From 7f3673c9ab516ba77c33fdc63db78dd926ad8938 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 30 Sep 2024 19:19:53 +0000 Subject: [PATCH 1/6] chore(deps): update helm release argo-cd to v7.6.7 --- app-files/core-deployments.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml index 52a988f..3cf98fb 100644 --- a/app-files/core-deployments.yaml +++ b/app-files/core-deployments.yaml @@ -39,7 +39,7 @@ spec: sources: - repoURL: https://argoproj.github.io/argo-helm chart: argo-cd - targetRevision: 7.6.6 + targetRevision: 7.6.7 helm: releaseName: argo valueFiles: From 262ae950ff55b924bee3abeb0a18d80e12a11904 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Mon, 30 Sep 2024 21:52:57 +0200 Subject: [PATCH 2/6] add secrets (what could go wrong lol) --- argo/secret-generator.yaml | 1 + argo/secret.yaml | 49 +++++++++++ authentik/kustomization.yaml | 4 + authentik/secret-generator.yaml | 10 +++ authentik/secret.yaml | 52 ++++++++++++ longhorn/kustomization.yaml | 4 + longhorn/secret-generator.yaml | 10 +++ longhorn/secret.yaml | 52 ++++++++++++ prometheus/kustomization.yaml | 4 + prometheus/secret-generator.yaml | 10 +++ prometheus/secret.yaml | 141 +++++++++++++++++++++++++++++++ 11 files changed, 337 insertions(+) create mode 100644 argo/secret.yaml create mode 100644 authentik/kustomization.yaml create mode 100644 authentik/secret-generator.yaml create mode 100644 authentik/secret.yaml create mode 100644 longhorn/kustomization.yaml create mode 100644 longhorn/secret-generator.yaml create mode 100644 longhorn/secret.yaml create mode 100644 prometheus/kustomization.yaml create mode 100644 prometheus/secret-generator.yaml create mode 100644 prometheus/secret.yaml diff --git a/argo/secret-generator.yaml b/argo/secret-generator.yaml index 271743c..32c8ea0 100644 --- a/argo/secret-generator.yaml +++ b/argo/secret-generator.yaml @@ -8,3 +8,4 @@ metadata: path: ksops files: - ./sops-secret.yaml + - ./secret.yaml diff --git a/argo/secret.yaml b/argo/secret.yaml new file mode 100644 index 0000000..40da13a --- /dev/null +++ b/argo/secret.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: Secret +metadata: + name: argocd-secret + namespace: argocd + labels: + app.kubernetes.io/name: argocd-secret + app.kubernetes.io/part-of: argocd +stringData: + oidc.aaronid.clientSecret: ENC[AES256_GCM,data:8mt58l7WMDkBGk3XvvqaW7adiR1NKT2VB9RIKACKZxg6tYxFhtR1ZNe2JGJakxm88TPex7VurlJk2W3dDqIcBQecLyhf8ZZeLmF1L/jNZ0HVWXXe4eoyROFcF5nLfxSd3YoopnR+oSGwh9m5qTIm/2OHizWEVSbXiOddWzyv/x8=,iv:7AuS1epDla+ZfyrRtREv58rMIC91lasJpIiygtcrfHM=,tag:Ry1Kf8/NIoLnTaEdoV3lFw==,type:str] +type: Opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZ3lsTzJEN1RzOG5mc0FH + YVQ4VEI0SVVVU3lkVzRESHpiZ1pzVkNaZVJ3CnVxVTdlNHBFS2x1djBXM3gvVk9u + OFRvd2lVL3VLbFBkNW8zT0xZOHBYZDgKLS0tIGVUTTZCT0kyVW1KL21oaHNDL20w + djllVzEycWt3Z1VVN3dXc0UrWXN4bk0K8ABES8VCLcaUy/xy3VRo7vK4Y6z5tGfe + CiRr/aHIHWUNUHVmjnk6BTnnoaKBht4WhJp4Pf2rWlBk0UdiDpO0Cw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNm9BUWQ4QklZN1c1YnRq + QTZ0VTZlcVplT3Eza3ExNTVNNm1FN1FwNzBzCnJrVWU0d09kVEhDSGlpVWlDWnVP + OFBtWFhZWmNGV0ovTUk1RXZBWTR3cm8KLS0tIGZrQzNUR0FGYXJ0UGhWNGt3MHc2 + ZEY0enBYVHpkajYyYXphVDdZQUhrMDQKwRbrYPGP+gAErE3CyuRZzKl4YJkMjKOE + bdT9uUDzBFc8TlJiwWz8A3zOsoPN/DdwzXwn/ebgxHYBhQSreMXwtg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWQjRmK2NuRDlPOXVaUWZC + TXI1cTVYRlduT3pIb014c2k5ekl6Zk9hUWt3Cm9HK0JYNzdkNlJFV3I5VVhCWS9i + MFNHdS9TUitYNjh0QUsraXdzVERoS28KLS0tIE96c2s5eHhYY0hrZWVQTkJSZHdN + d2NyRkFwK25JMSthcTd5VmFmeWtJNGcKETK32wqXD9PnVBVVl7Fhlez4/1qRRLN6 + X2hwPaOy5TqMo9HCZR9OY4V1oKQLM0SN8mvz3L685st+9vWBESoqpQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-30T19:48:35Z" + mac: ENC[AES256_GCM,data:0xRnrMvlPkoljRtns1HYir0zwYejwyu0q8uZ4IbrnVpFMc8jhGXkneCdMDM/2sCY7jzqiwR7mYDHVt+5XXI0eQgcGBLEXZcBoVxFp7QDmBdzmHtUONLxouvMpuX0nQ1Wb8GoBBsXIndJ9oM/bf9sp+nSUcMTBhp7A1fZ4fzrqQ0=,iv:Ly67j1x4MOGq8KrJf0lFRLMddnLjziqA/ZHzNVh2s7Q=,tag:aFCigJAqJ/BEHXNqiT+UYA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.0 diff --git a/authentik/kustomization.yaml b/authentik/kustomization.yaml new file mode 100644 index 0000000..073e908 --- /dev/null +++ b/authentik/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +generators: + - ./secret-generator.yaml diff --git a/authentik/secret-generator.yaml b/authentik/secret-generator.yaml new file mode 100644 index 0000000..486c4c1 --- /dev/null +++ b/authentik/secret-generator.yaml @@ -0,0 +1,10 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./secret.yaml diff --git a/authentik/secret.yaml b/authentik/secret.yaml new file mode 100644 index 0000000..a76c6a3 --- /dev/null +++ b/authentik/secret.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: yolokube-proxy + app.kubernetes.io/managed-by: goauthentik.io + app.kubernetes.io/name: authentik-proxy + name: authentik-outpost-api + namespace: authentik +stringData: + authentik_host: ENC[AES256_GCM,data:qd+r8vtd9XtaCzAHBifNc04PQPE=,iv:sHQg5FDSelzfjRd/6ZXyfbqOBjoVwP97SW3kImREw5Q=,tag:xx4L0+dWGF+JUeG/BnAAEQ==,type:str] + authentik_host_insecure: ENC[AES256_GCM,data:4s3IjYM=,iv:ca7d4W2x/wYvIp7PmUKsvNz79lJUvIIdI+e+Q/EEJjc=,tag:EGq7oBzksSVm7plFRFJZJA==,type:str] + token: ENC[AES256_GCM,data:TKlxEjtHPjNhN0obw/k62yU7d1BSUMc3jbaoBmwLwGZzqFLvSUWIFNd4pxgD9Zd3htc1ffFqv+J53h7W,iv:Ha47JpDAB91da25Q8jmBqNSg0CQo79Js11BEfNFJ7O0=,tag:0hDl9p5o3NhmC4MFNBQS3A==,type:str] +type: Opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdTg4aDJaRThJZFpFUWg4 + bFloU0dCS1lqL3ladlE4NmprWDNtNzNxcVFJCjhkbUZnaDNPbWUrQ3hGWUxFZ0pH + akJ6emFqbU5lUVBKTnU5MGVxNWdscTAKLS0tIHVCaTMra2VBOEowSGo5T09QMVhz + cUJrM3hBRGJLUHU2bkZmRFE2cFhJbzgKAuMzg5cd94yBqJPOAnLfPYm9EtZp3VBJ + sNMGzQk6nvbKHi6bQWqH1cACIv2MNGGd/wFt7OKolzxyLvqsD7uLnA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcTlSK2pCYUNucDU4K3dO + akR0bnhDdGp5WmtVZVlqaEY3T3cxVGRpZFI4CnNRdmJvK1M0c091bW1OM1ovUHlH + V2VVWVRYN1RIZUpHTnlpVVhVNFdEaEEKLS0tIHc0UWRBTVdBa0dYdlMyUFo4VjAx + ZktiT1cySU9BNlo0VFpMQXl2clc0YWcKmTNufCp+/FDJ0vgP/kigA1EXBslV+bhv + zbH0I4QwcJDzLLF39oFzOUf4H04C923HcGBfaT9x8jjYJXcQtPvS3g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEN25pNmczMzRwUnhHaFhh + N2VCMmdMT3pxdmUyM3N4Ni96MVhVb1QycXhJCjNzSUdERVlYNFpudit4TjVWMXdN + ZWhSc1pZc2FHVUtaeTR4RGVReThLLzQKLS0tIGZ6cm4xRGpJSXZsc1BxWm1pbkJF + QlpCbTZ4cDUvcEp2aURMOHV5M0VzYXcKfedY9BlqAonef++jo7VO4oZJpfcp/xft + riaJv+WRsCsDdmHSC93YQhvkAGrE08G/NY69seT4Pk9YPhfigo+yAA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-30T19:48:42Z" + mac: ENC[AES256_GCM,data:tY14+lA8qBJzoFQw34Y1/dKbDp4+EOB4dX+pBigPKilvGjmJe0x4zHkGY/hjvDnoOjhKmxH3X1DFtVuEEQvDB9jZFBlRzwPO1/ver1l3chWFwt4lgPDYTesakxUSJYxQkXiC/cLGc3xskqGUhfk1cOaLvor5vAyImDfT7ySvETE=,iv:0iImkZvZWIUl1n+98BpaHq2U69dA0sO1KTrQ/YoaKg4=,tag:uR1kd9tLimjK05TPZOWIbQ==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.0 diff --git a/longhorn/kustomization.yaml b/longhorn/kustomization.yaml new file mode 100644 index 0000000..073e908 --- /dev/null +++ b/longhorn/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +generators: + - ./secret-generator.yaml diff --git a/longhorn/secret-generator.yaml b/longhorn/secret-generator.yaml new file mode 100644 index 0000000..486c4c1 --- /dev/null +++ b/longhorn/secret-generator.yaml @@ -0,0 +1,10 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./secret.yaml diff --git a/longhorn/secret.yaml b/longhorn/secret.yaml new file mode 100644 index 0000000..69c0fcd --- /dev/null +++ b/longhorn/secret.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Secret +metadata: + name: longhorn-backup-target + namespace: longhorn-system +type: Opaque +data: + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:78iskasj0MX32r8qp4LCmTsf5q8r3W5nCs7BrA==,iv:dQFU/Pm+bQQKWfWKq7c63XTW2+czjOeIZuoL2mrPKbM=,tag:we+rZ+YoMpeiAve7zcH6pg==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:zR3LNrmweWn9ONkpOlgNGfJ0ERJeNgNsurvBcsX7JZox/vyaZRb6lt4VEjdBDMdTZ+dWRvtvHUw=,iv:CCLoHHixnzVaT0SX3uOjyb7SCNyAe5H30acmMEIgubI=,tag:c7nWPRTZQXqgp8jVgtU57g==,type:str] + #ENC[AES256_GCM,data:p1aNW086iJ/xbZGc3A9VFitml4AB0ly8BOyJztOoIBd9I7Ld,iv:5um8w4PL9EfHcCHlfIW0Yr6aqvgs5FVh4Y54RDQDOLY=,tag:17ELSDORVx0aj2hzFDaxUA==,type:comment] + AWS_ENDPOINTS: ENC[AES256_GCM,data:Cm4ISXx3mosAwVCzFqK5461gFIAqWtSwazvhfe/01blpOLOGpEW7b7S00fnRMviR,iv:Zflw/1JEQjcKarQPOrpBSpCprdL/2Ry6FH74K3/NfFo=,tag:l6idxnQStu2ycr0og2/otw==,type:str] + #ENC[AES256_GCM,data:0QVDgxSYpM+pFAiXf2+xcAnZath1zSzyZDy/zS8L36kZrSQnBSDN91OwAKLYpOb1m+cbex6lWN9OYFRYcIhUjA==,iv:Cm7bwYZS6F4XkRFaqUcBehXUQXmUI/48l+cDBPjlao8=,tag:jBUadTKqWJbPqpljshBoRg==,type:comment] + #ENC[AES256_GCM,data:oxfKvt9xbus8la9hJGLOCVBfyQMCP4wpD4QZcEIw/SFWysMm2NaFzUHtUH39QAG2kCw1C5gKtTQ5EhJ1C2bgxVB6qlC6DUhO5uwlIoXtDqNsfhnsyWuIvJMH5jnPwAfO8Y+plLk2g4dV3aMmYt8Hfg==,iv:Ai/0l0GDbJzTaVy7Xhp1offyaqKD/Ge/oU9YDiGXC28=,tag:wIGYy7TBnCZYrbKDd1y7xQ==,type:comment] + #ENC[AES256_GCM,data:6IieK5gwtUr+u3PjRjOXs5fJafO3N14yLmDCxBdU5VBfgOpIV4P5nX07DJ5jXw9BJgr6nqsQA0tlgeddT0vnO/cQNKJFBeQXVCzjxLHlrNv7JLg6EbtXZoO/eNow0XBGCLyg6Mq+6S83J2p8pix4tEae4YQrwveQ+dD0A15hK7n5gWOdFz50qE5IImbZsm9aR3ymxs1o9fjkZYTNycsneWe069SNCdb2gFtf4Q==,iv:N30tKPf2ajQT2s0/GYZPV8ipy1Qkkfh+dAlJ4pdGm9M=,tag:qtfr6TY8nyAoMykRONC3kQ==,type:comment] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIUUV2UTR2dUpxWlpKWjNM + WDI2NVRUK0EvZkdjZ3N0OXFNclNJdzlIRXlZCmZBOUErb2pZUHZlNVpGLzhTUlRK + N21nSjM3RzRRdXR4QStyakdYRExCOHMKLS0tIHdJczRmNnBDMmJjNm9WeXlvU1cx + U1lFckFhTWloSmI0LzJoWDJDSExnbHcK4Sz2SU5czvG58HiQtn4AJbltSwfikS3A + JUKhzPja3ZgHhmed+Bs9SLyKcQ1gm+ou1JLjqJ2/0s2MEAoTnQ9aCw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OEVaTk9IUzR1bkNneitF + dGtadHJjRUJUYTREV0J2M3Z2dzJCSnpEREZNCkpZZnFxNE1QMU5UUXNITXJpV2Rt + dUcvaUw4aC9iQzhIRXVmYmlpUmhqRm8KLS0tIDUxRGxsQldqWWlFeXJITXg2RkhX + bkwvRVlsSDYyZGJkbU94bFUxdnN2VkkKg9LB1b0aD/GqpbRIZD1hIcNaRWr4eybL + 17orZ6j01e84zMutrinpOP1sTMyqCEBYG2FrEAnRaTxRkOW7SaVHIw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZ3FUMlpFRVdrVVZxdXdo + b2pJZ0lValNUMUlZcGRVb296QjlPM1JPZUFrCkVDWlhZNEYxaVRnd2FTWFRtSHcr + eTN0ZERFSWpPa0lyczF2TEk5dTB4d00KLS0tIHZ2MzdpUTd1eHdicHduQzJsRzAr + SU5ibzRiK3Q2RnVNRUhjVm5YSFNmc0UKNA0uHFT1L8RuQR6TmiopYCgLBxsLp0bU + vsS68gQieQI94bBiMOsJQTzLSWBc9juvuBdHhRoyYhkzJ75TAifNVQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-30T19:48:48Z" + mac: ENC[AES256_GCM,data:cu2bF925hVUs69HmKzs3sc61rN3hNWwN0x6VyBhoobNDF7IJ65Aw/iSYSh80EdoDy4WQq0lfr4SO8sayqs3vxgTwFpujcjnQ16rgq0q00V8e+iDlR78h/SbYp+cuFiu6QBKSl9a/vHfRSTSOAOt0zF+cPYl25Htas5L7S12xJ68=,iv:wDkA8egy2ONoRaUYXV915ID6JX+myOmStxdXXtC66sw=,tag:UxoGQpiB023vcwSc3es21Q==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.0 diff --git a/prometheus/kustomization.yaml b/prometheus/kustomization.yaml new file mode 100644 index 0000000..073e908 --- /dev/null +++ b/prometheus/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +generators: + - ./secret-generator.yaml diff --git a/prometheus/secret-generator.yaml b/prometheus/secret-generator.yaml new file mode 100644 index 0000000..486c4c1 --- /dev/null +++ b/prometheus/secret-generator.yaml @@ -0,0 +1,10 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./secret.yaml diff --git a/prometheus/secret.yaml b/prometheus/secret.yaml new file mode 100644 index 0000000..f3a9602 --- /dev/null +++ b/prometheus/secret.yaml @@ -0,0 +1,141 @@ +apiVersion: v1 +kind: Secret +metadata: + name: alertmanager-prometheus-kube-prometheus-alertmanager + namespace: prometheus +type: Opaque +data: + alertmanager.yaml: ENC[AES256_GCM,data:wZCPrULF7Woabb5kNriESm1AcJB/q9U+zmL/Udx0vYnnqCTP1iB5PgsWEuo3Hn4bsaOekUyJdc/bqNuB/EmLoWCiADCYE8fj/wiYZF2XCY84gfHDDheNaZ4twRCIVyob/kgd2VTfsMy9qv1YzJoSdcnVz2twjbFZ6lVHa+jLvT9d9Bc+YBVh2NYCsOGcOhrEhPEuumiysENdOvHZUNteLdCz5Gjctqne2i/mSLrwTKI3a/6H5yirCWPuiXWETK9a4Zwjz6qfdRERJs8I29vAOU3PFyB9Wy5YzJx3bdB/lrVrrlOHmPAWCCTg44WPHs4NH2WjbpEa+UP5GFiWt9ruKioynrETnFWzXjTOnrzdafNSudDCHrT4aoYpxbBgdm25mW1rxMKRJbYysrU45W+ZgDQ0M+IcthlxsInP5H8IQl6ovpGMxCNywYetNeTCoL+mg85ldn0MJY5wBuHuW/JZAYd7tuYWM8XhQmofxtobh/7TCtKV+Ao3G9xh/jk4TIo42