Go to file

Mathis 0a5e8a17e2 Merge pull request 'chore(deps): update helm release renovate to v37.102.0' (#16 ) from renovate/renovate-37.x into main Reviewed-on: #16		2023-12-18 09:00:57 +00:00
apps	chore(deps): update helm release renovate to v37.102.0	2023-12-18 01:00:19 +00:00
infra	Move authelia to infra	2023-12-13 20:03:28 +00:00
.gitignore	Add sops and gitignore	2023-11-28 21:06:09 +00:00
.sops.yaml	Add sops and gitignore	2023-11-28 21:06:09 +00:00
README.md	Update README.md	2023-12-02 12:22:37 +00:00
renovate.json	Disable path updates	2023-12-06 12:49:04 +00:00

README.md

K3s Configs

Helm configs and Kubernetes manifests for my dev cluster managed by Kustomize.

Structure

infra
- storage: Local path provisioner configuration
- traefik: Reverse proxy with wildcart SSL certificates
apps
- authelia: SSO and basic auth provider
- gitea: Git server with Actions and renovate-bot
- namesny-com: Personal website and blog

Requirements

Usage

Generate age key

mkdir -p $HOME/.config/sops/age
age-keygen -o $HOME/.config/sops/age/keys.txt

Create .sops.yaml file in the repo root and copy the age public key

.sops.yaml

creation_rules:
  - unencrypted_regex: "^(apiVersion|metadata|kind|type)$"
    age: "<age public key>"

Create secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm

Encrypt the secret using sops

sops -e secret.yaml > secret.enc.yaml

Create secret-generator.yaml

apiVersion: viaduct.ai/v1
kind: ksops
metadata:
  name: gitea-secret-generator
  annotations:
    config.kubernetes.io/function: |
        exec:
          path: ksops        
files:
- ./secret.enc.yaml

Use secret generator in kustomization.yaml

generators:
  - ./secret-generator.yaml

Deploy application

kustomize build --enable-helm --enable-alpha-plugins --enable-exec . | k apply -f -