From 4790a5df9993f70dac6ecbb8d314a2c8396417e8 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 15 Jul 2024 23:27:37 +1000 Subject: [PATCH 01/18] fix sealed-secrets --- resources/sealed-secrets/env/k3s-cluster/config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/sealed-secrets/env/k3s-cluster/config.json b/resources/sealed-secrets/env/k3s-cluster/config.json index a689d07..ed49ca0 100644 --- a/resources/sealed-secrets/env/k3s-cluster/config.json +++ b/resources/sealed-secrets/env/k3s-cluster/config.json @@ -1,7 +1,7 @@ { "appName": "sealed-secrets", "userGivenName": "sealed-secrets", - "destNamespace": "argocd", + "destNamespace": "kube-system", "destServer": "https://kubernetes.default.svc", "srcPath": "resources/sealed-secrets/env/k3s-cluster", "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", From 991667079bef3cf01391753a02a599f3f7092e36 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 15 Jul 2024 23:41:35 +1000 Subject: [PATCH 02/18] fix namespaces --- apps/homer/env/k3s-cluster/config.json | 1 + infrastructures/ingress-nginx/env/k3s-cluster/config.json | 1 + projects/k3s-cluster-app.yaml | 2 +- projects/k3s-cluster-infra.yaml | 2 +- projects/k3s-cluster-res.yaml | 2 +- resources/ingress-nginx-configmap/env/k3s-cluster/config.json | 1 + resources/local-path-provisioner/env/k3s-cluster/config.json | 1 + resources/namespaces/env/k3s-cluster/config.json | 1 + resources/sealed-secrets/env/k3s-cluster/config.json | 1 + resources/sync-job/env/k3s-cluster/config.json | 1 + scripts/{encript-file-by-age.sh => encrypt-file-by-age.sh} | 0 11 files changed, 10 insertions(+), 3 deletions(-) rename scripts/{encript-file-by-age.sh => encrypt-file-by-age.sh} (100%) diff --git a/apps/homer/env/k3s-cluster/config.json b/apps/homer/env/k3s-cluster/config.json index bc1a9bc..79bd194 100644 --- a/apps/homer/env/k3s-cluster/config.json +++ b/apps/homer/env/k3s-cluster/config.json @@ -1,6 +1,7 @@ { "appName": "homer", "userGivenName": "homer", + "namespace": "homer", "destNamespace": "homer", "destServer": "https://kubernetes.default.svc", "srcPath": "apps/homer/env/k3s-cluster", diff --git a/infrastructures/ingress-nginx/env/k3s-cluster/config.json b/infrastructures/ingress-nginx/env/k3s-cluster/config.json index c4c946b..2f2cd35 100644 --- a/infrastructures/ingress-nginx/env/k3s-cluster/config.json +++ b/infrastructures/ingress-nginx/env/k3s-cluster/config.json @@ -1,6 +1,7 @@ { "appName": "ingress-nginx", "userGivenName": "ingress-nginx", + "namespace": "ingress-nginx", "destNamespace": "ingress-nginx", "destServer": "https://kubernetes.default.svc", "srcPath": "infrastructures/ingress-nginx/env/k3s-cluster", diff --git a/projects/k3s-cluster-app.yaml b/projects/k3s-cluster-app.yaml index 3987395..27a2eeb 100644 --- a/projects/k3s-cluster-app.yaml +++ b/projects/k3s-cluster-app.yaml @@ -46,7 +46,7 @@ spec: app.kubernetes.io/managed-by: argocd app.kubernetes.io/name: '{{ appName }}' name: '{{ userGivenName }}' - namespace: argocd + namespace: '{{ namespace }}' spec: destination: namespace: '{{ destNamespace }}' diff --git a/projects/k3s-cluster-infra.yaml b/projects/k3s-cluster-infra.yaml index e09f6aa..6890179 100644 --- a/projects/k3s-cluster-infra.yaml +++ b/projects/k3s-cluster-infra.yaml @@ -46,7 +46,7 @@ spec: app.kubernetes.io/managed-by: argocd app.kubernetes.io/name: '{{ appName }}' name: '{{ userGivenName }}' - namespace: argocd + namespace: '{{ namespace }}' spec: destination: namespace: '{{ destNamespace }}' diff --git a/projects/k3s-cluster-res.yaml b/projects/k3s-cluster-res.yaml index f7b34f3..fe59844 100644 --- a/projects/k3s-cluster-res.yaml +++ b/projects/k3s-cluster-res.yaml @@ -46,7 +46,7 @@ spec: app.kubernetes.io/managed-by: argocd app.kubernetes.io/name: '{{ appName }}' name: '{{ userGivenName }}' - namespace: argocd + namespace: '{{ namespace }}' spec: destination: namespace: '{{ destNamespace }}' diff --git a/resources/ingress-nginx-configmap/env/k3s-cluster/config.json b/resources/ingress-nginx-configmap/env/k3s-cluster/config.json index 7b6a97c..150a793 100644 --- a/resources/ingress-nginx-configmap/env/k3s-cluster/config.json +++ b/resources/ingress-nginx-configmap/env/k3s-cluster/config.json @@ -1,6 +1,7 @@ { "appName": "ingress-nginx-configmap", "userGivenName": "ingress-nginx-configmap", + "namespace": "ingress-nginx", "destNamespace": "ingress-nginx", "destServer": "https://kubernetes.default.svc", "srcPath": "resources/ingress-nginx-configmap/env/k3s-cluster", diff --git a/resources/local-path-provisioner/env/k3s-cluster/config.json b/resources/local-path-provisioner/env/k3s-cluster/config.json index 44bfa62..fafad8d 100644 --- a/resources/local-path-provisioner/env/k3s-cluster/config.json +++ b/resources/local-path-provisioner/env/k3s-cluster/config.json @@ -1,6 +1,7 @@ { "appName": "local-path-provisioner", "userGivenName": "local-path-provisioner", + "namespace": "local-path-provisioner", "destNamespace": "local-path-provisioner", "destServer": "https://kubernetes.default.svc", "srcPath": "resources/local-path-provisioner/env/k3s-cluster", diff --git a/resources/namespaces/env/k3s-cluster/config.json b/resources/namespaces/env/k3s-cluster/config.json index d027bb8..1892bad 100644 --- a/resources/namespaces/env/k3s-cluster/config.json +++ b/resources/namespaces/env/k3s-cluster/config.json @@ -1,6 +1,7 @@ { "appName": "namespaces", "userGivenName": "namespaces", + "namespace": "argocd", "destNamespace": "argocd", "destServer": "https://kubernetes.default.svc", "srcPath": "resources/namespaces/env/k3s-cluster", diff --git a/resources/sealed-secrets/env/k3s-cluster/config.json b/resources/sealed-secrets/env/k3s-cluster/config.json index ed49ca0..41ce2f9 100644 --- a/resources/sealed-secrets/env/k3s-cluster/config.json +++ b/resources/sealed-secrets/env/k3s-cluster/config.json @@ -1,6 +1,7 @@ { "appName": "sealed-secrets", "userGivenName": "sealed-secrets", + "namespace": "sealed-secrets", "destNamespace": "kube-system", "destServer": "https://kubernetes.default.svc", "srcPath": "resources/sealed-secrets/env/k3s-cluster", diff --git a/resources/sync-job/env/k3s-cluster/config.json b/resources/sync-job/env/k3s-cluster/config.json index 6a1af33..d1b37b7 100644 --- a/resources/sync-job/env/k3s-cluster/config.json +++ b/resources/sync-job/env/k3s-cluster/config.json @@ -1,6 +1,7 @@ { "appName": "sync-job", "userGivenName": "sync-job", + "namespace": "argocd", "destNamespace": "argocd", "destServer": "https://kubernetes.default.svc", "srcPath": "resources/sync-job/env/k3s-cluster", diff --git a/scripts/encript-file-by-age.sh b/scripts/encrypt-file-by-age.sh similarity index 100% rename from scripts/encript-file-by-age.sh rename to scripts/encrypt-file-by-age.sh From 944ad244f7cd7eec11d65c2ebc4dfbbc6a1c2c14 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 16 Jul 2024 00:59:25 +1000 Subject: [PATCH 03/18] test sealed-secrets decryption --- .../app-secrets/env/k3s-cluster/Chart.yaml | 9 +++++++ .../app-secrets/env/k3s-cluster/config.json | 12 +++++++++ .../env/k3s-cluster/templates/postgresql.yaml | 26 +++++++++++++++++++ 3 files changed, 47 insertions(+) create mode 100644 resources/app-secrets/env/k3s-cluster/Chart.yaml create mode 100644 resources/app-secrets/env/k3s-cluster/config.json create mode 100644 resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml diff --git a/resources/app-secrets/env/k3s-cluster/Chart.yaml b/resources/app-secrets/env/k3s-cluster/Chart.yaml new file mode 100644 index 0000000..db60391 --- /dev/null +++ b/resources/app-secrets/env/k3s-cluster/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +version: "0.0.1" +appVersion: "0.0.3" +name: app-secrets + +dependencies: + - name: empty + version: 0.0.3 + repository: "https://jenkins-x-charts.github.io/v2/" \ No newline at end of file diff --git a/resources/app-secrets/env/k3s-cluster/config.json b/resources/app-secrets/env/k3s-cluster/config.json new file mode 100644 index 0000000..ca1a97c --- /dev/null +++ b/resources/app-secrets/env/k3s-cluster/config.json @@ -0,0 +1,12 @@ +{ + "appName": "app-secrets", + "userGivenName": "app-secrets", + "namespace": "app-secrets", + "destNamespace": "app-secrets", + "destServer": "https://kubernetes.default.svc", + "srcPath": "resources/app-secrets/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml b/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml new file mode 100644 index 0000000..cb7b9d5 --- /dev/null +++ b/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + creationTimestamp: null + name: postgresql-secrets + namespace: argocd +spec: + encryptedData: + database: AgA8Z4zEQSXKsiDE3fXvDhqJqW9yRmXuegt42oRuKczXM3murKB213hqH6/MmPnKotoN13AY/RFZF/ibM7FSfwEc8RhLOihu3/6Bl8+/8EAYkN+HoHIO1LbJ3ChMChIKJAlqvvLN2FvBxUCFPaJJL5UDnpIhbW9j6BWqPGQT99VK0TsGQcTzNxiNbDkBThLoUmk0e7L1x1Zw/zT6DHd4jcJ1WuqLFCUQtfzSSvrXqQZMMmV+S2sQwrXQ72GYv9uOqmkFKFhPnJxaObw2+OeAExsM3ZzthlWbQRkfOSUSzooZXLtaLbkN2+rBGgyjg+eMiXQORnQBv8cNU67vAZUeudn3vj4tTaAD6788HLzs/n+5EdSWJJ3MdXVnYj10oM3xVAWqLhO/+Gv4bJhH/ZekNl6u5ApRN8a6nqCd9MepTJ/gt+0YrOgr0PtN8QtugL7tRj1jg6nMmUDm7FRBBEpgfQZqHIiEtRhyWQIeVDSclyDP5wuXcLcAgPxPOQJYMGcnPW7iAXs29wa79sVNHM8ylmxACpehSTcl8YK+sNXzAsgCAVYtmec5XzgEbGilNV3GELbAUO4DNnY13yQtMuoQSWl4K3ytxddoNnynKoJjN4k9b7bJLTuhsu4209enaajVmkiHF7uDZ5YZ5PM/7FPICdCiWCnjhMJqV+LZ+dCX3F7LRvDm7D3l+UM3ONdpaleGvXx4738qA5LsTA== + password: AgBibee/zNhTG2+QCJ3fT35IlAqKSpzVgK8abWHVSn4CG1s4Q30VmAiFecX4mhYI06bWZfRDPaJ8AcpKZTH9QcDrW2YQIguhTIDGDjDb1doEnsja076vQbHJJdpU/mAB7lJHA1e815aFnX1uH/FpYWYCb2XR55DwUI8p/z2t1hZ6P21eNZSuYZU2TvRo3FGtrciaAEfe3tp3uvbG+da/7qbB9ECTb7MHpCMpLlS81/Pl4/I9HtViWTesbFB2WCi1pBft/Ixqi+bRCRAyX88Cgs0t6SWMbznWGDbWZwjjr2MaQDT1zzIw6Tur1MgCNNLBenk5UTJrFbgzWfZSjeoJZhEN+8mGAWgl0gU5cGmBFuSzJnwyM97ZofKOxwdTEzkhe5nXcJbaEuNDuBTEiJBnQ+ZAwlBoVceXRsxVTEZ1KZBqgaWyfjRExQLJ0SXyzLUw57RI4+pS8A+2HEyQmSv491DEpsPOWZZqVxpLJd+0wK+bp5fkKo/Av9vemixbC59yaSIyFSTilSBJqXBPrupKsKoPiv9uo4Rx5i39W7cSmr8/0oC18vsvZzYQXVhB6V501PQsMONs/hvtiUh+QONe30bonWUGaecnzOHvkYelTjb5mYd17GZsmFaPJKALs7rVVszdeNYxkJ/P8bxKqNxGHtGTn/wiicp0Ktbtj0J5LT9TQtOSENdYM2xG8tNYIHVY5COe2fXvSMBRIo+MudjGKBo6qdI8kw== + postgres_password: AgAUUmikFv9V8vbrg3eu1kj2KZ0JuQDKt3LxHRGLzgaUfzvu9Bt75sQwa8ZLf/S3cwdyvdX49rPtqAAKYRCTcIxdtl2x8Q8ulmJVIDftABnEpU0M9+a+1hiI+5S7e5MF0fEzGMDqPlOJ6G0y6DLpjJ36wHsrNZ5yr4cR39NOQjIsqRpSCk5JQ3bIA98KPjlUZvpuR6/ScykCdok1oOfEnAM5GeRiPGo85/IoZ6JAmiIENHpjM5tKprpG/YLAoG47za1WMXMj/XexihyUkY59a8nsShOkRyD0LUrDvn/wDrG0Bp+4gSPoc6pfqNWxa9I7w/1gtB5RwwolkRXC2PsqN9qcnWDnY6JD9YpzNHCN7kNONorD66zNUMtiCoCv0PS33ZzTGwLDdyb2CqhMHKBJ/CyNrIgm5WNVmDT1QKOYiwTF3i026UK8nPgEtSo/oZnS/SXYBjRlQgT7BTLhmqSrlx7Enly7/32RCUZMA7AdSuUG/9GvXYIMKgaVb3irw1qcZLWXyozPB8F8SXEbx3hmMrpn2iTHC9Gpy7SCyLVFmzVbfGm33Y0wcYPgTGuHQV8Ctwo/5mECdIchr5WvWghAZf/DxquHIzAyN02awWRJp05BhAQ9tYtpjv7dS4oVhg6TXKaSvtN/xbTCiZEtFNDykeJHSr/8/4aIqdLIk42PRRlOmfv4UN6g2LMTu2+QneXN5r3iNv2l4SfgeLmY42Hx0WxiU4HDxg== + replication_password: AgA82yb5vKIG1wg3XxCI5rhCSQBp/udUfnN5zNfTmoLajAZlcSVpTsO6B+jZPOC1zn5kNZ2QL4BI5A1uFTLJvFBZSx+mo3aVn00t3AarpdIJDLG89MDO1EX4PzdefhNrCSWcWxquk2RQ3o4F/4c+QobwPFrq27fcnLfo6Mlv/S46gTlbtA7mcJdj0su5+9wauQZdmRvYeIcB/DxCkDXr+DCKoR7wd/pEg+5kDUzLBBlMsSVppx55U7Z5MPrCUuyQMiS2pDhyeWonp2P2XftRUbFq8hqBcVntK1t1GvZjKJE9MKdZ5lTQM8jzMlRcXrCGP4RPsDmAyhOEMGDNtspoYdEQ9StJq5sMUZRtBwsedv+i1AwAwv1ktemVEhVS55h82ito9ggHeUV4uZD8kgRiR+Ozp3/mM2UqM2sdietYmXy0DNo61/92w/dVDj5kP0HJevg2390NuvidQXLQ4OwCUAu3QTEZrMHOgS/8+HUcW3vbDO30DyOoGDylgXzNaJ0q94gdxqnYK6cLoGNiFnyTfFk8o3Zn4mEorOVFdaDAp4WzQVLRQx7X5TcyYNghePpqOFwmtOC2ozmRIb6r756BQYrOdR8/xfv9hSmsdsN7NYK7DNF3OMx2Sb7xN/QZbPmgKOImHTl8kkIDuTQig9CHWI3egjeJKb9iEj4hKlkoYjRulNaeALWcPFbiTQjmAWn6U8/lMGXZP8+4ZTg2vhZM41zrih4C4Q== + username: AgB9TcVufY3sowDTEMbPJ0b+m1Sit+OGi4jJNF0EEWREA7nbhstKufXe1pYI32Kam5a921qqrRBD5PWBxXbJRUX6MCQK4kFVuOCHVgUnrjfyqBBvuAaiXOhwvER6H5YmmqsfGo/jLIgRdCQo1SDgjgrPX6DiXyDvn4W0ow8+wiUlp3WVqD8tnLQsfVbxU7osuOF6Y0J0yAX6pvikGJzRlQ3m2Kp3z4BpNgTxLTQ9qaWhJmX8HnEFJmkivPGOs1BaaAG2urOAU1sohm2sfCmJfl+QTN4v/P5bY7g09Yc0qYsX2MW1QNCZHD5rk70F4EppBGvjsuCpp8jjxbJ+uglFfL43bHfg/9OXinEcLaeqyBgzlcvKiHz0sk542jwE+4fVi3M/L09GRnPz81ul1smFmr4ysu/IvfCb7XH/E7cAPoOuhjR0YYKQby2IuWZur+MK7V+mH1s9CbGXskS2TPmoj9iGY1dSr4voxOvRFvdthysEuurIVHn7lz3rWyYK5SO3Xoq4vtoLpE31bCw2rzsN26seGoKlGo1E0H2N+ruU+zWCxWl3oRj+mf6Bxb0LoLCciV7oht6cGHFnqNDsyfzubCYqTLxkpL0HGoaecrt3eCKDH0NWebFo3tCBoVHiWDuUqeYMY2MmCJKL74MtP8oaGyoSAIAB1K9yHCMK3OKYUrYBhUsLXpkAYZQE4pRwn0eC2Ms+9zBSbsc= + template: + metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + sealedsecrets.bitnami.com/cluster-wide: "true" + sealedsecrets.bitnami.com/managed: "true" + creationTimestamp: null + name: postgresql-secrets + namespace: argocd + type: Opaque From c8a191e99900195151af0406cd3b293cc0e8fc0a Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 16 Jul 2024 01:43:08 +1000 Subject: [PATCH 04/18] test sealed-secrets decryption --- resources/app-secrets/env/k3s-cluster/templates/values.yaml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 resources/app-secrets/env/k3s-cluster/templates/values.yaml diff --git a/resources/app-secrets/env/k3s-cluster/templates/values.yaml b/resources/app-secrets/env/k3s-cluster/templates/values.yaml new file mode 100644 index 0000000..785f480 --- /dev/null +++ b/resources/app-secrets/env/k3s-cluster/templates/values.yaml @@ -0,0 +1,2 @@ +configMap: + enabled: false \ No newline at end of file From 3a6248dc57d87d4dd1c61fd79728fa0136854ed9 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 16 Jul 2024 01:48:53 +1000 Subject: [PATCH 05/18] test sealed-secrets decryption --- resources/app-secrets/env/k3s-cluster/{templates => }/values.