Mathis
0a5e8a17e2
Reviewed-on: #16 |
||
---|---|---|
apps | ||
infra | ||
.gitignore | ||
.sops.yaml | ||
README.md | ||
renovate.json |
README.md
K3s Configs
Helm configs and Kubernetes manifests for my dev cluster managed by Kustomize.
Structure
- infra
- apps
- authelia: SSO and basic auth provider
- gitea: Git server with Actions and renovate-bot
- namesny-com: Personal website and blog
Requirements
Usage
Generate age key
mkdir -p $HOME/.config/sops/age
age-keygen -o $HOME/.config/sops/age/keys.txt
Create .sops.yaml
file in the repo root and copy the age public key
.sops.yaml
creation_rules:
- unencrypted_regex: "^(apiVersion|metadata|kind|type)$"
age: "<age public key>"
Create secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
Encrypt the secret using sops
sops -e secret.yaml > secret.enc.yaml
Create secret-generator.yaml
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: gitea-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./secret.enc.yaml
Use secret generator in kustomization.yaml
generators:
- ./secret-generator.yaml
Deploy application
kustomize build --enable-helm --enable-alpha-plugins --enable-exec . | k apply -f -