Go to file
Mathis 0a5e8a17e2 Merge pull request 'chore(deps): update helm release renovate to v37.102.0' (#16) from renovate/renovate-37.x into main
Reviewed-on: #16
2023-12-18 09:00:57 +00:00
apps chore(deps): update helm release renovate to v37.102.0 2023-12-18 01:00:19 +00:00
infra Move authelia to infra 2023-12-13 20:03:28 +00:00
.gitignore Add sops and gitignore 2023-11-28 21:06:09 +00:00
.sops.yaml Add sops and gitignore 2023-11-28 21:06:09 +00:00
README.md Update README.md 2023-12-02 12:22:37 +00:00
renovate.json Disable path updates 2023-12-06 12:49:04 +00:00

README.md

K3s Configs

Helm configs and Kubernetes manifests for my dev cluster managed by Kustomize.

Structure

Requirements

Usage

Generate age key

mkdir -p $HOME/.config/sops/age
age-keygen -o $HOME/.config/sops/age/keys.txt

Create .sops.yaml file in the repo root and copy the age public key

.sops.yaml

creation_rules:
  - unencrypted_regex: "^(apiVersion|metadata|kind|type)$"
    age: "<age public key>"

Create secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm

Encrypt the secret using sops

sops -e secret.yaml > secret.enc.yaml

Create secret-generator.yaml

apiVersion: viaduct.ai/v1
kind: ksops
metadata:
  name: gitea-secret-generator
  annotations:
    config.kubernetes.io/function: |
        exec:
          path: ksops        
files:
- ./secret.enc.yaml

Use secret generator in kustomization.yaml

generators:
  - ./secret-generator.yaml

Deploy application

kustomize build --enable-helm --enable-alpha-plugins --enable-exec . | k apply -f -