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename resources/app-secrets/env/k3s-cluster/{templates => }/values.yaml (100%) diff --git a/resources/app-secrets/env/k3s-cluster/templates/values.yaml b/resources/app-secrets/env/k3s-cluster/values.yaml similarity index 100% rename from resources/app-secrets/env/k3s-cluster/templates/values.yaml rename to resources/app-secrets/env/k3s-cluster/values.yaml From 911a947f984620614628029f9c245db37d82c89e Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 16 Jul 2024 13:05:30 +1000 Subject: [PATCH 06/18] test sealed-secrets decryption --- resources/app-secrets/env/k3s-cluster/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/resources/app-secrets/env/k3s-cluster/Chart.yaml b/resources/app-secrets/env/k3s-cluster/Chart.yaml index db60391..df30551 100644 --- a/resources/app-secrets/env/k3s-cluster/Chart.yaml +++ b/resources/app-secrets/env/k3s-cluster/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 version: "0.0.1" -appVersion: "0.0.3" +appVersion: "0.0.1" name: app-secrets dependencies: - - name: empty - version: 0.0.3 - repository: "https://jenkins-x-charts.github.io/v2/" \ No newline at end of file + - name: nginx + version: 0.0.1 + repository: "https://raw.githubusercontent.com/timtsoitt/argocd-base-charts/main/releases" \ No newline at end of file From 940d4693b062b4aee212e6111479afa7904f3f84 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 16 Jul 2024 13:33:13 +1000 Subject: [PATCH 07/18] add app nexus --- apps/nexus/base/deployment.yaml | 38 +++++++++++++++++++ apps/nexus/base/kustomization.yaml | 3 ++ apps/nexus/base/service.yaml | 17 +++++++++ apps/nexus/env/k3s-cluster/config.json | 11 ++++++ apps/nexus/env/k3s-cluster/kustomization.yaml | 4 ++ 5 files changed, 73 insertions(+) create mode 100644 apps/nexus/base/deployment.yaml create mode 100644 apps/nexus/base/kustomization.yaml create mode 100644 apps/nexus/base/service.yaml create mode 100644 apps/nexus/env/k3s-cluster/config.json create mode 100644 apps/nexus/env/k3s-cluster/kustomization.yaml diff --git a/apps/nexus/base/deployment.yaml b/apps/nexus/base/deployment.yaml new file mode 100644 index 0000000..0b3b44a --- /dev/null +++ b/apps/nexus/base/deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nexus + namespace: nexus +spec: + replicas: 1 + selector: + matchLabels: + app: nexus + template: + metadata: + labels: + app: nexus + spec: + securityContext: + runAsUser: 0 + runAsGroup: 0 + containers: + - name: nexus + image: klo2k/nexus3:3.68.1-02 + resources: + limits: + memory: "3Gi" + cpu: "1" + requests: + memory: "2Gi" + cpu: "500m" + ports: + - containerPort: 8081 + volumeMounts: + - name: nexus-data + mountPath: /nexus-data + volumes: + - name: nexus-data + hostPath: + path: /mnt/nfs/AppData/nexus + type: Directory \ No newline at end of file diff --git a/apps/nexus/base/kustomization.yaml b/apps/nexus/base/kustomization.yaml new file mode 100644 index 0000000..419dcad --- /dev/null +++ b/apps/nexus/base/kustomization.yaml @@ -0,0 +1,3 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: [] \ No newline at end of file diff --git a/apps/nexus/base/service.yaml b/apps/nexus/base/service.yaml new file mode 100644 index 0000000..6bf9f28 --- /dev/null +++ b/apps/nexus/base/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: nexus + namespace: nexus + annotations: + prometheus.io/scrape: 'true' + prometheus.io/path: / + prometheus.io/port: '8081' +spec: + selector: + app: nexus + type: NodePort + ports: + - port: 8081 + targetPort: 8081 + nodePort: 32000 \ No newline at end of file diff --git a/apps/nexus/env/k3s-cluster/config.json b/apps/nexus/env/k3s-cluster/config.json new file mode 100644 index 0000000..a95f526 --- /dev/null +++ b/apps/nexus/env/k3s-cluster/config.json @@ -0,0 +1,11 @@ +{ + "appName": "nexus", + "userGivenName": "nexus", + "destNamespace": "nexus", + "destServer": "https://kubernetes.default.svc", + "srcPath": "apps/nexus/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/apps/nexus/env/k3s-cluster/kustomization.yaml b/apps/nexus/env/k3s-cluster/kustomization.yaml new file mode 100644 index 0000000..a227ac4 --- /dev/null +++ b/apps/nexus/env/k3s-cluster/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../base \ No newline at end of file From f3c4df3160fe4eaf8c2a7870e94097a76190de6f Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 16 Jul 2024 13:37:42 +1000 Subject: [PATCH 08/18] fix app nexus --- apps/nexus/base/kustomization.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/apps/nexus/base/kustomization.yaml b/apps/nexus/base/kustomization.yaml index 419dcad..87b09a3 100644 --- a/apps/nexus/base/kustomization.yaml +++ b/apps/nexus/base/kustomization.yaml @@ -1,3 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: [] \ No newline at end of file +resources: + - ./deployment.yaml + - ./service.yaml \ No newline at end of file From eac0bdaa9e69ea28e3da5305a639f9c7c91f5f3c Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 16 Jul 2024 13:44:16 +1000 Subject: [PATCH 09/18] add app snippet-box --- apps/snippet-box/base/deployment.yaml | 34 +++++++++++++++++++ apps/snippet-box/base/ingress.yaml | 21 ++++++++++++ apps/snippet-box/base/kustomization.yaml | 6 ++++ apps/snippet-box/base/service.yaml | 17 ++++++++++ apps/snippet-box/env/k3s-cluster/config.json | 11 ++++++ .../env/k3s-cluster/kustomization.yaml | 4 +++ 6 files changed, 93 insertions(+) create mode 100644 apps/snippet-box/base/deployment.yaml create mode 100644 apps/snippet-box/base/ingress.yaml create mode 100644 apps/snippet-box/base/kustomization.yaml create mode 100644 apps/snippet-box/base/service.yaml create mode 100644 apps/snippet-box/env/k3s-cluster/config.json create mode 100644 apps/snippet-box/env/k3s-cluster/kustomization.yaml diff --git a/apps/snippet-box/base/deployment.yaml b/apps/snippet-box/base/deployment.yaml new file mode 100644 index 0000000..b7cf5e4 --- /dev/null +++ b/apps/snippet-box/base/deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: snippet-box + namespace: snippet-box + labels: + app.kubernetes.io/name: snippet-box +spec: + selector: + matchLabels: + app.kubernetes.io/name: snippet-box + template: + metadata: + labels: + app.kubernetes.io/name: snippet-box + spec: + containers: + - name: snippet-box + image: pawelmalak/snippet-box:arm + ports: + - protocol: TCP + containerPort: 5000 + name: snippet-box + env: + - name: TZ + value: Australia/Sydney + volumeMounts: + - name: snippet-box-data + mountPath: /app/data + volumes: + - name: snippet-box-data + hostPath: + path: /mnt/nfs/AppData/snippet-box + type: Directory diff --git a/apps/snippet-box/base/ingress.yaml b/apps/snippet-box/base/ingress.yaml new file mode 100644 index 0000000..fa1fcd5 --- /dev/null +++ b/apps/snippet-box/base/ingress.