dQ8A+3iwP20g1q6hy0FVmHovqth0FMSp0SMITPjeKj6GI/jGph/XyaWyTEJw/v1bkRbYsqlcbGIrHNbxrxedKDTXnjzWtQ0OGcjIXYT9iU8fLnacnEEcHVbHf3kNC1tbO16DAN1D2bLeaewqKM381c2W1TbsB2H5S8MA+Ajonh6iGEMQuI26yCqnVv8E2SQNzBKXPCznCHc0kOvrfN6z6NTgYzdEfGzQv3Ke9pij/2b4wimEF1wIF+60cNDWWaot97wY61T9yhHKFIo2cvkzUUn5fquhoLNBJHyTQ9nykd+SzP9CMXJCLTbaG95bqsQr43rf/RQdqexGylXTGrlq3rEOhvDRE1YifwqKPy30CrjqP3gUlxzsT5Cg6dIiTQGbJUeVm3n3BNy/VYUpkOYNtXr18azRs2IB2udHrx11tQjJxGuCjEeXbXuWgptS728uFHPyuFRwXCZng8Ut1ouxoH0eskLibg+4unRIPXyl5mOrspqIVG36BoXXY/QAmfCfOYBpsEsOdfJAmCsS4oAc1B45D+VxE+LIsFSEyyWV5K5ccwhkYx5oplkoxuMxR7X79VcX3EQEvphQMVw4IBJZY69mtsR8MNb3MOcXUNIKd8DIBrYUSz0Fz35hB1F5GiOWxUCNkcSruBpUVfYuXtEVGijNVOOI0GYc7Pxx3gz9BMiiq2bjRM+298fydXr9AJMMzgvBrzBKdxxZ9at976IvIVWRj6D7Mi2L5CuHDp+pRfPNlyXbWhrVZEHMvaoL4dreKLYKhMR3VceLCb93RG998JPnAb/TNPFxg3zBxR7l+T5lrd3NltQfHoiDVErpuTT,iv:mgSc547ZaHrXyP+er/gxjnC/FxAsrntkfS3h19RtU/A=,tag:AIRrEcZabe1JaBGFcqpD3Q==,type:str] + telegram.tmpl: ENC[AES256_GCM,data:4DfAYLgaPunLLj+5MAknCgKQmb9jS7uwE0+MnQYSX/2l1EtObRDCiitzNDMdtlk3YaSZcw2YCBh2oqz/m712/CIt84kVzLkjei88X6K8hqJtmGkqjNnroHyNWGAqSd8+5VwLfWP2canIq6MOAFBrdDiEL0kMpxbQ0Ghc1CPCF6wPX0Q2klkDUFcIX39SLqQ+r13DVnJWERLrR/bs6h95OE0l0GIBke5+5XhR9oyt9izkZPv4vpk+w++uHR0xR0iixlZQRK0PEP5S4HjElNUJ7yIu6Qq8hTFub8hVm3GBoRfQzcv116BXvm4/+jGOUlddw+FKpDx30uAZADSrdTe6clVxlKgmFEUz/KI7mPlvc4JisVTQNI5Un/n22poYJEabwM6xMLpYCJrKwrs5npWEAZu4RRiD3oqnkI54A0dlHP12DjcwZx/Rv7NNaSHgBx6ZfLPiSf9T8vIKT8fZUX4yrg==,iv:UdeiRdluZpr0TDIKEPaKbytMPuCCdP6BaWI7WtOg5Sk=,tag:b4PMEUSRWVGMkWZSnGmP9A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlYm5PMG94RjQ4eno1Mm1Y + cUsxVnhJMHJQUklYUnF2b1VxNjN3dXQwTG5nCk5HWVlGQWQrTGpMU0VNY2c1amhk + Q0R0VHlkK2s0MzlzQU9BZDR3eEhHRTgKLS0tIE9LeFVwT2pMTzBJNG85d0tMSGxq + Um84ODk0VExnQlR6THFJSUw2TTFoUkEKb68vaNKhWvk9tvOqFf9ZLBJ3jiZTS7OB + V9+YOJTFdYZrIghRQmnLThVV+fVaANjmbQaHSPzkKGAyoeyf9dOWig== + -----END AGE ENCRYPTED FILE----- + - recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZK1RtN3dNeSt5bXBoUXpL + WmFIUjhaVzBYNHRTNk1Ta1JkM1JGQ0pZQlZNCjVMd1MvSktWMkNCV3l1RHJ6Y2lQ + dmZQRWxxTldJTTd2MUs0UkFCejlXemsKLS0tIFY1R2todUt3SllMeWV4TWRFVXp3 + TGdtZHh4WnBPb1Njb2NuOHJRVnY5TFUKtnXXZLxtfmikXdGJsHelOkkUnlHzE2rv + 9x2IpBOB2ubijXIm+vPL16sBau6x2ZxRAEBn0MeMsJaZ/NuF1oQ+Qw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkS2Fza0VySkpNWjlKczR3 + MUdVa2YxdzFRbUlSb3I5VGVRdXdJRWdtM1Y0ClJBRmxoT0VIbUZNcmtSc2gxRU5m + aFRUZURaWEJ1TGtxbHhPRHg5U1JBeTQKLS0tIGZlTE5hckhCOWpjdUZpWEZLMXZs + dzV4cEpPUjVNM1U3RU04NndORkFjek0KZhWYY2YQ36Bt3P9DawwbiV5vJNLygD0H + wVYLMfr6gkTMWW9NCBQG3WUxZ7VpoYJXKLiAIwvbD7jVtspkxvX+rw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-30T19:48:52Z" + mac: ENC[AES256_GCM,data:9ql9tUlYVVc+N5NvZr+pnbuTkDmCcJGr311910r9gw5EMJ9tlKVSZBMn36+odWjt0X/hjlTUZ0L3LcQv+qt8f6nNU43CccejMSFR4Cl0G9YyqsXgX2k5H4E/CaRHsn+WcAH6qA6G9aF9lsJIscDlh1jZK7Cqf+YbxkKktT7n72w=,iv:B9RrnkmT/kA6mQgKtEL1Ed/zWIwF0Ga2A9l2DycleZM=,tag:fvI8xiAPEF7SrteHKy4DrA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.0 +--- +apiVersion: v1 +kind: Secret +metadata: + name: telegram-api + namespace: prometheus +type: Opaque +data: + api_key: ENC[AES256_GCM,data:eLgJtHmehvT0vVGJ+JINbBCh683XZKrWhHPb52jNZ1P2lE+gDlli768FC3EH05+K0CA/qQeVBgEbS6NrmUMkEQ==,iv:LlQpXqwMWM+k3fa6x6Jory6U3U2DX1KBZNiR+XvGPX0=,tag:cFuVSOFQbyw+AIgqu08UAw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlYm5PMG94RjQ4eno1Mm1Y + cUsxVnhJMHJQUklYUnF2b1VxNjN3dXQwTG5nCk5HWVlGQWQrTGpMU0VNY2c1amhk + Q0R0VHlkK2s0MzlzQU9BZDR3eEhHRTgKLS0tIE9LeFVwT2pMTzBJNG85d0tMSGxq + Um84ODk0VExnQlR6THFJSUw2TTFoUkEKb68vaNKhWvk9tvOqFf9ZLBJ3jiZTS7OB + V9+YOJTFdYZrIghRQmnLThVV+fVaANjmbQaHSPzkKGAyoeyf9dOWig== + -----END AGE ENCRYPTED FILE----- + - recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZK1RtN3dNeSt5bXBoUXpL + WmFIUjhaVzBYNHRTNk1Ta1JkM1JGQ0pZQlZNCjVMd1MvSktWMkNCV3l1RHJ6Y2lQ + dmZQRWxxTldJTTd2MUs0UkFCejlXemsKLS0tIFY1R2todUt3SllMeWV4TWRFVXp3 + TGdtZHh4WnBPb1Njb2NuOHJRVnY5TFUKtnXXZLxtfmikXdGJsHelOkkUnlHzE2rv + 9x2IpBOB2ubijXIm+vPL16sBau6x2ZxRAEBn0MeMsJaZ/NuF1oQ+Qw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkS2Fza0VySkpNWjlKczR3 + MUdVa2YxdzFRbUlSb3I5VGVRdXdJRWdtM1Y0ClJBRmxoT0VIbUZNcmtSc2gxRU5m + aFRUZURaWEJ1TGtxbHhPRHg5U1JBeTQKLS0tIGZlTE5hckhCOWpjdUZpWEZLMXZs + dzV4cEpPUjVNM1U3RU04NndORkFjek0KZhWYY2YQ36Bt3P9DawwbiV5vJNLygD0H + wVYLMfr6gkTMWW9NCBQG3WUxZ7VpoYJXKLiAIwvbD7jVtspkxvX+rw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-30T19:48:52Z" + mac: ENC[AES256_GCM,data:9ql9tUlYVVc+N5NvZr+pnbuTkDmCcJGr311910r9gw5EMJ9tlKVSZBMn36+odWjt0X/hjlTUZ0L3LcQv+qt8f6nNU43CccejMSFR4Cl0G9YyqsXgX2k5H4E/CaRHsn+WcAH6qA6G9aF9lsJIscDlh1jZK7Cqf+YbxkKktT7n72w=,iv:B9RrnkmT/kA6mQgKtEL1Ed/zWIwF0Ga2A9l2DycleZM=,tag:fvI8xiAPEF7SrteHKy4DrA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.0 +--- +apiVersion: v1 +kind: Secret +metadata: + name: grafana-secrets + namespace: grafana-backuper +type: Opaque +data: + grafana-auth-token: ENC[AES256_GCM,data:yLwNndQbZppzT4KhQBg4QsAetPzZ+hSnSjQ7+0ORWG9gCQSVLb/o3B8fs/mLKUsDvREbZQFGo7OUFXMCpNNsdg==,iv:7wasWDCWvgB/GoIGn4Sv0z067QzRSPZJfvvvhbddzXU=,tag:yuRHkUfgFASufd5Wb3wpAQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlYm5PMG94RjQ4eno1Mm1Y + cUsxVnhJMHJQUklYUnF2b1VxNjN3dXQwTG5nCk5HWVlGQWQrTGpMU0VNY2c1amhk + Q0R0VHlkK2s0MzlzQU9BZDR3eEhHRTgKLS0tIE9LeFVwT2pMTzBJNG85d0tMSGxq + Um84ODk0VExnQlR6THFJSUw2TTFoUkEKb68vaNKhWvk9tvOqFf9ZLBJ3jiZTS7OB + V9+YOJTFdYZrIghRQmnLThVV+fVaANjmbQaHSPzkKGAyoeyf9dOWig== + -----END AGE ENCRYPTED FILE----- + - recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZK1RtN3dNeSt5bXBoUXpL + WmFIUjhaVzBYNHRTNk1Ta1JkM1JGQ0pZQlZNCjVMd1MvSktWMkNCV3l1RHJ6Y2lQ + dmZQRWxxTldJTTd2MUs0UkFCejlXemsKLS0tIFY1R2todUt3SllMeWV4TWRFVXp3 + TGdtZHh4WnBPb1Njb2NuOHJRVnY5TFUKtnXXZLxtfmikXdGJsHelOkkUnlHzE2rv + 9x2IpBOB2ubijXIm+vPL16sBau6x2ZxRAEBn0MeMsJaZ/NuF1oQ+Qw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkS2Fza0VySkpNWjlKczR3 + MUdVa2YxdzFRbUlSb3I5VGVRdXdJRWdtM1Y0ClJBRmxoT0VIbUZNcmtSc2gxRU5m + aFRUZURaWEJ1TGtxbHhPRHg5U1JBeTQKLS0tIGZlTE5hckhCOWpjdUZpWEZLMXZs + dzV4cEpPUjVNM1U3RU04NndORkFjek0KZhWYY2YQ36Bt3P9DawwbiV5vJNLygD0H + wVYLMfr6gkTMWW9NCBQG3WUxZ7VpoYJXKLiAIwvbD7jVtspkxvX+rw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-30T19:48:52Z" + mac: ENC[AES256_GCM,data:9ql9tUlYVVc+N5NvZr+pnbuTkDmCcJGr311910r9gw5EMJ9tlKVSZBMn36+odWjt0X/hjlTUZ0L3LcQv+qt8f6nNU43CccejMSFR4Cl0G9YyqsXgX2k5H4E/CaRHsn+WcAH6qA6G9aF9lsJIscDlh1jZK7Cqf+YbxkKktT7n72w=,iv:B9RrnkmT/kA6mQgKtEL1Ed/zWIwF0Ga2A9l2DycleZM=,tag:fvI8xiAPEF7SrteHKy4DrA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.0 From 52bf37fbdcd4ac3a824604867e7fd8c21ec06735 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Mon, 30 Sep 2024 21:59:11 +0200 Subject: [PATCH 3/6] prune -> false --- app-files/core-deployments.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml index 52a988f..1abf3a9 100644 --- a/app-files/core-deployments.yaml +++ b/app-files/core-deployments.yaml @@ -27,7 +27,7 @@ spec: syncOptions: - CreateNamespace=true automated: - prune: true + prune: false --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -94,7 +94,7 @@ spec: syncOptions: - CreateNamespace=true automated: - prune: true + prune: false --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -126,7 +126,7 @@ spec: - ServerSideApply=true - RespectIgnoreDifferences=true automated: - prune: true + prune: false ignoreDifferences: - group: apps kind: Deployment @@ -177,7 +177,7 @@ spec: - ServerSideApply=true - RespectIgnoreDifferences=true automated: - prune: true + prune: false ignoreDifferences: - group: apps kind: Deployment @@ -208,7 +208,7 @@ spec: syncOptions: - CreateNamespace=true automated: - prune: true + prune: false --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -228,7 +228,7 @@ spec: syncOptions: - CreateNamespace=true automated: - prune: true + prune: false --- apiVersion: argoproj.io/v1alpha1 kind: Application From 39fd1f7d0fbda61ffe852e313802fd4546f914e5 Mon Sep 17 00:00:00 2001 From: Tom Neuber Date: Mon, 30 Sep 2024 22:04:39 +0200 Subject: [PATCH 4/6] prometheus: add k8s resources to kustomize --- prometheus/ingress.yaml | 12 ------------ prometheus/kustomization.yaml | 5 +++++ 2 files changed, 5 insertions(+), 12 deletions(-) delete mode 100644 prometheus/ingress.yaml diff --git a/prometheus/ingress.yaml b/prometheus/ingress.yaml deleted file mode 100644 index 8f453ad..0000000 --- a/prometheus/ingress.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -kind: Secret -metadata: - name: prometheus-basic-auth-secret - namespace: prometheus -apiVersion: v1 -type: nginx.org/htpasswd -stringData: - htpasswd: | - aaron:$2y$05$B2.Q.9/e4VEXsnoe.ypjYOkiykmrF2hpApE7CYc2DPIr0pFIdDO1O - tom:$2y$05$BsM7fvmf3Gpuznak5OSgre0x81K4.vxUQO/aKW5cY4gmQOzvssPLO - basti:$$apr1$$XaGDFprb$$O9Y1oRhTNY7U5aa5Lj3wa1 \ No newline at end of file diff --git a/prometheus/kustomization.yaml b/prometheus/kustomization.yaml index 073e908..051c95b 100644 --- a/prometheus/kustomization.yaml +++ b/prometheus/kustomization.yaml @@ -2,3 