From 7e87ce5ab16a215ee2aed223d2fd184fed50fa7b Mon Sep 17 00:00:00 2001 From: David Lefever Date: Sat, 25 Mar 2023 21:59:24 +0100 Subject: [PATCH] updated simplebookmarks-staging --- cluster/apps/simplebookmarks-staging/Makefile | 11 ------- .../apps/simplebookmarks-staging/apps.yaml | 23 +++++++++++++++ .../simplebookmarks-staging/certificate.yaml | 15 ---------- .../docker-secret.yaml | 8 ----- .../kustomization.yaml | 6 ++-- .../simplebookmarks-staging/repository.yaml | 11 +++++++ .../apps/simplebookmarks-staging/route.yaml | 19 ------------ .../ssh-credentials.sops.yaml | 29 +++++++++++++++++++ 8 files changed, 66 insertions(+), 56 deletions(-) delete mode 100644 cluster/apps/simplebookmarks-staging/Makefile create mode 100644 cluster/apps/simplebookmarks-staging/apps.yaml delete mode 100644 cluster/apps/simplebookmarks-staging/certificate.yaml delete mode 100644 cluster/apps/simplebookmarks-staging/docker-secret.yaml create mode 100644 cluster/apps/simplebookmarks-staging/repository.yaml delete mode 100644 cluster/apps/simplebookmarks-staging/route.yaml create mode 100644 cluster/apps/simplebookmarks-staging/ssh-credentials.sops.yaml diff --git a/cluster/apps/simplebookmarks-staging/Makefile b/cluster/apps/simplebookmarks-staging/Makefile deleted file mode 100644 index 71bf6e79..00000000 --- a/cluster/apps/simplebookmarks-staging/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -.PHONY: generate-registry-secret - -all: generate-registry-secret - -SECRET_DOMAIN = $(shell sops -d --extract '["stringData"]["SECRET_DOMAIN"]' ../../config/cluster-secrets.sops.yaml) -SECRET_DOCKER_USERNAME = $(shell sops -d --extract '["stringData"]["SECRET_SIMPLEBOOKMARKS_DOCKER_USERNAME"]' ../../config/cluster-secrets.sops.yaml) -SECRET_DOCKER_PASSWORD = $(shell sops -d --extract '["stringData"]["SECRET_SIMPLEBOOKMARKS_DOCKER_PASSWORD"]' ../../config/cluster-secrets.sops.yaml) -SECRET_DOCKER_EMAIL = $(shell sops -d --extract '["stringData"]["SECRET_SIMPLEBOOKMARKS_DOCKER_EMAIL"]' ../../config/cluster-secrets.sops.yaml) - -generate-registry-secret: - kubectl create secret docker-registry docker-registry-harbor --docker-server=harbor.