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: snippet-box-ingress + namespace: snippet-box + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + rules: + - host: "snippet-box.cluster.edward.sydney" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: snippet-box + port: + number: 5000 \ No newline at end of file diff --git a/apps/snippet-box/base/kustomization.yaml b/apps/snippet-box/base/kustomization.yaml new file mode 100644 index 0000000..1ad0930 --- /dev/null +++ b/apps/snippet-box/base/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./deployment.yaml + - ./service.yaml + - ./ingress.yaml \ No newline at end of file diff --git a/apps/snippet-box/base/service.yaml b/apps/snippet-box/base/service.yaml new file mode 100644 index 0000000..7261884 --- /dev/null +++ b/apps/snippet-box/base/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: snippet-box + namespace: snippet-box + labels: + app.kubernetes.io/name: snippet-box +spec: + selector: + app.kubernetes.io/name: snippet-box + type: ClusterIP + internalTrafficPolicy: Cluster + ports: + - protocol: TCP + port: 5000 + targetPort: 5000 + name: snippet-box diff --git a/apps/snippet-box/env/k3s-cluster/config.json b/apps/snippet-box/env/k3s-cluster/config.json new file mode 100644 index 0000000..98e6b4f --- /dev/null +++ b/apps/snippet-box/env/k3s-cluster/config.json @@ -0,0 +1,11 @@ +{ + "appName": "snippet-box", + "userGivenName": "snippet-box", + "destNamespace": "snippet-box", + "destServer": "https://kubernetes.default.svc", + "srcPath": "apps/snippet-box/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/apps/snippet-box/env/k3s-cluster/kustomization.yaml b/apps/snippet-box/env/k3s-cluster/kustomization.yaml new file mode 100644 index 0000000..a227ac4 --- /dev/null +++ b/apps/snippet-box/env/k3s-cluster/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../base \ No newline at end of file From a46fd9678ff029e94b4dd7e4a1f8ea4073a27c1c Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 16 Jul 2024 13:49:17 +1000 Subject: [PATCH 10/18] add app snippet-box --- resources/app-secrets/env/k3s-cluster/values.yaml | 2 -- .../env/k3s-cluster/templates => scripts}/postgresql.yaml | 0 2 files changed, 2 deletions(-) delete mode 100644 resources/app-secrets/env/k3s-cluster/values.yaml rename {resources/app-secrets/env/k3s-cluster/templates => scripts}/postgresql.yaml (100%) diff --git a/resources/app-secrets/env/k3s-cluster/values.yaml b/resources/app-secrets/env/k3s-cluster/values.yaml deleted file mode 100644 index 785f480..0000000 --- a/resources/app-secrets/env/k3s-cluster/values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -configMap: - enabled: false \ No newline at end of file diff --git a/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml b/scripts/postgresql.yaml similarity index 100% rename from resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml rename to scripts/postgresql.yaml From 00e6431fe0ad6bfe0b7e8f8570766b7275a27d2f Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 16 Jul 2024 13:53:58 +1000 Subject: [PATCH 11/18] add ns app-secrets --- resources/namespaces/base/app-secrets.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 resources/namespaces/base/app-secrets.yaml diff --git a/resources/namespaces/base/app-secrets.yaml b/resources/namespaces/base/app-secrets.yaml new file mode 100644 index 0000000..510eb2b --- /dev/null +++ b/resources/namespaces/base/app-secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + creationTimestamp: null + name: app-secrets +spec: {} +status: {} From b1e5f0f4a8afeaee5da82e9045233986c7036d9e Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 16 Jul 2024 13:56:58 +1000 Subject: [PATCH 12/18] add ns app-secrets --- resources/namespaces/base/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/resources/namespaces/base/kustomization.yaml b/resources/namespaces/base/kustomization.yaml index 46a572d..f975da8 100644 --- a/resources/namespaces/base/kustomization.yaml +++ b/resources/namespaces/base/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./adguard-home.yaml + - ./app-secrets.yaml - ./cert-manager.yaml - ./code-server.yaml - ./consul.yaml From fa93b3dbdbe76d82e2de38260d81653fd7f23bc3 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 16 Jul 2024 13:59:03 +1000 Subject: [PATCH 13/18] test sealed-secrets decryption --- .../app-secrets/env/k3s-cluster/templates}/postgresql.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {scripts => resources/app-secrets/env/k3s-cluster/templates}/postgresql.yaml (100%) diff --git a/scripts/postgresql.yaml b/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml similarity index 100% rename from scripts/postgresql.yaml rename to resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml From f4096d1459e3d516ab88e300fa2c2641d01bda97 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 16 Jul 2024 14:10:44 +1000 Subject: [PATCH 14/18] test sealed-secrets decryption --- resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml b/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml index cb7b9d5..da4d060 100644 --- a/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml +++ b/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml @@ -19,7 +19,6 @@ spec: annotations: argocd.argoproj.io/sync-options: Prune=false sealedsecrets.bitnami.com/cluster-wide: "true" - sealedsecrets.bitnami.com/managed: "true" creationTimestamp: null name: postgresql-secrets namespace: argocd From 33558ee672a791cf13c424237ed0b622de8060e8 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 17 Jul 2024 00:29:20 +1000 Subject: [PATCH 15/18] test sealed-secrets decryption --- .../env/k3s-cluster/templates/postgresql.yaml | 13 +++++++------ scripts/encrypt-file-by-sealed-secrets.sh | 6 ++++++ 2 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 scripts/encrypt-file-by-sealed-secrets.sh diff --git a/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml b/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml index da4d060..d551e72 100644 --- a/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml +++ b/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml @@ -9,17 +9,18 @@ metadata: namespace: argocd spec: encryptedData: - database: AgA8Z4zEQSXKsiDE3fXvDhqJqW9yRmXuegt42oRuKczXM3murKB213hqH6/MmPnKotoN13AY/RFZF/ibM7FSfwEc8RhLOihu3/6Bl8+/8EAYkN+HoHIO1LbJ3ChMChIKJAlqvvLN2FvBxUCFPaJJL5UDnpIhbW9j6BWqPGQT99VK0TsGQcTzNxiNbDkBThLoUmk0e7L1x1Zw/zT6DHd4jcJ1WuqLFCUQtfzSSvrXqQZMMmV+S2sQwrXQ72GYv9uOqmkFKFhPnJxaObw2+OeAExsM3ZzthlWbQRkfOSUSzooZXLtaLbkN2+rBGgyjg+eMiXQORnQBv8cNU67vAZUeudn3vj4tTaAD6788HLzs/n+5EdSWJJ3MdXVnYj10oM3xVAWqLhO/+Gv4bJhH/ZekNl6u5ApRN8a6nqCd9MepTJ/gt+0YrOgr0PtN8QtugL7tRj1jg6nMmUDm7FRBBEpgfQZqHIiEtRhyWQIeVDSclyDP5wuXcLcAgPxPOQJYMGcnPW7iAXs29wa79sVNHM8ylmxACpehSTcl8YK+sNXzAsgCAVYtmec5XzgEbGilNV3GELbAUO4DNnY13yQtMuoQSWl4K3ytxddoNnynKoJjN4k9b7bJLTuhsu4209enaajVmkiHF7uDZ5YZ5PM/7FPICdCiWCnjhMJqV+LZ+dCX3F7LRvDm7D3l+UM3ONdpaleGvXx4738qA5LsTA== - password: