diff --git a/clusters/prod/apps.yaml b/clusters/prod/apps.yaml index aee6541..c90d35f 100644 --- a/clusters/prod/apps.yaml +++ b/clusters/prod/apps.yaml @@ -16,4 +16,8 @@ spec: decryption: provider: sops secretRef: - name: sops-age \ No newline at end of file + name: sops-age + postBuild: + substituteFrom: + - kind: Secret + name: cluster-vars-prod \ No newline at end of file diff --git a/clusters/prod/cluster-vars.yaml b/clusters/prod/cluster-vars.yaml new file mode 100644 index 0000000..4e3f2e5 --- /dev/null +++ b/clusters/prod/cluster-vars.yaml @@ -0,0 +1,17 @@ +# /clusters/prod/vars.yaml +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cluster-vars + namespace: flux-system +spec: + interval: 10m0s + path: ./clusters/prod/cluster-vars + prune: true + sourceRef: + kind: GitRepository + name: flux-system + decryption: + provider: sops + secretRef: + name: sops-age \ No newline at end of file diff --git a/clusters/prod/cluster-vars/kustomization.yaml b/clusters/prod/cluster-vars/kustomization.yaml new file mode 100644 index 0000000..64abb24 --- /dev/null +++ b/clusters/prod/cluster-vars/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: flux-system +resources: + - secret.enc.yaml \ No newline at end of file diff --git a/clusters/prod/cluster-vars/secret.enc.yaml b/clusters/prod/cluster-vars/secret.enc.yaml new file mode 100644 index 0000000..4ea4b84 --- /dev/null +++ b/clusters/prod/cluster-vars/secret.enc.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cluster-vars-prod + namespace: flux-system +stringData: + DOMAIN: ENC[AES256_GCM,data:95H2LGPNDZWu,iv:dPZncDMxmt80FgX2Kzc3u4Tw3ZN5XxNm1W9RExxkozw=,tag:OPCTvLJesJ7OzmZ4/c04sQ==,type:str] + GITEA_DOMAIN: ENC[AES256_GCM,data:6eDeGcMQp71VTjRUfA==,iv:KtCy5YQeV4tY8xzFuH2y2Yp8QWzK7ZOSuWdKhihklgU=,tag:PkdH/n01nHWCyaAW4QwoPg==,type:str] + AUTHELIA_DOMAIN: ENC[AES256_GCM,data:iWiuvZ5U0rCH64IOe3k=,iv:8WaB4ukSauuzmdD+TlKCVlNE2opox+XlVVjr+ER9mH0=,tag:oLWQ4r+LgzRpHTuU2mu+Xw==,type:str] + TRAEFIK_DOMAIN: ENC[AES256_GCM,data:QC1SpkDPrqZm+sc3e1Tv8So=,iv:YQLzZNP4+D7EcCJYYMygsFfHAjNIh12q449ensSmcc8=,tag:l6HnN4GBq9+9TynWzZCTng==,type:str] + LEMMA_DOMAIN: ENC[AES256_GCM,data:3+HM+wE0SZeceyAJGx9e,iv:TrOp/Lcf+Ka3RlusoBvmhOVIbRquJ7fHK/ThXSkU4SU=,tag:kGwqvbHQ4jgQ6lbz+9zvKw==,type:str] + LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:932hjsPXXEzeeMRoCxScU0YsKo0iwDE=,iv:aVnK22akFCamQMWC+pgmhN1Ok8RUwRJ7RCrqryJUiaU=,tag:e7QZYNeR2QRJg94BRRqZSw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRGZmNGpKVWYva0VJRTdh + TGh1eXhHUzM0bm51QTJZOENjbDkrMEdPM3pJCnNwN1pGK3E3VVZVSXpWTVBSemYw + eTVHNjZvZStISTBpeVhoazc3VFMxdVkKLS0tIEErYkFTV1o4RW1tODFWWk9VNkho + dWwrUlpjQ2xZVjNJSG9vN0tidHVvMnMKwNj4Gm3bXY/vbVIq2bH7/8OWBVMiUxuk + ttMDYmoTmGAqWwa3uYxpAJiYV6Qni0rGsEop+IKs4DehcmH7UH2XZw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-30T14:20:14Z" + mac: ENC[AES256_GCM,data:X8J6nwxK+ECLilgwpeSDcf8OTBuqZYEXiFe2UhIBfIB/xrdGRSnPrwcMf3drswftdjnHT9biFocyC3/D9Qv/dPF9iC5ft3D38SDvklstLCn97YivdxQZxGcdggp0we14WVGhmjvlLLucLZ9+1KN5tx+P2r8LhjsI+JhwkB13Zbk=,iv:QU28TNdNwzAsjyEA3po75iPZB8nIq7zCrD3y8JDzkr8=,tag:qPRcTlmAjC4BGEmsxctIRg==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.9.0 diff --git a/clusters/prod/infrastructure.yaml b/clusters/prod/infrastructure.yaml index c57619d..bb04175 100644 --- a/clusters/prod/infrastructure.yaml +++ b/clusters/prod/infrastructure.yaml @@ -9,6 +9,8 @@ spec: interval: 10m0s path: ./infrastructure/core prune: true + dependsOn: + - name: cluster-vars sourceRef: kind: GitRepository name: flux-system @@ -46,3 +48,7 @@ spec: provider: sops secretRef: name: sops-age + postBuild: + substituteFrom: + - kind: Secret + name: cluster-vars-prod \ No newline at end of file