sops-secret.yaml
|
37
argo/sops-secret.yaml
Normal file
37
argo/sops-secret.yaml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: sops-age
|
||||||
|
namespace: argocd
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
keys.txt: ENC[AES256_GCM,data:EQvfQQy6rco2iqbVLn/3jxsNTcU1tbfCkkAP9D3ggD/MJcIaQ3ZdxonbnnYUS34mmhEwba9R3vn80EQCj0M5jU5ucMeU+E25HbQAJFPBI2pvXuRQy8nMVtRwgrJZdaFKBUzGjtNrSj04y1y6QdIsIMqkn8byi5RthJ86IYo4if4WNPJp1EyiM/3+PTn/fLT/QtzU83LUz8D/hPTtUYJCxyeHEYBuC/niHfT1NgqsBRspI13bPUmxBjmtew1docQL61QSRdflopD7vxb9b6elQ/Zj4vs/TK0ILT5do1KkRGnZT8hRTnqnArcLdTr8xR5gVlIFFInncvzdLPsN,iv:JvuOYExMwMBlgM/W83ttlnvUPkuFPVvkBNwzumBxpLU=,tag:AXJOv4ZO0znONF9VG+5j3g==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeitkMzBjTGxSM09RTnFB
|
||||||
|
N0UxRytKMmszMHhKVFY3b0pNcHIwWHcwbUNjClY4cHMvemhzRkNXRVhtcVRtN1c4
|
||||||
|
OGtaWFkwTWYwNHNTL3lMVmlYOGREYTAKLS0tIEZxNm1IMmFxdzB2dUhvdlNsUUxl
|
||||||
|
UHdKaW8ydkpoLzQ0dEVyc0plaVhCTlUK6PF6CVvLDDTIozhRYHZxgcNeeKQPJAPr
|
||||||
|
Ay/35PSwzZ4RVJyAKqyhkkQSXkwLsytV1AC527NEZbmBniGgioyFHA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZ1BmeUNLT1RQR3cybzQx
|
||||||
|
aTRJVXkzQTFmNVowTmpVckJHdmRWTlVtSEV3Cm1oakp0c0NoRnF5c3pIb01ja2g3
|
||||||
|
UE1hUXV2bmNqeFlPM2tsY0J0UndYVTgKLS0tIDRBaGVBK0xlSFVFVVdXZjQ1RXhQ
|
||||||
|
UUo1Q0lXVjNGWllzYnlJS29qZHdZZGsK8Z1JWhY9HSY5xm6gZaT3TB2eqMysNxgL
|
||||||
|
MDk4gaQq8qbrMF/jN40ljt1ZgtAlY2gQKFyqygUNiwgHxN8iC2upng==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-09-30T17:09:05Z"
|
||||||
|
mac: ENC[AES256_GCM,data:Qvm2+3NQy9oywWveAhJdvnmg9tQzdCwjQSczYAS2j5Y0nPw3VeCT27Efm0A591fsvUhjukcDnX2ogEkKtPPJgq5VAJtGLXh2akAdjFxYxm8UPkgw8e6ev/R4kQQdTQ0if8qeeIO3CHEvAKhmrGimbg4DDHgPvyGoiHtTbBBFFr0=,iv:EDmPxMOXpHdyTmGbHFYAholnzi+WLc+GBXmu0k3GAuE=,tag:ThMbGppwFUocX7g2bsWI7w==,type:str]
|
||||||
|
pgp: []
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.9.0
|
Loading…
Reference in a new issue