$(SECRET_DOMAIN)/simplebookmarks --docker-username=$(SECRET_DOCKER_USERNAME) --docker-password=$(SECRET_DOCKER_PASSWORD) --docker-email=$(SECRET_DOCKER_EMAIL) --dry-run=client -o yaml > ./docker-secret.yaml diff --git a/cluster/apps/simplebookmarks-staging/apps.yaml b/cluster/apps/simplebookmarks-staging/apps.yaml new file mode 100644 index 00000000..6d0171c3 --- /dev/null +++ b/cluster/apps/simplebookmarks-staging/apps.yaml @@ -0,0 +1,23 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: simplebookmarks-staging + namespace: flux-system +spec: + interval: 10m + targetNamespace: simplebookmarks-staging + sourceRef: + kind: GitRepository + name: simplebookmarks-deploy + path: "./staging" + prune: true + decryption: + provider: sops + secretRef: + name: sops-age + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets diff --git a/cluster/apps/simplebookmarks-staging/certificate.yaml b/cluster/apps/simplebookmarks-staging/certificate.yaml deleted file mode 100644 index 7fd61d81..00000000 --- a/cluster/apps/simplebookmarks-staging/certificate.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: tls-staging-api - namespace: simplebookmarks-staging - annotations: - cert-manager.io/issue-temporary-certificate: "true" -spec: - commonName: api.staging.${SECRET_SIMPLEBOOKMARKS_DOMAIN} - secretName: tls-staging-api - dnsNames: - - api.staging.${SECRET_SIMPLEBOOKMARKS_DOMAIN} - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer diff --git a/cluster/apps/simplebookmarks-staging/docker-secret.yaml b/cluster/apps/simplebookmarks-staging/docker-secret.yaml deleted file mode 100644 index 7d6d924a..00000000 --- a/cluster/apps/simplebookmarks-staging/docker-secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -data: - .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3IuZGhvc3RpbmcueHl6L3NpbXBsZWJvb2ttYXJrcyI6eyJ1c2VybmFtZSI6InNpbXBsZWJvb2ttYXJrcyIsInBhc3N3b3JkIjoiYmdOeVFCQm1xdFRkMjNGY0p3WVVYa21sYXJuZGZ2MFgiLCJlbWFpbCI6ImR2ZF9sQGhvdG1haWwuY29tIiwiYXV0aCI6ImMybHRjR3hsWW05dmEyMWhjbXR6T21KblRubFJRa0p0Y1hSVVpESXpSbU5LZDFsVldHdHRiR0Z5Ym1SbWRqQlkifX19 -kind: Secret -metadata: - creationTimestamp: null - name: docker-registry-harbor -type: kubernetes.io/dockerconfigjson diff --git a/cluster/apps/simplebookmarks-staging/kustomization.yaml b/cluster/apps/simplebookmarks-staging/kustomization.yaml index 1f63f162..167962d5 100644 --- a/cluster/apps/simplebookmarks-staging/kustomization.yaml +++ b/cluster/apps/simplebookmarks-staging/kustomization.yaml @@ -1,8 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - docker-secret.yaml - - certificate.yaml - - route.yaml + - ssh-credentials.sops.yaml + - repository.yaml - oauth2-proxy-helm-release.yaml + - apps.yaml namespace: simplebookmarks-staging diff --git a/cluster/apps/simplebookmarks-staging/repository.yaml b/cluster/apps/simplebookmarks-staging/repository.yaml new file mode 100644 index 00000000..ecbaa010 --- /dev/null +++ b/cluster/apps/simplebookmarks-staging/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: GitRepository +metadata: + name: simplebookmarks-deploy +spec: + interval: 5m + url: ssh://git@gitlab.com/lefeverd/simplebookmarks-deploy.git + ref: + branch: feature/flux + secretRef: + name: ssh-credentials diff --git a/cluster/apps/simplebookmarks-staging/route.yaml b/cluster/apps/simplebookmarks-staging/route.yaml deleted file mode 100644 index 9c1fc25b..00000000 --- a/cluster/apps/simplebookmarks-staging/route.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -## Route going to oauth2-proxy service -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: staging-proxy - namespace: simplebookmarks-staging -spec: - entryPoints: - - websecure - routes: - - kind: Rule - match: Host(`proxy.staging.${SECRET_SIMPLEBOOKMARKS_DOMAIN}`) - priority: 10 - services: - - name: oauth2-proxy - port: 80 - tls: - secretName: tls-staging-proxy diff --git a/cluster/apps/simplebookmarks-staging/ssh-credentials.sops.yaml b/cluster/apps/simplebookmarks-staging/ssh-credentials.sops.yaml new file mode 100644 index 00000000..7c27d658 --- /dev/null +++ b/cluster/apps/simplebookmarks-staging/ssh-credentials.sops.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ssh-credentials + namespace: flux-system +stringData: + identity: ENC[AES256_GCM,data:hcFSjn/7Wq76HLuzwQowO5ZY34m62Qsq4LSokzv6ef+4D7VI8JWaZxHxztyNTI+gLKgv5j58G7Hnf3BxOCi6xKfXBvEYSWg/aNRoZ3F3pEPbNXCRx0f5iBIRNL+JrzAHwtTpQQ1VIeH7uX3MAaKb5IIzQFO9uLsLEK2vAbzUPxnBsQ8xYHrAV+HKAod4Y/N+4t2jlEyh1GNCvFLEr6Cswvc5vmZH6mqGTTih5/LRpXbbXCc0/KmcrmUT9BMe7E6yZ8yX8R9eN6L4RfbcVni2vO0gzdHKHPJ/PAiOU8RJk16E3szDB+ogo75WtyR1H083HKsUheA1EwZyKe2FoSOjOnza3Kd69IHPcRMTrlh+DOHAoQpFK3Zvs3ECnIWeaPvdC2KXzTPvu4VXuFpC9CtGXOzMG1Ots5JH/PqaUboyea0VNrbXg37sSS4DSf29RBxc0D24f4+FKXOHuZwOTLKipxgprjlTl3yhyz8SyVMogOc6dU