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization generators: - ./secret-generator.yaml +resources: + - ./alerts.yaml + - ./namespace.yaml + - ./service-monitor-longhorn.yaml + - ./templates.yaml From dfc4b33f64e4ec1c43dc8b537a5c0a47d151984d Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Mon, 30 Sep 2024 22:07:59 +0200 Subject: [PATCH 5/6] add authentik app --- app-files/core-deployments.yaml | 34 ++++++++++++++++++++++++++------- authentik/kustomization.yaml | 2 ++ 2 files changed, 29 insertions(+), 7 deletions(-) diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml index 1abf3a9..d27145c 100644 --- a/app-files/core-deployments.yaml +++ b/app-files/core-deployments.yaml @@ -248,7 +248,7 @@ spec: syncOptions: - CreateNamespace=true automated: - prune: true + prune: false --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -268,7 +268,7 @@ spec: syncOptions: - CreateNamespace=true automated: - prune: true + prune: false --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -298,7 +298,7 @@ spec: syncOptions: - CreateNamespace=true automated: - prune: true + prune: false --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -320,7 +320,7 @@ spec: syncOptions: - CreateNamespace=true automated: - prune: true + prune: false --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -350,7 +350,7 @@ spec: syncOptions: - CreateNamespace=true automated: - prune: true + prune: false --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -387,7 +387,7 @@ spec: syncPolicy: automated: selfHeal: true - prune: true + prune: false --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -417,4 +417,24 @@ spec: syncOptions: - CreateNamespace=true automated: - prune: true + prune: false +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: authentik + namespace: argocd +spec: + project: default + sources: + - repoURL: https://git.ar21.de/yolokube/core-deployments.git + targetRevision: HEAD + path: authentik + destination: + server: https://kubernetes.default.svc + namespace: authentik + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: false diff --git a/authentik/kustomization.yaml b/authentik/kustomization.yaml index 073e908..b14a91c 100644 --- a/authentik/kustomization.yaml +++ b/authentik/kustomization.yaml @@ -2,3 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization generators: - ./secret-generator.yaml +resources: + - ./manifest.yaml From e9296608db6b0cbbde05ae081a6bed76d82efcc8 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 30 Sep 2024 20:20:16 +0000 Subject: [PATCH 6/6] chore(deps): update helm release argo-cd to v7.6.7 --- app-files/core-deployments.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml index d27145c..ae471a1 100644 --- a/app-files/core-deployments.yaml +++ b/app-files/core-deployments.yaml @@ -39,7 +39,7 @@ spec: sources: - repoURL: https://argoproj.github.io/argo-helm chart: argo-cd - targetRevision: 7.6.6 + targetRevision: 7.6.7 helm: releaseName: argo valueFiles: