Add weave and sops
This commit is contained in:
parent
6367ea742b
commit
526f896e24
|
@ -0,0 +1 @@
|
|||
age.agekey
|
|
@ -22,6 +22,10 @@ spec:
|
|||
interval: 10m0s
|
||||
path: ./clusters/production
|
||||
prune: true
|
||||
decryption:
|
||||
provider: sops
|
||||
secretRef:
|
||||
name: sops-age
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: infra-controllers
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 1h
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
||||
path: ./infrastructure/controllers
|
||||
prune: true
|
||||
wait: true
|
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
|
||||
sops --age=age1esjyg2qfy49awv0ptkzvpk425adczjr38m37w2mmcahzc4p8n54sll2nzh --encrypt --encrypted-regex '^(data|stringData)$' --in-place "$1"
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- oidc-secret.yaml
|
||||
- weave-gitops.yaml
|
|
@ -0,0 +1,32 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: oidc-auth
|
||||
namespace: flux-system
|
||||
type: Opaque
|
||||
stringData:
|
||||
issuerURL: ENC[AES256_GCM,data:31lcrvswL8AC6Sf/VDGxCe7l7THWSZCdAFnauzmgHdfVhIrBQpg2Os4sOLvIZO+y8Unz4jc=,iv:6ryLcYvXgzmp02cY/mi/OglLKeFUrgiH4Nchfhy4fr0=,tag:iA8pGiPlW5oj8mAIDY4y5w==,type:str]
|
||||
clientID: ENC[AES256_GCM,data:7oBQUR8=,iv:Lin3Cler/1R1HaRmPqr5qwB4ejBR77z7hMWtfcp1hVM=,tag:ftWdHeSPAnZEhgy8Y/mHRg==,type:str]
|
||||
clientSecret: ENC[AES256_GCM,data:u7y/1jz9WSIUANXeL4hV+paPpql3eVZYoF8c5LfuPWY=,iv:VjZlHRnHgyxSWb+XewtrpqNyrYpddWJrDWMeKLSJvzY=,tag:p54D18DlEwR83VhtMZOQ6Q==,type:str]
|
||||
redirectURL: ENC[AES256_GCM,data:SWX72pcOQeHki+7yJ9qaH97J38EtJ7uWt8PD3dXtJEXOc9jYaFBxGbnxuh8TYMTk2hGpOw==,iv:K3xi5hFYghdcyeiheSo0XHerrJEZnPj7eXHzbKGQxrU=,tag:cNnqiQBt7MgaQHxDvon9+A==,type:str]
|
||||
tokenDuration: ENC[AES256_GCM,data:jMTkv29n,iv:tV1QI9Wfh3wJJSPv9otImbWEUQX9YzFvv03tTp7G08A=,tag:EMSR/VvkHhXTin3E28uFeQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1esjyg2qfy49awv0ptkzvpk425adczjr38m37w2mmcahzc4p8n54sll2nzh
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjZHFuUmVnemZXYU11azVa
|
||||
ZWNTZUdCVzVhdXNMTjY2dlZTTG9YMEE3VHdJCjBrMDgrUFYweExNb3Y2aUs4QUNa
|
||||
V1hBWU9DMnY1cjY1RVUxcmRHczI5TnMKLS0tIDIyK1V0MExOTlZIMktkYmxMWDgw
|
||||
Y1VSM0NZTFdVMmZYaVlMQXhTdkpDNEkKx4iEuFixUbvJTVAmXS2xDepDqxa8O0wQ
|
||||
uaV/SV3Q9Ub+VK+//FygrkCiUgAs61cr+623p4vEvu4044KNR9OLRw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-03-16T22:45:15Z"
|
||||
mac: ENC[AES256_GCM,data:zHf2SET/iNdqUqianIia2zGIwIM0HoGtWy7jbpWimRjEPB6Ofm740oGQxwovmLuoCcExjZQzU+FA9/9DKAuOtgnWWtGgDuwwHrJQf3GBZtlQg0s8TzYn2wVrEoIfqD6lOi2qscoLsvEikrJXyoQnkXFISBRjNxxfbjRWwmBibBg=,iv:DSYrQRJggoOab3br2JA4NbNy1Z2ew3crFf+jfnoTta4=,tag:oWPcvQO1XQ7ox/fWZF89QQ==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
|
@ -0,0 +1,48 @@
|
|||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: weave-gitops
|
||||
namespace: flux-system
|
||||
spec:
|
||||
type: oci
|
||||
interval: 60m0s
|
||||
url: oci://ghcr.io/weaveworks/charts
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: weave-gitops
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 60m
|
||||
chart:
|
||||
spec:
|
||||
chart: weave-gitops
|
||||
version: "4.0.16"
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: weave-gitops
|
||||
interval: 12h
|
||||
# https://github.com/weaveworks/weave-gitops/blob/main/charts/gitops-server/values.yaml
|
||||
values:
|
||||
#resources:
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 64Mi
|
||||
# limits:
|
||||
# cpu: 1
|
||||
# memory: 512Mi
|
||||
adminUser:
|
||||
create: false
|
||||
oidcSecret:
|
||||
create: false
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-dns
|
||||
hosts:
|
||||
- host: weave.midnightthoughts.space
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
Loading…
Reference in New Issue