Merge pull request #502 from 3dwardch3ng/infra/sealed-secrets

add sealed-secrets

infrastructures/postgresql/env/k3s-cluster/kustomization.yaml

@@ -1,4 +0,0 @@
-#apiVersion: kustomize.config.k8s.io/v1beta1
-#kind: Kustomization
-#resources:
-#  - ../../base

projects/k3s-cluster-secrets.yaml

@@ -1,52 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "2"
-  creationTimestamp: null
-  name: app-secrets
-  namespace: argocd
-spec:
-  generators:
-    - git:
-        files:
-          - path: secrets/env/k3s-cluster/config.json
-        repoURL: https://github.com/3dwardch3ng/home-cluster-ops.git
-        requeueAfterSeconds: 20
-        revision: ""
-        template:
-          metadata: {}
-          spec:
-            destination: {}
-            project: ""
-            source:
-              repoURL: ""
-  syncPolicy: { }
-  template:
-    metadata:
-      metadata:
-        labels:
-          app.kubernetes.io/managed-by: argocd
-          app.kubernetes.io/name: '{{ appName }}'
-        name: '{{ userGivenName }}'
-        namespace: argocd
-      spec:
-        destination:
-          namespace: '{{ destNamespace }}'
-          server: '{{ destServer }}'
-        ignoreDifferences:
-          - group: argoproj.io
-            jsonPointers:
-              - /status
-            kind: Application
-        project: k3s-cluster
-        source:
-          helm:
-            valueFiles:
-              - secrets://{{ srcPath }}/postgresql.yaml
-        syncPolicy:
-          automated:
-            allowEmpty: true
-            prune: true
-            selfHeal: true
-status: {}

resources/sealed-secrets/base/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+helmCharts:
+  - name: sealed-secrets
+    repo: https://bitnami-labs.github.io/sealed-secrets
+    version: 2.16.0
+    releaseName: sealed-secrets
+    valuesFile: values.yaml

resources/sealed-secrets/env/k3s-cluster/config.json

@@ -1,9 +1,9 @@
 {
-  "appName": "app-secrets",
+  "appName": "sealed-secrets",
-  "userGivenName": "app-secrets",
+  "userGivenName": "sealed-secrets",
   "destNamespace": "argocd",
   "destServer": "https://kubernetes.default.svc",
-  "srcPath": "secrets/env/k3s-cluster/templates/secrets",
+  "srcPath": "resources/sealed-secrets/env/k3s-cluster",
   "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
   "srcTargetRevision": "",
   "labels": null,

resources/sealed-secrets/env/k3s-cluster/values.yaml

@@ -0,0 +1,3 @@
+service:
+  type: NodePort
+  nodePort: 31008

secrets/env/k3s-cluster/Chart.yaml

@@ -1,23 +0,0 @@
-apiVersion: v2
-name: app-secrets
-description: Applications
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "1.0"

secrets/env/k3s-cluster/templates/secrets.yaml

@@ -1,10 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: app-secrets
-  namespace: argocd
-spec:
-  source:
-    helm:
-      valueFiles:
-        - secrets://secrets/postgresql.yaml

secrets/env/k3s-cluster/templates/secrets/postgresql.yaml

@@ -1,32 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: postgresql-secrets
-  namespace: flux-system
-type: Opaque
-stringData:
-  postgres_password: ENC[AES256_GCM,data:zue+FIUT+6iVqetulQIPegJKuJg=,iv:YEIaGAFPK73+qXZ3lx95kEbVCELSvMCwdeiryZXK+kQ=,tag:VHbpcCVTpHuMGR2Sh+5Zjg==,type:str]
-  username: ENC[AES256_GCM,data:OiDwHKxM,iv:rWmb9BV1qZ7I5bg/MZjSyHroz1esi4xNl6hrfEm/53o=,tag:vPcZAHDqCYk2JsFwgqwE7A==,type:str]
-  password: ENC[AES256_GCM,data:UjKHr0IGhiK7vlwg0URqpxUXONM=,iv:B5AYc4HCxcaImlYxKYNNeRcpznGXlkFqA0ybxf8duLY=,tag:mpLmMvTzahTp0iIiBtYGrw==,type:str]
-  database: ENC[AES256_GCM,data:TxW5MxlS6DY=,iv:bOoQvdNz7mul5ibqDjiJ/C1UoHS37OxjK/seXHn1UCc=,tag:O5OSrqSf0ziNGnxVZP6+Zg==,type:str]
-  replication_password: ENC[AES256_GCM,data:NbeXfZuVCbyeAdMA7l7mX6jJyTQ=,iv:P0l1LOr7GyVoE+lYchU0w1KUgoqEbxR6Fy5OYFhjW8E=,tag:3+uKwk3a71nQNIaCKVCV9Q==,type:str]
-sops:
-  kms: []
-  gcp_kms: []
-  azure_kv: []
-  hc_vault: []
-  age:
-    - recipient: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz
-      enc: |
-        -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqUlc3dUF6bnp2L0J5UXpx
-        NU5XWlZhdDhHWGJDVTljYUtxd2xWOUozSXdVCnN2UnZIRWt1d2xoWXpYYmI1Z2pC
-        ZE5MTy9LdTgza2VPUmYvSHplU2JiTEEKLS0tIGhTVjU3M3dDd3Jpb21aM2J0QmlF
-        ZHFxd3dFZTJxcG9QTFA5dFRZK1JicTgKRM29yMy9JVrXe/9LZ/XnsNyVXUEJ1qBS
-        0mhGIkv/zukXzmJ0VAJ+pAgJMcgcOYNPg9Mjhny3zYvdONGlcGj2HA==
-        -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-06-18T03:05:29Z"
-  mac: ENC[AES256_GCM,data:hwEwWTOy164Cnu2xRkP4GiyJhgUuIvHwRb970OMYPLM2cYGN0DudIjkB2qbjtR8DSgaVT2h+sJrkWdgp4sjlROLeEbeZDMrZZ/RxNjeb364guJpmpAZts6DaYWCc9VukCpGnFTRzARoyEiYin8fw4KhfdwuzuOQq2fkQOued0mw=,iv:Os10YeN0KM1a676aUbuSDxmgc+FfqzP0FEJ5417okfw=,tag:2fJbvY9V9Ixm6Mn6JfOJEQ==,type:str]
-  pgp: []
-  encrypted_regex: ^(data|stringData)$
-  version: 3.8.1