Add secrets with sops
This commit is contained in:
parent
30c8a660ef
commit
82f71e8d38
4 changed files with 121 additions and 1 deletions
13
.sops.yaml
Normal file
13
.sops.yaml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
keys:
|
||||
- &argo age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
|
||||
- &tom age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
|
||||
- &aaron age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
|
||||
creation_rules:
|
||||
- path_regex: .*
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
key_groups:
|
||||
- age:
|
||||
- *argo
|
||||
- *tom
|
||||
- *aaron
|
|
@ -1,4 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
generators:
|
||||
- secret-generator.yaml
|
||||
resources:
|
||||
- grafana-backuper.yaml
|
||||
- grafana-backuper.yaml
|
||||
|
|
10
base/secret-generator.yaml
Normal file
10
base/secret-generator.yaml
Normal file
|
@ -0,0 +1,10 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: secret-generator
|
||||
annotations:
|
||||
config.kubernetes.io/function: |
|
||||
exec:
|
||||
path: ksops
|
||||
files:
|
||||
- secret.yaml
|
95
base/secret.yaml
Normal file
95
base/secret.yaml
Normal file
File diff suppressed because one or more lines are too long
Reference in a new issue