AgBibee/zNhTG2+QCJ3fT35IlAqKSpzVgK8abWHVSn4CG1s4Q30VmAiFecX4mhYI06bWZfRDPaJ8AcpKZTH9QcDrW2YQIguhTIDGDjDb1doEnsja076vQbHJJdpU/mAB7lJHA1e815aFnX1uH/FpYWYCb2XR55DwUI8p/z2t1hZ6P21eNZSuYZU2TvRo3FGtrciaAEfe3tp3uvbG+da/7qbB9ECTb7MHpCMpLlS81/Pl4/I9HtViWTesbFB2WCi1pBft/Ixqi+bRCRAyX88Cgs0t6SWMbznWGDbWZwjjr2MaQDT1zzIw6Tur1MgCNNLBenk5UTJrFbgzWfZSjeoJZhEN+8mGAWgl0gU5cGmBFuSzJnwyM97ZofKOxwdTEzkhe5nXcJbaEuNDuBTEiJBnQ+ZAwlBoVceXRsxVTEZ1KZBqgaWyfjRExQLJ0SXyzLUw57RI4+pS8A+2HEyQmSv491DEpsPOWZZqVxpLJd+0wK+bp5fkKo/Av9vemixbC59yaSIyFSTilSBJqXBPrupKsKoPiv9uo4Rx5i39W7cSmr8/0oC18vsvZzYQXVhB6V501PQsMONs/hvtiUh+QONe30bonWUGaecnzOHvkYelTjb5mYd17GZsmFaPJKALs7rVVszdeNYxkJ/P8bxKqNxGHtGTn/wiicp0Ktbtj0J5LT9TQtOSENdYM2xG8tNYIHVY5COe2fXvSMBRIo+MudjGKBo6qdI8kw== - postgres_password: AgAUUmikFv9V8vbrg3eu1kj2KZ0JuQDKt3LxHRGLzgaUfzvu9Bt75sQwa8ZLf/S3cwdyvdX49rPtqAAKYRCTcIxdtl2x8Q8ulmJVIDftABnEpU0M9+a+1hiI+5S7e5MF0fEzGMDqPlOJ6G0y6DLpjJ36wHsrNZ5yr4cR39NOQjIsqRpSCk5JQ3bIA98KPjlUZvpuR6/ScykCdok1oOfEnAM5GeRiPGo85/IoZ6JAmiIENHpjM5tKprpG/YLAoG47za1WMXMj/XexihyUkY59a8nsShOkRyD0LUrDvn/wDrG0Bp+4gSPoc6pfqNWxa9I7w/1gtB5RwwolkRXC2PsqN9qcnWDnY6JD9YpzNHCN7kNONorD66zNUMtiCoCv0PS33ZzTGwLDdyb2CqhMHKBJ/CyNrIgm5WNVmDT1QKOYiwTF3i026UK8nPgEtSo/oZnS/SXYBjRlQgT7BTLhmqSrlx7Enly7/32RCUZMA7AdSuUG/9GvXYIMKgaVb3irw1qcZLWXyozPB8F8SXEbx3hmMrpn2iTHC9Gpy7SCyLVFmzVbfGm33Y0wcYPgTGuHQV8Ctwo/5mECdIchr5WvWghAZf/DxquHIzAyN02awWRJp05BhAQ9tYtpjv7dS4oVhg6TXKaSvtN/xbTCiZEtFNDykeJHSr/8/4aIqdLIk42PRRlOmfv4UN6g2LMTu2+QneXN5r3iNv2l4SfgeLmY42Hx0WxiU4HDxg== - replication_password: AgA82yb5vKIG1wg3XxCI5rhCSQBp/udUfnN5zNfTmoLajAZlcSVpTsO6B+jZPOC1zn5kNZ2QL4BI5A1uFTLJvFBZSx+mo3aVn00t3AarpdIJDLG89MDO1EX4PzdefhNrCSWcWxquk2RQ3o4F/4c+QobwPFrq27fcnLfo6Mlv/S46gTlbtA7mcJdj0su5+9wauQZdmRvYeIcB/DxCkDXr+DCKoR7wd/pEg+5kDUzLBBlMsSVppx55U7Z5MPrCUuyQMiS2pDhyeWonp2P2XftRUbFq8hqBcVntK1t1GvZjKJE9MKdZ5lTQM8jzMlRcXrCGP4RPsDmAyhOEMGDNtspoYdEQ9StJq5sMUZRtBwsedv+i1AwAwv1ktemVEhVS55h82ito9ggHeUV4uZD8kgRiR+Ozp3/mM2UqM2sdietYmXy0DNo61/92w/dVDj5kP0HJevg2390NuvidQXLQ4OwCUAu3QTEZrMHOgS/8+HUcW3vbDO30DyOoGDylgXzNaJ0q94gdxqnYK6cLoGNiFnyTfFk8o3Zn4mEorOVFdaDAp4WzQVLRQx7X5TcyYNghePpqOFwmtOC2ozmRIb6r756BQYrOdR8/xfv9hSmsdsN7NYK7DNF3OMx2Sb7xN/QZbPmgKOImHTl8kkIDuTQig9CHWI3egjeJKb9iEj4hKlkoYjRulNaeALWcPFbiTQjmAWn6U8/lMGXZP8+4ZTg2vhZM41zrih4C4Q== - username: AgB9TcVufY3sowDTEMbPJ0b+m1Sit+OGi4jJNF0EEWREA7nbhstKufXe1pYI32Kam5a921qqrRBD5PWBxXbJRUX6MCQK4kFVuOCHVgUnrjfyqBBvuAaiXOhwvER6H5YmmqsfGo/jLIgRdCQo1SDgjgrPX6DiXyDvn4W0ow8+wiUlp3WVqD8tnLQsfVbxU7osuOF6Y0J0yAX6pvikGJzRlQ3m2Kp3z4BpNgTxLTQ9qaWhJmX8HnEFJmkivPGOs1BaaAG2urOAU1sohm2sfCmJfl+QTN4v/P5bY7g09Yc0qYsX2MW1QNCZHD5rk70F4EppBGvjsuCpp8jjxbJ+uglFfL43bHfg/9OXinEcLaeqyBgzlcvKiHz0sk542jwE+4fVi3M/L09GRnPz81ul1smFmr4ysu/IvfCb7XH/E7cAPoOuhjR0YYKQby2IuWZur+MK7V+mH1s9CbGXskS2TPmoj9iGY1dSr4voxOvRFvdthysEuurIVHn7lz3rWyYK5SO3Xoq4vtoLpE31bCw2rzsN26seGoKlGo1E0H2N+ruU+zWCxWl3oRj+mf6Bxb0LoLCciV7oht6cGHFnqNDsyfzubCYqTLxkpL0HGoaecrt3eCKDH0NWebFo3tCBoVHiWDuUqeYMY2MmCJKL74MtP8oaGyoSAIAB1K9yHCMK3OKYUrYBhUsLXpkAYZQE4pRwn0eC2Ms+9zBSbsc= + database: AgAB7xNXVe3wFeHNHPVLayqvTPteAQRzm7RYe40XlijFR1MSd+sF9Hr1+aqDuJR2C+hGK5d9wci7ByOznVWNKqVd8UFG/AhuG7rwkFU4qVr3PcVD5XfR9hRW0j7w/eaOoJyLUorC+cPcOXhtK2swy8rSxM0Rs/wbE5WkM88ujPoYAaCcPdvayL4QX5ONuz7dDoG4w1AwmwD8iaFCUYw7jQqLO3lLi77iOStNGpmac3PkK0rZIDv25ZqBsqN3WTQa2KTiuoAbDemlTjscy8yxsv72cS/XpalL+I1jKKzzd7bIr/4eaVL9kdO8VP0i2Udj+aCN70AUiyv3OhdRMmBOj1Iavw/4soPECvLwTLkt0rXCj6iaguibxeBWmKIkRGS3d4xn/c3FX2+MOWWEucRMWK/ps8x9zn43th5idrSX9kp3+wVBqENkUQuE1b/R6NRgoQdlouZZ+nJ7CvFQNQT9CbRlfzEmO/DZFJx67LLvG3dmwYAKlmsJgwtPMioOGod5aiHib/QoGEJdES39DdQUFpai+8u+SyS01lCllxwhD8I/ZTwoJtz2bs8wpxCh4BQfcRr9+l3PYyVVGAKHg6R0ghsPNpyACr9XjCFuGNLw71lLgL4LR8g/u6r8k04W2ZZRlw9KkqCTQLdZ36Bbwp+ztAWNZgxFtBhAV10k2Z2J+Qn7BRbdTmdmxdL4TCHiaBzVUmPcj8Gg6cEN2Q== + password: AgBnc2wM9CRlo3eJuKF008ZdrlHRnMwlt5p3xav2UKPBPegzBGJA6MJGDQnnyyv2mGVGzQ/QfMrUCVY6ZXR0k1Mg9qwiRxujQ1RtVyROjNSCKYIQbElQZt0nFa7OOZUCl3tPsIf2WDH2BEnZbSAIcaND9R+1lqvCAowEUTJAyOtFJvFXxAOp6vOE1zrPJzP0iJLhkEnRxTyYmdztaHU50u7lz4EliofSlZ3GkEmipGeKtWTkSRbyQbsXU4mfMgJoUOhMuAZ9h+4A1HBx1gTe49JPaCO+S8iXy/B2Xy/wuTiT1b84KaeT0P6g/8n8sMo8DGSEFxWDPx4XhFOGZlg9pibq5oGQ0Oz2SF9tyUjd59hJcmyuP0ZSU5XELX13DjpUdc3v+r9ZWL/jxvsxv+niY7wl8nPuSTi6cAcTEvKaqVbFYewKZ4Ow9sA8b6A7k9z1jzjdW4iFq+NsvfDisS/XsXSKFnFQXKPheL6+4kNBCYWy90NJrwcH8v89JuiW4H9VoFSRJUhczTxwdsG5LhCHQsgHtWziZtSs0ZFWj1s1LkS/l5xq5sigZa3b1xiw8Q/Ny+mjbqdIdxSXGKkvlC/0zL4onYNcaYNIFUExn/REcW6IOzjF8FtM627cfrxcgoXzLs8q1mdB3Rz5XdrJmyKo8f+LyxSNzJij1+rs+yzOejBruhpKEmNXzcCfFVyCHR1vz73ewKCJmlerJFLtkfM/IbANytizrw== + postgres_password: AgBUsqLSW6sDS2QAWNIAnSJZLUwrfu6lj/CIfDdz0meNvrChbVGuV+OeVQy6CLJIRlszcKMn/OrG/68+sV4tZOGAqw8lxq8n/3HtuvLX8Qyta1nMTWai2sPAZaFNAWG6ojM5UnltmdF3IMI+62fWKHlNTrOq1xyslwL+MroRiSx7bJPpzh9XNFwuyx3B4CQvUKwomIBY4eUor35dhlQcrhU26jPOmC/elDhgb3V0r9imhzosmbLso9Q+8cdD+pzCcEdbtgaHVni/NopYBephGCJfLbNOY4yyg77UuqMYq1zFX30vJ9DYQ0KMOm+f4mQQg29pjxg66YlhvKSj0WpU9H9kIfW2a3GGl9mxIcvIKIzCZdxKNR4/f29kxCgDNcj3IDd9ib/OxiwSSF0Vl/MADyQ7TbcHT1H42COrASRRvWgqrzv4yK1BGlntg2zGGu/YYpJTFakssySdfMu/PabhNv3oMuGU3DNDrn+g0qX2Otz6YOPb5tyIWpjOlArZ5VOnidsWZRtqTdZcDlgP73VqotoxEp149rhwdJtE9p5U6rhUD8LeqRmuXQ8CzyfqKjsEXgnm6bN5a61djMn3jj2F9JaALMnyE3lHtgymOly+gs7XALOJHwj7j/wJ2igw0iE9hvi8M4EEd1dzazK3haubysZB/rYhdTVFrXLge12ryxhaNw/PIzcqli85ZxcUVhHLoaiScPMkVIUXAKhefFqoEXy6vksP5w== + replication_password: AgBWL7kIctaBEfVS2rvdWX1l9w+FQoDeyrFdUp/+JIWfFQNp91NsYcjwIDKfMBXL5o7csvziCf5I93Komwyrdb4JA55Vk0XYLDclqJxrAru/+GjXymsUfa5G6rvycVA18Jo38tsmnCam/n66uC3pgXIodQBTMH22IWa5f63O7jAjUQBaKsUIuZDg1jnxlZzjKigMevd3XBFy4u4Rhn3L5mRIf3ovoTUBuA1k/+ar/mNZHq/oEwK6CZQrFt3nfyY36VofIMt5AgXdFF/GGHHi0ezoHO49vNtXnZwtPdbMLrj1C2nHWGvkTmt2DIzWUs0IW4zBJextdIiKqf8de205wNIfRFYRcZF4ql4AaibR42bcshlJZAPyshk08+yNo+94REA+deUKC+WLn68W1DFWonihXsU/3yCIFdLARpFqpWjjMfeW4sDT9fr2Cvn6H1JmyW0JCtzsynI+qq9u7okKJNZiuzllCck8Eua8kt0HoiOvRE0dl0xLro2xlEDqIbXFcuWcCJ1h848LsCWVnyc46MFEjFoiPJMm7kZjKqn9KoY7LnXuOLwryA2ONMGqBAII9pNVrfqfZ2bk3SZD/R/2iRQZvxWh/8DO+TXY8RqMP5FIse/5CZjf0xznou6+blc/upKfpyOrCsbJvz6wDyw6ms0/v68B++ZGH/2nxY8OM6I4rjEQo+2v7lw1nckhH6ZjD2Qm/iRsnn9W6mwqpaNDvWQj5I/+Og== + username: AgCqPoUSHDzeqAV0pENp0mkPYua25dJQndxZNY6YXR1VyaZO/XF1ZgRrVeMd4N9kQTsGsMGvAcQ+qd+x+bXaOLL13mlSqNF/hJgcM1LPMRo42dhOQ/nXlGZ2v6HH12cid2DZ2Y9UN6LfTAWoiRKbr4A91Rrht06ScINRap1qYnGPxG7xJ0BRtbXFdehp5FZIugdGMWmWS9Rh4beghu9Y5ch9Gir38alcPAI9O5MggQ1Sy3K22oDvBtImDYV7PRiJ7f3YLl3F3P6KmzlN9SBr3SpHxcJnQaS5fOBLbUpYKN1taLf80xo4w9PTe37dMGPZkNVRE9Nti6vcqErVEASpdbXi9xhRur0Kad/HPl63Y9bL9o4MxF1LfA7diKfBh31ojmeNjdO2WdF9G4Y/tw1yUidf0ghMns6p5xzMp8jCpfv4e5G+LdutDY8PTQrEZRDMKjGJKcVdFiHv7Ozi04e77XfQPUjQ/5Diu0UF+RACYTuiYi+N3kCHafnV6yyirABMe4z2Oic9cseo7cOfK13Ermymu2K3wXs5qCRftbwJjMs2ycAnQTUFRNhRvyIo90WZoumCVk1WR1TLPCatRdKFx3pjiBJ7wHY2aPezIGEk2IUjrD01PaPe46Bq0B8rwjmF1nr2cN6DpxFIgQpVWTTOKmYgEuYspAbWDYsrQu6Ks71QV4s2v6P/DZJuqCbrjHHDMG0mSxAMO7Q= template: metadata: annotations: argocd.argoproj.io/sync-options: Prune=false sealedsecrets.bitnami.com/cluster-wide: "true" + sealedsecrets.bitnami.com/managed: "true" creationTimestamp: null name: postgresql-secrets namespace: argocd - type: Opaque + type: Opaque \ No newline at end of file diff --git a/scripts/encrypt-file-by-sealed-secrets.sh b/scripts/encrypt-file-by-sealed-secrets.sh new file mode 100644 index 0000000..b1be8b0 --- /dev/null +++ b/scripts/encrypt-file-by-sealed-secrets.sh @@ -0,0 +1,6 @@ +#!