djpbessems/Kubernetes.K3s.installLog
djpbessems/Kubernetes.K3s.installLog
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Store sealed secrets in version control #2

Browse Source
This commit is contained in:
Danny Bessems 2022-04-06 12:07:21 +02:00
parent ec67cc3a90
commit 009256d8cb
3 changed files with 35 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@ -1,6 +1,5 @@
*TODO: Files with sensitive data; migrate to SealedSecret*
```
# line ??: services/TfState/deploy-TfState.yml
# line ??: services/Mastodon/deploy-Mastodon.yml
```
@ -299,11 +298,16 @@ kubectl apply -f services/PVR/deploy-Sonarr.yml
```shell
kubectl apply -f services/Shaarli/deploy-Shaarli.yml
```
##### 5.11) [Traefik-Certs-Dumper](https://github.com/ldez/traefik-certs-dumper) <small>(certificate tooling)</small>
##### 5.11) [Terraform backend](https://www.terraform.io/language/settings/backends/pg) <small>(supporting database)</small>
```shell
kubectl apply -f services/TfState/deploy-TfState.yml
kubectl apply -f services/TfState/sealedSecret-TfState.yml
```
##### 5.12) [Traefik-Certs-Dumper](https://github.com/ldez/traefik-certs-dumper) <small>(certificate tooling)</small>
```shell
kubectl apply -f services/TraefikCertsDumper/deploy-TraefikCertsDumper.yml
```
##### 5.12) [Unifi-Controller]() <small>(wlan AP management)</small>
##### 5.13) [Unifi-Controller]() <small>(network infrastructure management)</small>
```shell
kubectl apply -f services/Unifi/deploy-Unifi.yml
```
@ -319,6 +323,7 @@ kubectl rollout restart deployment --namespace unifi unifi
ssh <username>@<ipaddress>
sed -e 's|stun://<ipaddress>|stun://<ipaddress>:3479|' -i /etc/persistent/cfg/mgmt
```
### 6) Miscellaneous
*Various notes/useful links*

7
services/TfState/deploy-TfState.yml
View File

@ -30,12 +30,11 @@ spec:
- name: postgres
image: bv11-cr01.bessems.eu/proxy/library/postgres:14-alpine
env:
- name: POSTGRES_USER
value: terraform
- name: POSTGRES_PASSWORD
value: terraform
- name: POSTGRES_DB
value: terraform_backend
envFrom:
- secretRef:
name: tfstate-secret
ports:
- name: db
containerPort: 5432

24
services/TfState/sealedSecret-TfState.yml Normal file
View File

@ -0,0 +1,24 @@
{
"kind": "SealedSecret",
"apiVersion": "bitnami.com/v1alpha1",
"metadata": {
"name": "tfstate-secret",
"namespace": "default",
"creationTimestamp": null
},
"spec": {
"template": {
"metadata": {
"name": "tfstate-secret",
"namespace": "default",
"creationTimestamp": null
},
"type": "Opaque",
"data": null
},
"encryptedData": {
"POSTGRES_PASSWORD": "AgCTsPK7n1PYReT5IjN9nDfPBQN260vAK+iNdeq5ZwZW5YLgnQeVE5YkEcNCWhmyoznHjhdBuaI/n2lQT5lvcQKjKccOQoZdRdsiPBKilGTO/QNJKD80Tvu0Gin9mmN2TEU4vGqgCQAVKJ8VqBP7WhvQii5XptMagRzn7ClsqOXa9oqF7OzFHKBww2YjOPYasDTzWoUcNwfsdJxgyM4UPoo3vv2Yo4bsJzd1WwSM+qQQnn47b68tgZlC7WwKal9NNEbTrjTO1finLURR+HkBg3A33poEBF0qIc55ku2nnQy4Pf+MDpdBTkt31WoQhydwcLtZYj1hLJuCVkSDTN7k/cepnAznqvBIbzUvnx83kgnsprBWIzakKnWrluSh7gdRqsB/ccVbyjzomPxdmySd5HWQxEUkOF99c04yoTnIzdA6si6NQMHHH12naNE2rkwbWO12P8kTuI9mhyIEx9Yi0bQsaXijdo1mk/ZDWnYgo8JagdjBtWBZq05FSMT8a42HkhLg9sAHeOg3nnrohwkCOfJ5RFlGj1A6EZF2bnXbSfS6atvHlwOthrXfHGYRpUL15VIL6Ho6OHEmLEzJDMy6dKnfwIf4mJKvjdKnAoKgNeRV72GSLbPxODMpRIzNA+1riC7s3atyGhK71xZ9emcxuGZ/aWm8nDu5XkEDBKF2ckX4W7GKb3BusdaWLWhUcXZ1GFgDkKdrT4RfNi0=",
"POSTGRES_USER": "AgBQe5kF4Fan7Uty+019ak1ATJVUo9ZOJ3if4qnaIvwGOy39EZKVLHMUCuwzdJZbbZS3bgs0rzTDVaxjmSD6ZjSdqIG2FJlVpx6MqBrqKWUEhnBOOLsYF5gpwqDhaUS4f80b9dX8XvkCL+9YjCtoLZalOnBgRMuyFtg1ijc6B/mnE5WrAIQYTe3Y5LV3dmgbHbnLIWshiXpqg/I/lqqZeuLgIPslx2OsY9yk9Zeqj6zbIsGYaI6l993pwW3MhEcDTOJfg4mfdyTaCzWiC+196SGCkUt7ZrWUzLaAdx/6kBpNkPGeO34uW0eEzPcthKswllaVMyiIF/yibEb/cDmDwHUmuqF8EM2AFSbcemg2oF+J4u0Y9DAllnsvR/UCjvESaGmNOZS7FtmpAYjv5bketoBVh6mu0qHhVHid+AdS6XVX/OR/XtX7pJkqdPEb2mQnA93YhrkVwoNWXZ1yqGYGTHr4qzG5KCYB3KVjGWNOioayGL4R18FVcJBKdJRuFFfsj6tSjKt5XZEtkwaxzezkiwXaExtGteyIycd0DbTB/W2GK20Zgwqnz0WLdIg4JdqfhQW8w8s1BaXydE62dC0wbGdHFY55Z3XaoQSiE9RfZ9xS5XHwTBl8WkSvHBtU6b0ak5G7hHULYeOlisr5L8QgH0Kkicy3yTjjURaQQC5AZq4AO+Q9b5bCGwAOVEbcJsRuU/AdINzABaQOJ4A="
}
}
}