add secrects for the cert-manager and add the sops creation rules

2024-06-09 18:22:27 +10:00
commit c68db2879f
2 changed files with 32 additions and 0 deletions
--- a/kubernetes/.sops.yaml
+++ b/kubernetes/.sops.yaml
@@ -0,0 +1,4 @@
 creation_rules:
  - path_regex: .*.yaml
    encrypted_regex: ^(data|stringData)$
    age: 'age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz'
--- a/kubernetes/cert-manager-secrets.yaml
+++ b/kubernetes/cert-manager-secrets.yaml
@@ -0,0 +1,28 @@
 apiVersion: v1
 kind: Secret
 metadata:
    name: cert-manager-secrets
 type: Opaque
 stringData:
    email: ENC[AES256_GCM,data:iTZZP5apPwauZcur974jYQMt7w==,iv:e16R6T0oJyze4LgOKvX3OMujXOlEc2b2rfX6/6dU3mg=,tag:BdbrYm9Imcg57uyGfTdiRQ==,type:str]
    cert-manager-dns01: ENC[AES256_GCM,data:q3XWT8q1KjDw4jRITkFNi+nTF8WpQQKidOzwRm+dA2gcrrt12ghh9A==,iv:+W9fVafKj8gYFhDIFqwvcCifl41cxsDVOmw1yasBJEc=,tag:O/VWJ8hxRR4SLM77ePxQkw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbU1qcitrWTQrMTRjSUMw
            elJSdStlQ3YwNDBuNlAxWjVsbUlLOVNUUkFzCkhCTHFOdVMzQ1NrZGhvRjRDMFhL
            aTM1K09aYlFlazBHN09uMWF5SHNxekkKLS0tIFRsSkxDWllJWWl0STROdW16MFd4
            NmJoSXd3YmIrMzhZdjBJdGtYMDZWU28KGJ15IupnT8nCZeKA95Td3if68YTeQ+q5
            ZK3XjR3FYW4B8T2W0eWXWSk8LHtt0+ubnv1xpS1zzGMyf8GMo00c8Q==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-06-09T08:11:58Z"
    mac: ENC[AES256_GCM,data:rrK8jw+6xwT3cSyJ8MonoT83J1oPTjZ4WLfdAIYR7OyBVEUoEa43Wg+NVt+Y1a2fuaqIuQU+CMDYz6FmiBV3AIwm7KZXYzn3vLmxCyCWfEId/C9CrWRhWnIzNtqrIwr/fFqZOdKY0idaXzQ2mDl12jzTa3FQKZff3v51AN5u4VQ=,iv:zjFdfvYWe9CCctyTH1UPFCY8E+pfBVYXS+5B5yaTLGg=,tag:qHdxqW4SNSIwbGeJPLUzEg==,type:str]
    pgp: []
    encrypted_regex: ^(data|stringData)$
    version: 3.8.1