From 2e477239fb8f5e9d8154a32dfe12f3827aa9b305 Mon Sep 17 00:00:00 2001 From: Robert Burgess Date: Wed, 21 Aug 2024 01:06:50 -0400 Subject: [PATCH] add secret for gh --- apps/simplysyncedllc-com/deployment.yaml | 2 +- clusters/pi_cluster/github.yaml | 17 ++++++++++++++ infrastructure/github/secrets.yaml | 28 ++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 clusters/pi_cluster/github.yaml create mode 100644 infrastructure/github/secrets.yaml diff --git a/apps/simplysyncedllc-com/deployment.yaml b/apps/simplysyncedllc-com/deployment.yaml index 9e21fbf..73a96e5 100644 --- a/apps/simplysyncedllc-com/deployment.yaml +++ b/apps/simplysyncedllc-com/deployment.yaml @@ -31,7 +31,7 @@ spec: spec: containers: - name: simplysyncedllc-com-site - image: ghcr.io/simplysynced/simplysyncedllc_website:latest + image: gitea.simplysyncedllc.com/dex/ss_website:1.2.0 ports: - name: http containerPort: 3000 diff --git a/clusters/pi_cluster/github.yaml b/clusters/pi_cluster/github.yaml new file mode 100644 index 0000000..3364f3a --- /dev/null +++ b/clusters/pi_cluster/github.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: github + namespace: flux-system +spec: + decryption: + provider: sops + secretRef: + name: sops-age + interval: 60s + sourceRef: + kind: GitRepository + name: flux-system + path: ./infrastructure/github + prune: true + wait: true diff --git a/infrastructure/github/secrets.yaml b/infrastructure/github/secrets.yaml new file mode 100644 index 0000000..5b80085 --- /dev/null +++ b/infrastructure/github/secrets.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Secret +type: kubernetes.io/dockerconfigjson +metadata: + name: github-registry-key + namespace: flux-system +data: + .dockerconfigjson: eyBhdXRoczogeyBnaGNyLmlvOiB7IGF1dGg6IFZWTkZVazVCVFVVNloyaHdYMkUwZFVOclZGRlJOMkUwVUZCMFpFZEhSRTFCZVdwNFVrMTZiRFpNWkRSRGFGZ3pUZz09IH0gfSB9 +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1t4epxq5lzcnyj4xjav9jgnvnyaucyk243y4np9h78fx3k8lc55lqv6uu4z + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtNzJvRWlmWWk0TWdIdEtz + UXNtZ21pc2V1QS9mVnFhbElnNGVqUjJNNUhrCnl3aDBlWUYrYnhUTDRMd0ljV1Vm + YmxINTFTb0E1bUlsNXk3SUQ5MmpIRHcKLS0tIHBHVUFEU3R5dkpDUForcnNOQnkz + Vkg5UzN4N1FoWDV0LzlJZXA1bkRlOXMK0h2PBhVu6C5ALvkVVp8WaCykdWH9yH0B + KzpAEI0PjlDtQbKKInnet30WZLWRhYDjUXd54BohXP4mqL5n9Srrlg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-21T05:06:18Z" + mac: ENC[AES256_GCM,data:RaGnJqLNsUot0/JFYPSKLY5p0x3vRAg2ptWDAvq7TUX6v88Wi7GYi6eQD5o2RlHnp5JlWoQ1mKU0iZVqyx/VbA3V1uaqqc8MegfCWrYFj9KeGE32QF6OYp/cQji0/X66iEOsVD/wiEBBaoVGxE8LfUcbDZivT0Ovi486JqNIXZg=,iv:to3i9jB595stzrnOnBfMH9cLaxgDksrYyk83XBDndP8=,tag:yrBl91QW6ca4X75QWL6qMg==,type:str] + pgp: [] + encrypted_regex: ^(stringData|token)$ + version: 3.9.0