/usr/bin/bash +set -e + +filePath=$1 + +cat $filePath | kubeseal -o yaml --scope cluster-wide --controller-name sealed-secrets --controller-namespace argocd | tee $filePath \ No newline at end of file From 42f2c2d7c632fe740b5c736a3258a4a636e22fc1 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 17 Jul 2024 00:42:06 +1000 Subject: [PATCH 16/18] test sealed-secrets decryption --- resources/sealed-secrets/base/kustomization.yaml | 8 -------- resources/sealed-secrets/base/values.yaml | 0 resources/sealed-secrets/env/k3s-cluster/config.json | 12 ------------ .../env/k3s-cluster/kustomization.yaml | 4 ---- scripts/5.install-sealed-secrets.sh | 6 ++++++ .../sealed-secrets-values.yaml | 0 6 files changed, 6 insertions(+), 24 deletions(-) delete mode 100644 resources/sealed-secrets/base/kustomization.yaml delete mode 100644 resources/sealed-secrets/base/values.yaml delete mode 100644 resources/sealed-secrets/env/k3s-cluster/config.json delete mode 100644 resources/sealed-secrets/env/k3s-cluster/kustomization.yaml create mode 100644 scripts/5.install-sealed-secrets.sh rename resources/sealed-secrets/env/k3s-cluster/values.yaml => scripts/sealed-secrets-values.yaml (100%) diff --git a/resources/sealed-secrets/base/kustomization.yaml b/resources/sealed-secrets/base/kustomization.yaml deleted file mode 100644 index db6356b..0000000 --- a/resources/sealed-secrets/base/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -helmCharts: - - name: sealed-secrets - repo: https://bitnami-labs.github.io/sealed-secrets - version: 2.16.0 - releaseName: sealed-secrets - valuesFile: values.yaml \ No newline at end of file diff --git a/resources/sealed-secrets/base/values.yaml b/resources/sealed-secrets/base/values.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/resources/sealed-secrets/env/k3s-cluster/config.json b/resources/sealed-secrets/env/k3s-cluster/config.json deleted file mode 100644 index 41ce2f9..0000000 --- a/resources/sealed-secrets/env/k3s-cluster/config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "appName": "sealed-secrets", - "userGivenName": "sealed-secrets", - "namespace": "sealed-secrets", - "destNamespace": "kube-system", - "destServer": "https://kubernetes.default.svc", - "srcPath": "resources/sealed-secrets/env/k3s-cluster", - "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", - "srcTargetRevision": "", - "labels": null, - "annotations": null -} \ No newline at end of file diff --git a/resources/sealed-secrets/env/k3s-cluster/kustomization.yaml b/resources/sealed-secrets/env/k3s-cluster/kustomization.yaml deleted file mode 100644 index a227ac4..0000000 --- a/resources/sealed-secrets/env/k3s-cluster/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ../../base \ No newline at end of file diff --git a/scripts/5.install-sealed-secrets.sh b/scripts/5.install-sealed-secrets.sh new file mode 100644 index 0000000..472b0f0 --- /dev/null +++ b/scripts/5.install-sealed-secrets.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -e + +helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets +helm repo update +helm install sealed-secrets -n kube-system --set-string fullnameOverride=sealed-secrets-controller sealed-secrets/sealed-secrets -f sealed-secrets-values.yaml \ No newline at end of file diff --git a/resources/sealed-secrets/env/k3s-cluster/values.yaml b/scripts/sealed-secrets-values.yaml similarity index 100% rename from resources/sealed-secrets/env/k3s-cluster/values.yaml rename to scripts/sealed-secrets-values.yaml From 6aafce43ce382d0d5aa8f900e3eaed8b671b8f45 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 17 Jul 2024 01:01:24 +1000 Subject: [PATCH 17/18] test sealed-secrets decryption --- .../env/k3s-cluster/templates/postgresql.yaml | 12 ++++++------ scripts/encrypt-file-by-sealed-secrets.sh | 5 +++-- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml b/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml index d551e72..88b444c 100644 --- a/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml +++ b/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml @@ -9,11 +9,11 @@ metadata: namespace: argocd spec: encryptedData: - database: AgAB7xNXVe3wFeHNHPVLayqvTPteAQRzm7RYe40XlijFR1MSd+sF9Hr1+aqDuJR2C+hGK5d9wci7ByOznVWNKqVd8UFG/AhuG7rwkFU4qVr3PcVD5XfR9hRW0j7w/eaOoJyLUorC+cPcOXhtK2swy8rSxM0Rs/wbE5WkM88ujPoYAaCcPdvayL4QX5ONuz7dDoG4w1AwmwD8iaFCUYw7jQqLO3lLi77iOStNGpmac3PkK0rZIDv25ZqBsqN3WTQa2KTiuoAbDemlTjscy8yxsv72cS/XpalL+I1jKKzzd7bIr/4eaVL9kdO8VP0i2Udj+aCN70AUiyv3OhdRMmBOj1Iavw/4soPECvLwTLkt0rXCj6iaguibxeBWmKIkRGS3d4xn/c3FX2+MOWWEucRMWK/ps8x9zn43th5idrSX9kp3+wVBqENkUQuE1b/R6NRgoQdlouZZ+nJ7CvFQNQT9CbRlfzEmO/DZFJx67LLvG3dmwYAKlmsJgwtPMioOGod5aiHib/QoGEJdES39DdQUFpai+8u+SyS01lCllxwhD8I/ZTwoJtz2bs8wpxCh4BQfcRr9+l3PYyVVGAKHg6R0ghsPNpyACr9XjCFuGNLw71lLgL4LR8g/u6r8k04W2ZZRlw9KkqCTQLdZ36Bbwp+ztAWNZgxFtBhAV10k2Z2J+Qn7BRbdTmdmxdL4TCHiaBzVUmPcj8Gg6cEN2Q== - password: AgBnc2wM9CRlo3eJuKF008ZdrlHRnMwlt5p3xav2UKPBPegzBGJA6MJGDQnnyyv2mGVGzQ/QfMrUCVY6ZXR0k1Mg9qwiRxujQ1RtVyROjNSCKYIQbElQZt0nFa7OOZUCl3tPsIf2WDH2BEnZbSAIcaND9R+1lqvCAowEUTJAyOtFJvFXxAOp6vOE1zrPJzP0iJLhkEnRxTyYmdztaHU50u7lz4EliofSlZ3GkEmipGeKtWTkSRbyQbsXU4mfMgJoUOhMuAZ9h+4A1HBx1gTe49JPaCO+S8iXy/B2Xy/wuTiT1b84KaeT0P6g/8n8sMo8DGSEFxWDPx4XhFOGZlg9pibq5oGQ0Oz2SF9tyUjd59hJcmyuP0ZSU5XELX13DjpUdc3v+r9ZWL/jxvsxv+niY7wl8nPuSTi6cAcTEvKaqVbFYewKZ4Ow9sA8b6A7k9z1jzjdW4iFq+NsvfDisS/XsXSKFnFQXKPheL6+4kNBCYWy90NJrwcH8v89JuiW4H9VoFSRJUhczTxwdsG5LhCHQsgHtWziZtSs0ZFWj1s1LkS/l5xq5sigZa3b1xiw8Q/Ny+mjbqdIdxSXGKkvlC/0zL4onYNcaYNIFUExn/REcW6IOzjF8FtM627cfrxcgoXzLs8q1mdB3Rz5XdrJmyKo8f+LyxSNzJij1+rs+yzOejBruhpKEmNXzcCfFVyCHR1vz73ewKCJmlerJFLtkfM/IbANytizrw== - postgres_password: AgBUsqLSW6sDS2QAWNIAnSJZLUwrfu6lj/CIfDdz0meNvrChbVGuV+OeVQy6CLJIRlszcKMn/OrG/68+sV4tZOGAqw8lxq8n/3HtuvLX8Qyta1nMTWai2sPAZaFNAWG6ojM5UnltmdF3IMI+62fWKHlNTrOq1xyslwL+MroRiSx7bJPpzh9XNFwuyx3B4CQvUKwomIBY4eUor35dhlQcrhU26jPOmC/elDhgb3V0r9imhzosmbLso9Q+8cdD+pzCcEdbtgaHVni/NopYBephGCJfLbNOY4yyg77UuqMYq1zFX30vJ9DYQ0KMOm+f4mQQg29pjxg66YlhvKSj0WpU9H9kIfW2a3GGl9mxIcvIKIzCZdxKNR4/f29kxCgDNcj3IDd9ib/OxiwSSF0Vl/MADyQ7TbcHT1H42COrASRRvWgqrzv4yK1BGlntg2zGGu/YYpJTFakssySdfMu/PabhNv3oMuGU3DNDrn+g0qX2Otz6YOPb5tyIWpjOlArZ5VOnidsWZRtqTdZcDlgP73VqotoxEp149rhwdJtE9p5U6rhUD8LeqRmuXQ8CzyfqKjsEXgnm6bN5a61djMn3jj2F9JaALMnyE3lHtgymOly+gs7XALOJHwj7j/wJ2igw0iE9hvi8M4EEd1dzazK3haubysZB/rYhdTVFrXLge12ryxhaNw/PIzcqli85ZxcUVhHLoaiScPMkVIUXAKhefFqoEXy6vksP5w== - replication_password: AgBWL7kIctaBEfVS2rvdWX1l9w+FQoDeyrFdUp/+JIWfFQNp91NsYcjwIDKfMBXL5o7csvziCf5I93Komwyrdb4JA55Vk0XYLDclqJxrAru/+GjXymsUfa5G6rvycVA18Jo38tsmnCam/n66uC3pgXIodQBTMH22IWa5f63O7jAjUQBaKsUIuZDg1jnxlZzjKigMevd3XBFy4u4Rhn3L5mRIf3ovoTUBuA1k/+ar/mNZHq/oEwK6CZQrFt3nfyY36VofIMt5AgXdFF/GGHHi0ezoHO49vNtXnZwtPdbMLrj1C2nHWGvkTmt2DIzWUs0IW4zBJextdIiKqf8de205wNIfRFYRcZF4ql4AaibR42bcshlJZAPyshk08+yNo+94REA+deUKC+WLn68W1DFWonihXsU/3yCIFdLARpFqpWjjMfeW4sDT9fr2Cvn6H1JmyW0JCtzsynI+qq9u7okKJNZiuzllCck8Eua8kt0HoiOvRE0dl0xLro2xlEDqIbXFcuWcCJ1h848LsCWVnyc46MFEjFoiPJMm7kZjKqn9KoY7LnXuOLwryA2ONMGqBAII9pNVrfqfZ2bk3SZD/R/2iRQZvxWh/8DO+TXY8RqMP5FIse/5CZjf0xznou6+blc/upKfpyOrCsbJvz6wDyw6ms0/v68B++ZGH/2nxY8OM6I4rjEQo+2v7lw1nckhH6ZjD2Qm/iRsnn9W6mwqpaNDvWQj5I/+Og== - username: AgCqPoUSHDzeqAV0pENp0mkPYua25dJQndxZNY6YXR1VyaZO/XF1ZgRrVeMd4N9kQTsGsMGvAcQ+qd+x+bXaOLL13mlSqNF/hJgcM1LPMRo42dhOQ/nXlGZ2v6HH12cid2DZ2Y9UN6LfTAWoiRKbr4A91Rrht06ScINRap1qYnGPxG7xJ0BRtbXFdehp5FZIugdGMWmWS9Rh4beghu9Y5ch9Gir38alcPAI9O5MggQ1Sy3K22oDvBtImDYV7PRiJ7f3YLl3F3P6KmzlN9SBr3SpHxcJnQaS5fOBLbUpYKN1taLf80xo4w9PTe37dMGPZkNVRE9Nti6vcqErVEASpdbXi9xhRur0Kad/HPl63Y9bL9o4MxF1LfA7diKfBh31ojmeNjdO2WdF9G4Y/tw1yUidf0ghMns6p5xzMp8jCpfv4e5G+LdutDY8PTQrEZRDMKjGJKcVdFiHv7Ozi04e77XfQPUjQ/5Diu0UF+RACYTuiYi+N3kCHafnV6yyirABMe4z2Oic9cseo7cOfK13Ermymu2K3wXs5qCRftbwJjMs2ycAnQTUFRNhRvyIo90WZoumCVk1WR1TLPCatRdKFx3pjiBJ7wHY2aPezIGEk2IUjrD01PaPe46Bq0B8rwjmF1nr2cN6DpxFIgQpVWTTOKmYgEuYspAbWDYsrQu6Ks71QV4s2v6P/DZJuqCbrjHHDMG0mSxAMO7Q= + database: AgAX8Tf6cT+MUJ4B3Gc7yMB3tahvty0FCfa8a5pGAQjtIBIjNpv6pljxxYsPLr81SNkrrrdsxVX2SMGTsKwmqb0/PQ/11QagK466+mOFQZbhpnBJM0Tw6BkK17xseAkJQAvpeL96kcNYRb8y3mLEf2+WDbySgALgtRI0+cd48B+I0o4FM77SG5MDmfDMPnqaG2hk1wTzIcMDotx8TMKixzzEJaYJo9KQkWhogK0Km745susNDl3EsemzPoLyvMGJYjb/WO1DUHpwHR+ay9lWoyzSDVy93lGlHOBN0vmSwPm/Fmn5/sg2lquVRXiLNJSxpIqUO3U1kt1NwA43GD05MvKTwdVo+sTojmAB9mDHdmDSHlm0Da+6WW8OZqaWRGQYbQT1ObXuVVhq0OexlkUoCzAv8F34swnHcxLKtNvMg9OFvDPNgwGp919YQyj034999R8FkxQG9s5JdZdJE/TgfR1nDktcqLqA0PYCc39SStSJDuFoiMHixqS5fZ6JNb5jzXASVdSwg/XTxGETW+2MuTcThIqZKibwKPqJjChCfxCFYRCeZqz/wuU786pfASRIhV6tUnaMAH4CCF3nOk7WUIjN6z5xnArf4+qVp/yWXBJELy5pZOSpu+0YXJE1RfhvF2e0QvjWpA9HjViz8T3LNOz1jYqxvkq1khPvm02UjZ4goah/D0IEtqxYtQVoIxAFB1fo6c89DHi8Ug== + password: AgArQBO70IA7xcegTcIGVDExQESd44FUhZmmVAdl/bXKo1XPvtAF7W3hthShPZBTPE5fvD/6hPKXAKH72G3zknVOcXnGDgYkFMidZDXHiwYvkLO5+8JwyAbQk+TlnHsH/HzRNBe8ezxvGJV9S2Add86Pn+4YGhTv0ukxhiAmK8agXAv3VhbKPoygNIMwqVkudu2EVN8bscIpiWXT7fDR9M31QtJPNBAphTiP3XYrRTvEAgx5uW1m7qGMAMsZNcz1kIvMs2A3jE1Z6gxK5FuqPtM4kW8PU9VftNt7xUFqiBkVUqkYxkPrirKuTFCYi3qYSX2sfaJt8jHPcgMEv+joPDvMAjoYiBZYaHtVc+n1WXTNPy2zqHvSfm7zIStWPyM1Fpdv+HA1Px2vESx0e45R+kMt6fHB+vdSpTdkiYpBBj35gJezMB+SBJyLbvd6bQ7s2lG/K/+VA8P2opiSvrXzE76DAuL9O5x27J1mRRsvjMIf2DZWM1HtyweeK80VfEJi2rSd+tDryfEcZ2+nAKPmlyrK/lOwYCXoOYr62157xz/rfygPCCqShI7iR26GWUgJg2W1JsNTkrCWOzja9wevzlTlGtRw93lQChp3XNq4U3vBnrU2zXWnisKlaQ0yWslN48hYf2NEdoeRp7FN3RQttp5esec+8MLp2I6zE0i2mpTFd+bvcEK0c0ULx/vJveOTORDfXhq8a8uPKEU8AeXa2E78A0R3fg== + postgres_password: AgCZZ71mYGEJBAt05blxX+9Dt48/ZaHC5KBuwXfZ2av2R4yI+bTowM33fulwthtpxDqDhZPmA+mIvM2ofh4IzQs3c5+JPhjqRxy05mi/lOD/JKH0EgJcAz7qrG5BybT13eKuSNSF4qvgr8VYHWhp2EQ44uzGiX1vKeWoIzGlrLLNJz7NYooqBo4O1+jNzz4Uz1LAUO5mMwV+fsFnX/9fFBbR29Y3Iz1iJXyo43ClvTLNQ3EYe8rKAiIUUqMFVuLLB2+Z21sToss6QEjilba+o0Iz81bMfUSIHPBR3Phx/M28OK1+PSFA2wbkTI77E/5s9bbvPg3wor4ZBYh0rkfKvSQkA5tVCN3F4hVeL9JFClGG666W3TK0gX3ytc2o+uH7jYIRbzU6XkBifeF15iRWd7cD+3pPAsrIRaSU9Zhd6pdFj05CbqUplURDI3rynEGKqdRq+ZoeLq+ugYWMqE0zzIJtvLIwTZhcKtyrkW/OZDJ0IrsIFwPgyyu7/YylWxRtzTrIhWsGS5Y7vg43Y6X+2G4u+n0d5/3ZUdXcBc9N65kW4JLOyDJ/R+qVOWXKY0TGUfEyxQncskZ7dnFhu7FnVFsmFPKDWoBzR6aNUvXRJzlTchM1D1eP6K/pkEtdVsBzaG9ivYCDW2kN7SpDJURJ2kmapSKAgi1VVgzJ977F3y+gTkbyr377EgIDMmHykprLJO6edYpk/Cam+UBxbMhCxDpkZYyGcg== + replication_password: AgBp5VqDelJqfUasDDVvntrAfhWkcyX6sBE/jl8CV183hn8sFvSguIkFxkLbiq12Z3VsdATGxZmKMtwkm3ifrYnD61+ko2saymUPZlu/Z/D2NcVLXZzME555iXIslDYKtPMixygpegWagoXgcqh7qOjNo6SvSqKTIzW2tFDF3EFLBpVQJ0LWO+8WbmnqFn78pVRR8SG6bUskMrQj4gisQcKxZh2ITEMGM+BakghGu4H0uF9zlRUpw6tLH+0JSeELSpdNZEormA3ScyktxswANWyXpRhVnrE4pQTfJ9QgmuVZyFLqMm6/tr1yKsR6w8Cb37lyQEk6jj20c1vNTSfDN1Onv61005wYHAdv+gUEj4J96RP33e+ERmmGNonwJOz77/3XKXoHS0LPqxdFKvpGIvttEllLt0d/ZtpyJgDoOwfRv2EHbdn6YllD6lxzdqFxNUTv1lErvnvMNShxJnQU2vbpjtjqw5tdFBMP1BuZpL7FjzSucQB4ia33EvK/Cc6OD3R3RrrdTWaaONE0WO8ZZqItpalo+HHUf1PcThBJCM79cKjXWFaEpyF3OIUnz4R0y3Z9x0nUCQCeGoE1yzH7K6GJ0A277eCw29dHXY6Yla1FZFVXSKnUQ1Yg1clY6DTAaPuhGUmBzu/hdp9gKUv6Uip+LfrHcaJh93IcTLAxyls5uGZg+v6xTmhHRZL1veoSNAALiHqnYq4cD8IH5y8Ke/au4GWzHQ== + username: AgBLHpEZ1T4YyiXAbGUcpqsiQM4m0Qjsz/OrEQxJYO4OB5tzJVuV0auU4CKu3AtAtEsQaPG8Vu+jRqN4IOXilf2EwxEmbEAgxsS+AQ8wZ1IFErw8ggqr0KIulThMH4gavbecVydGSzM3tT5cdwava01oMcWK8WAVcD1JjLLbSY10jwPVphZ/laGqX36u33hruSYXDqgnjUBEfjWsBt5mBuVi9+Pc6oKD8JzDxi0tmkHgx1oQ54y3XQU1kCk6rSjrSIcnZnPlN5xHhDzQ5dEzhFn9OIN6NWbQg1uUf6UOIRjrGEIfKQVTukfufLb1+scosbTzL/HtP8RiQGAjnmoy+zQR6FSs35MhYMjyg9RiUUaqACXs6RwhJRdajXsDJxscbn41wjq9g2KPKdl6GNARvP4iE9iyka1drO6BsX1Q932YA7YdiZkhtfOpkKmf9NOdrkQmO5421eolTrOiwtvRns/P0IrOLeClaUsfDZvGQSdkDAblqq4fqlUQ7dsUb2QvSbFe/6mj5Ph2FU/egelAuzs+n2K3xa2yc4RqVJbH74KY5eP0l4nc/JRkwpeMHVBAsq5SWI8pWM6zQ1iA7UfwH1cczMSav6iu6do+1IEBEIXpN7KmIirCnc+7y3eX1519ysxX6UoUv3RV6uC1QDOWZWQhJmRYdf4acGDgWGomjgnAVwBRXNbz4Rvl5ZJd4z+5AKX8jAeL8/M= template: metadata: annotations: @@ -23,4 +23,4 @@ spec: creationTimestamp: null name: postgresql-secrets namespace: argocd - type: Opaque \ No newline at end of file + type: Opaque diff --git a/scripts/encrypt-file-by-sealed-secrets.sh b/scripts/encrypt-file-by-sealed-secrets.sh index b1be8b0..0536289 100644 --- a/scripts/encrypt-file-by-sealed-secrets.sh +++ b/scripts/encrypt-file-by-sealed-secrets.sh @@ -1,6 +1,7 @@ #!/usr/bin/bash set -e -filePath=$1 +secretName=$1 +filePath=$2 -cat $filePath | kubeseal -o yaml --scope cluster-wide --controller-name sealed-secrets --controller-namespace argocd | tee $filePath \ No newline at end of file +cat $filePath | kubeseal --format yaml --scope cluster-wide | tee $filePath \ No newline at end of file From dad8ccbeaebcaa413652be91448b0c5b8a9ea252 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 17 Jul 2024 01:04:52 +1000 Subject: [PATCH 18/18] test sealed-secrets decryption --- .../env/k3s-cluster/templates/postgresql.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml b/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml index 88b444c..12094e2 100644 --- a/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml +++ b/resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml @@ -6,14 +6,14 @@ metadata: sealedsecrets.bitnami.com/cluster-wide: "true" creationTimestamp: null name: postgresql-secrets - namespace: argocd + namespace: postgresql spec: encryptedData: - database: AgAX8Tf6cT+MUJ4B3Gc7yMB3tahvty0FCfa8a5pGAQjtIBIjNpv6pljxxYsPLr81SNkrrrdsxVX2SMGTsKwmqb0/PQ/11QagK466+mOFQZbhpnBJM0Tw6BkK17xseAkJQAvpeL96kcNYRb8y3mLEf2+WDbySgALgtRI0+cd48B+I0o4FM77SG5MDmfDMPnqaG2hk1wTzIcMDotx8TMKixzzEJaYJo9KQkWhogK0Km745susNDl3EsemzPoLyvMGJYjb/WO1DUHpwHR+ay9lWoyzSDVy93lGlHOBN0vmSwPm/Fmn5/sg2lquVRXiLNJSxpIqUO3U1kt1NwA43GD05MvKTwdVo+sTojmAB9mDHdmDSHlm0Da+6WW8OZqaWRGQYbQT1ObXuVVhq0OexlkUoCzAv8F34swnHcxLKtNvMg9OFvDPNgwGp919YQyj034999R8FkxQG9s5JdZdJE/TgfR1nDktcqLqA0PYCc39SStSJDuFoiMHixqS5fZ6JNb5jzXASVdSwg/XTxGETW+2MuTcThIqZKibwKPqJjChCfxCFYRCeZqz/wuU786pfASRIhV6tUnaMAH4CCF3nOk7WUIjN6z5xnArf4+qVp/yWXBJELy5pZOSpu+0YXJE1RfhvF2e0QvjWpA9HjViz8T3LNOz1jYqxvkq1khPvm02UjZ4goah/D0IEtqxYtQVoIxAFB1fo6c89DHi8Ug== - password: AgArQBO70IA7xcegTcIGVDExQESd44FUhZmmVAdl/bXKo1XPvtAF7W3hthShPZBTPE5fvD/6hPKXAKH72G3zknVOcXnGDgYkFMidZDXHiwYvkLO5+8JwyAbQk+TlnHsH/HzRNBe8ezxvGJV9S2Add86Pn+4YGhTv0ukxhiAmK8agXAv3VhbKPoygNIMwqVkudu2EVN8bscIpiWXT7fDR9M31QtJPNBAphTiP3XYrRTvEAgx5uW1m7qGMAMsZNcz1kIvMs2A3jE1Z6gxK5FuqPtM4kW8PU9VftNt7xUFqiBkVUqkYxkPrirKuTFCYi3qYSX2sfaJt8jHPcgMEv+joPDvMAjoYiBZYaHtVc+n1WXTNPy2zqHvSfm7zIStWPyM1Fpdv+HA1Px2vESx0e45R+kMt6fHB+vdSpTdkiYpBBj35gJezMB+SBJyLbvd6bQ7s2lG/K/+VA8P2opiSvrXzE76DAuL9O5x27J1mRRsvjMIf2DZWM1HtyweeK80VfEJi2rSd+tDryfEcZ2+nAKPmlyrK/lOwYCXoOYr62157xz/rfygPCCqShI7iR26GWUgJg2W1JsNTkrCWOzja9wevzlTlGtRw93lQChp3XNq4U3vBnrU2zXWnisKlaQ0yWslN48hYf2NEdoeRp7FN3RQttp5esec+8MLp2I6zE0i2mpTFd+bvcEK0c0ULx/vJveOTORDfXhq8a8uPKEU8AeXa2E78A0R3fg== - postgres_password: AgCZZ71mYGEJBAt05blxX+9Dt48/ZaHC5KBuwXfZ2av2R4yI+bTowM33fulwthtpxDqDhZPmA+mIvM2ofh4IzQs3c5+JPhjqRxy05mi/lOD/JKH0EgJcAz7qrG5BybT13eKuSNSF4qvgr8VYHWhp2EQ44uzGiX1vKeWoIzGlrLLNJz7NYooqBo4O1+jNzz4Uz1LAUO5mMwV+fsFnX/9fFBbR29Y3Iz1iJXyo43ClvTLNQ3EYe8rKAiIUUqMFVuLLB2+Z21sToss6QEjilba+o0Iz81bMfUSIHPBR3Phx/M28OK1+PSFA2wbkTI77E/5s9bbvPg3wor4ZBYh0rkfKvSQkA5tVCN3F4hVeL9JFClGG666W3TK0gX3ytc2o+uH7jYIRbzU6XkBifeF15iRWd7cD+3pPAsrIRaSU9Zhd6pdFj05CbqUplURDI3rynEGKqdRq+ZoeLq+ugYWMqE0zzIJtvLIwTZhcKtyrkW/OZDJ0IrsIFwPgyyu7/YylWxRtzTrIhWsGS5Y7vg43Y6X+2G4u+n0d5/3ZUdXcBc9N65kW4JLOyDJ/R+qVOWXKY0TGUfEyxQncskZ7dnFhu7FnVFsmFPKDWoBzR6aNUvXRJzlTchM1D1eP6K/pkEtdVsBzaG9ivYCDW2kN7SpDJURJ2kmapSKAgi1VVgzJ977F3y+gTkbyr377EgIDMmHykprLJO6edYpk/Cam+UBxbMhCxDpkZYyGcg== - replication_password: AgBp5VqDelJqfUasDDVvntrAfhWkcyX6sBE/jl8CV183hn8sFvSguIkFxkLbiq12Z3VsdATGxZmKMtwkm3ifrYnD61+ko2saymUPZlu/Z/D2NcVLXZzME555iXIslDYKtPMixygpegWagoXgcqh7qOjNo6SvSqKTIzW2tFDF3EFLBpVQJ0LWO+8WbmnqFn78pVRR8SG6bUskMrQj4gisQcKxZh2ITEMGM+BakghGu4H0uF9zlRUpw6tLH+0JSeELSpdNZEormA3ScyktxswANWyXpRhVnrE4pQTfJ9QgmuVZyFLqMm6/tr1yKsR6w8Cb37lyQEk6jj20c1vNTSfDN1Onv61005wYHAdv+gUEj4J96RP33e+ERmmGNonwJOz77/3XKXoHS0LPqxdFKvpGIvttEllLt0d/ZtpyJgDoOwfRv2EHbdn6YllD6lxzdqFxNUTv1lErvnvMNShxJnQU2vbpjtjqw5tdFBMP1BuZpL7FjzSucQB4ia33EvK/Cc6OD3R3RrrdTWaaONE0WO8ZZqItpalo+HHUf1PcThBJCM79cKjXWFaEpyF3OIUnz4R0y3Z9x0nUCQCeGoE1yzH7K6GJ0A277eCw29dHXY6Yla1FZFVXSKnUQ1Yg1clY6DTAaPuhGUmBzu/hdp9gKUv6Uip+LfrHcaJh93IcTLAxyls5uGZg+v6xTmhHRZL1veoSNAALiHqnYq4cD8IH5y8Ke/au4GWzHQ== - username: AgBLHpEZ1T4YyiXAbGUcpqsiQM4m0Qjsz/OrEQxJYO4OB5tzJVuV0auU4CKu3AtAtEsQaPG8Vu+jRqN4IOXilf2EwxEmbEAgxsS+AQ8wZ1IFErw8ggqr0KIulThMH4gavbecVydGSzM3tT5cdwava01oMcWK8WAVcD1JjLLbSY10jwPVphZ/laGqX36u33hruSYXDqgnjUBEfjWsBt5mBuVi9+Pc6oKD8JzDxi0tmkHgx1oQ54y3XQU1kCk6rSjrSIcnZnPlN5xHhDzQ5dEzhFn9OIN6NWbQg1uUf6UOIRjrGEIfKQVTukfufLb1+scosbTzL/HtP8RiQGAjnmoy+zQR6FSs35MhYMjyg9RiUUaqACXs6RwhJRdajXsDJxscbn41wjq9g2KPKdl6GNARvP4iE9iyka1drO6BsX1Q932YA7YdiZkhtfOpkKmf9NOdrkQmO5421eolTrOiwtvRns/P0IrOLeClaUsfDZvGQSdkDAblqq4fqlUQ7dsUb2QvSbFe/6mj5Ph2FU/egelAuzs+n2K3xa2yc4RqVJbH74KY5eP0l4nc/JRkwpeMHVBAsq5SWI8pWM6zQ1iA7UfwH1cczMSav6iu6do+1IEBEIXpN7KmIirCnc+7y3eX1519ysxX6UoUv3RV6uC1QDOWZWQhJmRYdf4acGDgWGomjgnAVwBRXNbz4Rvl5ZJd4z+5AKX8jAeL8/M= + database: AgBJ/TwGeaHpcCg6oSUywLp1q84Gr3rm3w3J4v5A0NoRPucO029RVtYCr3Lz3VJ06c6qyWFAZCEo3jRvYer67vZenN9uSfZS+qtQafyeISogUejpmHzulOvgvQXTBU09X6lKzCC6l+HFKB1qJ0bMzabY127KHIvgv7Dq+v4Mv7l2L6fdE1PElqozTciWsynAZbSNRQrDZB5g0SYnuLURPpnYe3OXQbUWzZsKnuP6oCiGAJsO0OlVQq5QwxvosfpmQeth6GBKUoymPqI1AOYl3qKDtATrlC4jEFOLTttQmXgU+aJMhx82TEkLrtIv4uniNTSFFJlIe3IOlstcPKypx67J8aPSes9Yw30a0Loe4PFAwe6jkYhpvdgfKJjs8Iw4N3GfAtWkyAcOCQ6tGUKlcAAoErvUo0QLe/QeB4GWWklSd3yo4tH3XD2rwFzgBbFlFmCLgwvS5AZw/KL/TDzyMu9MHYjUUMjtgP46/pApYKBRLXmGRwO+4Bec7IKqJfS+hsK8Ax2hdvJlsmiwkm3WmdMVDXznQzjZ2APRdKtgUSD5onHHKODOPq2MwV2a+qHuCvpbaU6FaM86Brb7zgYxBhatLJdDFCqEPxudO/Z04D/tPqq1q9iuBO8i2afQr00Yqync1SC8Ua3iAxks27PX5XZcy6/wCbWGzgxVldktmUiKLzeyCrDVX+yMj1xQ9e5WpIBKrSWlztUWBQ== + password: AgAu0129Ov9tkdHLsEQOXJFppXj/DtLpUEOFjwV29IVGYIgNEVGJ04vEbXL3y46gih6h3NuUZU0DrT0kyNTwIRWm1AKAzAMZ6jGYsGvxYOOnLzZKO/mLrWb3Wh9srh9I7S2OCY63XsBZjemfqyDlgS/s1146fnLzndpJAribTf060nhhNhGODWDEZcd0zn53eL3V8Mu8Sh0qen6oCrbtHUBN21IJLmqvNWr6XsINGrlI9emNRvsVc7KTLd74KcHfhGTGELogBNxECZQIT7BVC3PGHRvAD+XD2pnJgQrYi7QcCZj9C64Ivcui645JL++BDFtdegyJZN478Fn2YRqt+p/eW6pd3QhC+Xl66o9KuktbkbhtEPUhDM+jBJluFFECEdDuqAi9FiDiZSRrLaMPmudwuhpSUFeo4zFjkPcs38yuqS0ruIvzo0F0xf5XtENXFj38vCwVzPDY/3Ip1RLB9M4xV1LBV82eANM+FEsn7FALvXRC/anL/lqq0CNzM479h5KfwfALIqF4pFYLSPguDzuiYFoDMBpHBakFvi8aAryOnOjURI9rWvWEvXzdLyYEgfFGlETbyh3az8PJlixv1owzjGC8JdIv266pqAJJIh+hyZqZ44M6XaL9qEwfWktoYueJIFTPElkY89f3Hf1to3vrPO17hUHRG9IVuU/f9CBpq2VG/DDduPfc1HQZMhtjalJbxT/Etvd3t/8vmI+4vvVPkWBWMQ== + postgres_password: AgC+PhYh1JmEpaO3S3dR0sMpMKBMg7rcECaiuPvczFEPUR9RepSofQEoQ31NuWMr8H5uSTAof5t57xNoLfFDLA7a2MWqE+0o94Z8hN7u05/wjhAuHPN43/EWGMQ5fI95r3kwpIoen3qjYWDIiYhCOHoAuj70OqYj0UZWxPyG/Hlqklo8DZ/wEzLBA2qyQ7iPOqjpD6niFOafv35/594dAQlwmKgViZNz8cruFxNn1pDwo1aCTtFqw+4xrCTRIyoyfPanyo6DlqxZtLMqKzEKaSeU8U+iF3dKpjOWN27RNtxB4YjfjR9oyqu6nGGv7uPEZLcmk/LjZZB6760Ok4VCb4f2WhziNSnN9mlKdUi8BREBuZBx4wTCxHAryKnX2bUrPhsQZEVaUa9cceplHTRglHN4bB5BTl8SekFaCP6sHyIDL8n88wjqTaHaRnjlbmUu82ehu87EZMCYZu2jIWQoDS3VeyUMhs+pf8iqrg2yal1dX/SlpDThvyElKSnXYE0mLXsmME6skWm7e0iEZljSM9ZGiAZLJEqBPFqpvqbVOkZ12Nh0qj/8N9R+jow/x2SgV/afBOqLHtmLRrJdXy6EOvvIXnswwLZHIq0Ak8tewpFHlEdnWNaV7RJrPfM2ArkodxMPjvy/IXUUOs1HQZc56OPyb9GwgCYIvBWFiPFrpEruW9h9Dk+ahgJvMLT4oQNrje5R/jpdHEY7Rf8dXL2DV+bVDBcBQw== + replication_password: AgBkc4gk1ZyvJPChepr45Qs2xSQIFVLWjaV5VIfHOYIQF+SFSjxlHqEWsPwZFa9nU6soK/kOukTS6nlW+MTzPXHZZRu3fPdyY8ETa4Iq5588v3xWKVrUyLpKIVIkRnwguTlh+54MUylOBugyHSKAOowWyaiu1VvjS7L75b5NTXYeXIDVegBzss1OVEW/GoTaRgx23GJbGSfB0t1eqhdeF8bQRmkpI7rdBIO99bw4TEF7x3+PfEK9k5dctLbWKl1raSJeVLXClm+tQiN3eU2SvSBRxhyHIg2w7mshMreX7JQd9AJL0AcPzLKaSDhP/Dr2lFXIVtA1QbG8baEM2sMH2cVVFj9yHVZZ2zY1NruElSju0jQXfKXc6ZYR9P5FGBI33ZZnfqXefdchepRccv4VLv9M79e5toVt5KciUv3d50RVMIDv46OvYO1qmLuXpyIxnh6bHHUtFLrJSODfjxDU/OVWHSgTRJh7M7OZqgzCpNUQWG48fT546aAiBpX3qqh/C2T/dw2esHXhaS0V7q5FL+NiW1wWMmyPbkzAMyMXw4j04Zy3RFhIQ3ga+Hq7aKC7hwBBx1obwabz0q9mbvk1yk1Fgllfxtp5FxKFb3LtGOQOnWZlo3u0sgYG5F6Wr9psPMdBqtBHETQzBIzhTt+8QxLp2yOZ7HaY06WYL5NViEcRKBRQWbhf2C4gXyAwOOXlRPyBlZ+9nJbTAH3D/3cEOHP4DPqpig== + username: AgAsbp2tj4P/IS6gM9yMov1dxs6MyR8r3WkDhVQhR4zn8aFByml4GfPhTFQHHNawVUDrnEUiBzV2fTFG7+45HlOtPOJ2w/0Uc1vC0PiX6qdjhRASiTIj0qtndnPvatW7Q1eKycwB7WdKHEO4CRLKYaLGc2sqQ0i3Us+IGPV/8xmvyk/fmG/EnFBwny1fclKxkkT5me9RPmqnO2btxIx7Pe2Flo2Bo82YZwCTP1dvBmG/XbgE5oqDoX1ZDnP0WelIBB0d6uqF+g+ZhWZEuxAZJAv7FUoTmR+4x8JLMTZ6ByP3J8ZaAnEg3g20r18QNCZV7wz8qWM1LLoU9G2rHEWssF2IKYxgf5JpB/ESdtZVKgBkvTAbSc+9Css/NFT3cSeVflxbnRczUTRwP8/4zqSX0U0qTwChCOx4LvrznWYF7v2gennziIIxc2rdT9en2o0OKKF7db5rIhCi1m/C5peu9CEhqm9mzxfDfNj6gCED8a2z75IHHpqj7BGNBqjKtmSb+0+gmwfZG0i5UOczSSxNBayXsCkUPZZNYb1lnPLNnxASBRAcFikqHHpp0gsb54DmgL/LzfZGEEbzco59/DA1F9O+Ypy11FlLJw89bM+4bHoLXnzqI48tlThslFT6pIYT7nizJR+zjn+3pC6bxX31MqQPVu6whfHIR6OBh94T1fyoISdc3SeODTlsNAd9/pPnS7v+LaPaQno= template: metadata: annotations: @@ -22,5 +22,5 @@ spec: sealedsecrets.bitnami.com/managed: "true" creationTimestamp: null name: postgresql-secrets - namespace: argocd + namespace: postgresql type: Opaque