Set up cluster vars

2025-12-22 16:44:24 +00:00 · 2024-12-30 15:25:20 +01:00
parent c83f8feffc
commit 1eaa3a42e4
5 changed files with 65 additions and 1 deletions
--- a/clusters/prod/apps.yaml
+++ b/clusters/prod/apps.yaml
@@ -16,4 +16,8 @@ spec:
  decryption:
    provider: sops
    secretRef:
-      name: sops-age
+      name: sops-age
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: cluster-vars-prod
--- a/clusters/prod/cluster-vars.yaml
+++ b/clusters/prod/cluster-vars.yaml
@@ -0,0 +1,17 @@
+# /clusters/prod/vars.yaml
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cluster-vars
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  path: ./clusters/prod/cluster-vars
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
--- a/clusters/prod/cluster-vars/kustomization.yaml
+++ b/clusters/prod/cluster-vars/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: flux-system
+resources:
+  - secret.enc.yaml
--- a/clusters/prod/cluster-vars/secret.enc.yaml
+++ b/clusters/prod/cluster-vars/secret.enc.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: cluster-vars-prod
+    namespace: flux-system
+stringData:
+    DOMAIN: ENC[AES256_GCM,data:95H2LGPNDZWu,iv:dPZncDMxmt80FgX2Kzc3u4Tw3ZN5XxNm1W9RExxkozw=,tag:OPCTvLJesJ7OzmZ4/c04sQ==,type:str]
+    GITEA_DOMAIN: ENC[AES256_GCM,data:6eDeGcMQp71VTjRUfA==,iv:KtCy5YQeV4tY8xzFuH2y2Yp8QWzK7ZOSuWdKhihklgU=,tag:PkdH/n01nHWCyaAW4QwoPg==,type:str]
+    AUTHELIA_DOMAIN: ENC[AES256_GCM,data:iWiuvZ5U0rCH64IOe3k=,iv:8WaB4ukSauuzmdD+TlKCVlNE2opox+XlVVjr+ER9mH0=,tag:oLWQ4r+LgzRpHTuU2mu+Xw==,type:str]
+    TRAEFIK_DOMAIN: ENC[AES256_GCM,data:QC1SpkDPrqZm+sc3e1Tv8So=,iv:YQLzZNP4+D7EcCJYYMygsFfHAjNIh12q449ensSmcc8=,tag:l6HnN4GBq9+9TynWzZCTng==,type:str]
+    LEMMA_DOMAIN: ENC[AES256_GCM,data:3+HM+wE0SZeceyAJGx9e,iv:TrOp/Lcf+Ka3RlusoBvmhOVIbRquJ7fHK/ThXSkU4SU=,tag:kGwqvbHQ4jgQ6lbz+9zvKw==,type:str]
+    LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:932hjsPXXEzeeMRoCxScU0YsKo0iwDE=,iv:aVnK22akFCamQMWC+pgmhN1Ok8RUwRJ7RCrqryJUiaU=,tag:e7QZYNeR2QRJg94BRRqZSw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRGZmNGpKVWYva0VJRTdh
+            TGh1eXhHUzM0bm51QTJZOENjbDkrMEdPM3pJCnNwN1pGK3E3VVZVSXpWTVBSemYw
+            eTVHNjZvZStISTBpeVhoazc3VFMxdVkKLS0tIEErYkFTV1o4RW1tODFWWk9VNkho
+            dWwrUlpjQ2xZVjNJSG9vN0tidHVvMnMKwNj4Gm3bXY/vbVIq2bH7/8OWBVMiUxuk
+            ttMDYmoTmGAqWwa3uYxpAJiYV6Qni0rGsEop+IKs4DehcmH7UH2XZw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-12-30T14:20:14Z"
+    mac: ENC[AES256_GCM,data:X8J6nwxK+ECLilgwpeSDcf8OTBuqZYEXiFe2UhIBfIB/xrdGRSnPrwcMf3drswftdjnHT9biFocyC3/D9Qv/dPF9iC5ft3D38SDvklstLCn97YivdxQZxGcdggp0we14WVGhmjvlLLucLZ9+1KN5tx+P2r8LhjsI+JhwkB13Zbk=,iv:QU28TNdNwzAsjyEA3po75iPZB8nIq7zCrD3y8JDzkr8=,tag:qPRcTlmAjC4BGEmsxctIRg==,type:str]
+    pgp: []
+    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
+    version: 3.9.0
--- a/clusters/prod/infrastructure.yaml
+++ b/clusters/prod/infrastructure.yaml
@@ -9,6 +9,8 @@ spec:
  interval: 10m0s
  path: ./infrastructure/core
  prune: true
+  dependsOn:
+    - name: cluster-vars
  sourceRef:
    kind: GitRepository
    name: flux-system
@@ -46,3 +48,7 @@ spec:
    provider: sops
    secretRef:
      name: sops-age
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: cluster-vars-prod