7mDLvyK+dv61ZlI4F7kn5YhmGK/jmKBfcrymnVs4kEwAFuxzzqZNCVka7anxWNaDmDYNr1tbSa8jvizTa1AwPV0pDzA87/ZnitffH+FPndXvHro6PuvzXcMw8+nk7Wj7wDKak3cCwkjCFvPCdiYQBUXFVoFzItccQ2dJa+EZEVu4haKgqR8YqTZhF8SnAwmCbnNv3RTA0DFyRw1yO1QSaFCP+3PARngKCawB890LQWQZnmKd4JKFaslh47TrX+WQaitrzUz8YNV6tGq5LqGzWRxf2ZF9YWyGWOegYZmpsdKKRG4jByePkf6MtXebMclUcpinK8ct2WLX2Yp1ajP6Rq9NgthG0moTkYyuRaIafeiam/kJx886EwcwiL6rq0irnRvaiQpqVJp/l36SpXTq06F1ALik4VYWdGBzhH1wCQfD8aDFpYslHOJg77sTTpV7GwNL0BEVisZ38g7GYzPF0CZ/AY/iotx54ccfytX7KzZhYM1GPPo+dLPOXBUdw4bRe3f0e6+m7Bt70kvXotTdUbZiF/1e9zqnRsARd1MCuz8+qscKQ1iCEatCfUjwc2iKvIxHQYsAEUi1dzc2V103Xc51oXTbUbR1cOO/H4CgheC7JVRuTVcc45VCy8StR51Rfeh2X20l9duDaaSfsJcxY0zRogV05ygKdQZ7FuwGN9uo5oJaLq6FzTZnid16eNxodZNF/V5hkcVRA9lBknEsAi86Frs6oYwXlHlAlUwOT/6OwjkhlHMxUnVjiJGsCMhvSDlODRoMYa8rvGxAxAsBz8vpdy8gwNR27bcWlE2jkRk20zfO6t3iHLp3VTd23lWdmv+UDi6uDQlO+NjJS8YZqrdpuXeihA+iZOaxuMFkAB1mXh1RdblA8RY8h0rY08IvkRPpsEO8AdaKKM1yxaZDyZpELrcbe03emqq2iim5L6oiV/yibCUC9HQofyWIe0+zw+bCv059Ylk7uSMxYMjZQGdk82/ZwsPKNJeU+58t34WFHMbZ3ld3eVlE3KjZrI/XZVS/04OI/PGiA6fZMvoJSsCZqsN2wkFzrjSQj0Gw8riWiv99KekT8KZ/E7osnqQWsCNSY4T8GI2v4IlYsX5PMIWXoZ05bOtl7ua/2nApuBKHG88I2Y9POly6InxweLHxoE+E8tHSJmLmCu5p7x4ud9lJqFMD3F2w3xFtrWIZZahAHoMm0ujyy3HVuD/uRJDXXog74YNWyRhX6V1/cAnaR8HJ/5xxKrKgvN0hjlyAa9F+MHESKV6oAfqSvL2nBUSGOj9mSG27NssNZk3WC9Z6F6gyrKS7J4D3MTcYzXblwnF70juHebK+Ndh8t5OH7K+2ipp6LEzIELByZ7N5Foe02XN0abEUcXL8xw1j3zDNtqqjl+F/2zXsoPYHzY7JpFegCc5Kp7juocTdePHmhbOloFHJQ0DMBufdv57y3XXgIIls7gXsimwfvRXlgp5P6fUb0wpF0NXuK4Zd2p0So6l4fpvZglneftTMIneVsDx3IaYfFh22TqJhZ+iHdYaYE5sEq6p0G8i4q1rrB4en/44A6ztsj67fEnxbSogk4we6KfMwknIdf6he82hwiiqMWGPX85KYXjQvGqlc/GkNbYLWcy72QFaa/Q3XBmI0VRR64GuIrnjlLXNiPSVRG5wOvG9o9hzU0J/lKIwsPFdSEmV5z4f52sviiZFIj/qRjpUnymK4tFw+ifX4iezc8n1Vp1ab2qqszflLmqZQ5HFoe3UYFSETiHMG2dFgumwVsIjabQd7/xSUKg1K3mMTkgcUHVyy52EuKpXCfYhDazde4U+XtwE1O+we29AuserpFNQTvdIFqOdcl9RdE0abyKQaU7z02I9yLt5NZASe5OarMJ69C5ZLwpMZ5LRgknuvd0gM3VrH3qRDiw67FwHUbOHwzoXxPAhu3Qpr4V5IzhWMO0w5wv3yft83rH/ox/0EA9ZWyiElt7DaHk/qucBuZXbuQ8jZ2ID18KM0Dz3hvpMTMKF7jKqHRxQJCMEAjOzaUFgdC7Tms0Uy5e4VYDBCpCWgIQkOKcwBxP6OKLFoWGOyCZlVbTVFtxlfn/0t3lYW4xuEaA5/tLKGfhJepcVMjNkYu7USsLLan8klTmNHEa6/lx5AiwtVpVPFjEWfcXMxRm8UQAgdmQYYNwBiouGB4Xww/bzo5x2EIVqd81b0AKWIcLqqU2JpO+fcX9pFIZUo1gr3UTUzHAw85LtIbL7C/XHWNskUOyXBMSWKxQKLuD9vz+tr7WrGyOmmwDQmgmIDmGvbeu4xC9w3pWzeTB0j0BnYIdVmD/5iqwaz57jCwQeHPgSfjpyjXZn+IMhhTpOaGwjbg1931p3FDoTlTSZp3Qi4vUSSbWbTKy9CButcsXfTGf7sZCfCwYy/OjKdH2zh6PMqeADUMCAgPgN9k/OKTmcjeeh4DMgtCUhO6MI11eEELmME1l2jRq730PWzv/BprtolvE2vWqLPHNZ9mVgv04zfljLF6YvyS2su02Mk6KMA6RYGBimIXToRyey3bDt1M4pwGGnEL/0m4DxOxMaHXenwLhVOsNvLCG2Wj0yg80XvzCh0H3gMWIzEicMLy6mQ2CbmFHYJ5xByqn60ycdSi7IZ7UfP7SRKv2MnnqSde/iuQgN35vz59ypkSfPwQcXEOahc/DKX8IvHO546ZxsI1AMAY1JJmHYPy7+Jl5COjMhB3pl8aGyEpoda6hdnT6tUaixIwR0ZoxhBVeakYqlRU+O6TgOaCzfAl0X+pNV/iAjUyrUqBCaMGJDB6up3EOMFgkdVNubYF1jx6C5/ShlR0knOqGj0vWVCLnfaRoEidz0yIYCFdeEbYZJEaOlCLmV975kOLibY2nWs/0jp3jvLKX0yX6pDTj0GcRevJfdf0z4Kpa1ATr40pSGY2608LkdHroAxKuev0WMiclsWulYIdU/XwlUAhpx7BBtzSy/ZDqY0Dnttri97pP9toLvg==,iv:oaCCLbcaCpoWB8JFH94d3MZnj5WPoI5zee3RrLKLDWE=,tag:WLLed5gix5Po9VQvoYNY1A==,type:str] + identity.pub: ENC[AES256_GCM,data:uMBD761X9MRV53o5EM1tFnWb3YTt/Fa8p65rhPEmj4ODtQekBCQuwMqiKpyBb6ApSsda3NquZ7SPZOz7tnB09TsNe/MVGtEoxCyZXbJYeCDHYa00ws1BEASpmannjTp3WFl3AEsUe/DZVeZIgBWEIrVdIbGjS69oPn6m1LjPAGxGeAldJTszzuGIeIXu2D0d3e5NbtztfEu2UnZ2Zb7IossFHLvWGFDwFnEObnyRBU821Xdwlz4MBv1FvbhtM/cDojsEqdD9Kk1hSrrQ5hawzNdypTQNyVmp+Q8diWqagI2dTOpLPbgfu0KInp5Z4PUz/OxgdY0IZHozZJQcZXBYY87rj236YQclJSCb0dITtFRlXe7ptXCFgSQTl7gU+dZZTP9wXHGoUCiryfqFnaoroz+t1R1sq2qtPGIxSN4ge4BUyBPW2VfgBGf6VZnTZSaqMmfQXJSWocgT6waphGbjuhlDUHIIpJCoIc4XQppTQ/FgEULSyouk7BkB8/1iEuCHQsBAgFQp2a7NOmJL2RQcQMNg21ViR8GErloWrLwYdUiMkoQdCKYXksbcpC0TgNRoy1KNvAJPVbJh+5luk6j7dfS0nXaW3tgXtvItjanWJymGaajy5aVfeEHe9Q6lzgcI2QgtsOLLxaH5qtBi+WTBgvRdgarXZPhlpw4KiS0RXATBp0ZNiVerBcfy0lxkrV56gttVkzxsffhmgYy43Spl8WI2oRyY4cjp6Q==,iv:RGzQKQ2KVAD1LD5121uvXP6MNElqbC5PiYIgtzL/9QU=,tag:TLeyNW2mYpkodG593RNy1w==,type:str] + known_hosts: ENC[AES256_GCM,data:XG+Dlc+uZjn8IG0nXFd4JR97WfBDv0S1t4ehd46l2twXcww9WdMPKfdgPBnRS0J+/GDj9eon0TVkwGcar7f4cjJkSCjFmPS4TumZ8b0Tmg/oH2TVDeo7sRKSzpxnmEvEkG4JQZT+lqE3XDTaECc6oAU062pDzTlIJWXtb4zZo7KYMSXUK7xXoLVs54w33Z0XWYcyLXVOyxyNkdFFwly3F1CIfwExvKeDpjtX,iv:7XEh+UBgbtHliyaqM3wZbSciZkVPx9t5s5NVBI4tP4E=,tag:HvRPiiOwGaXT68XHQCxw/g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1adgzd3kcelpz23rfek7hgp9saega7vea9n2fpkd6qqunpczfpv5sw8ns4a + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvakRHZ0JTOVZpb2tvVU9D + WndkeXhNRWdyUUpTRmt1MkdONHVTcjhoQ0h3CnRKa2JGUFFoSjFaRDk2TTAxUmZu + MnlkdjRhUzNlVVFuLythc1JFNG03cVEKLS0tIEtoZXAxYS8wZTI4QXA5MWlvQjVI + ZDgzRUJUTUhJQVp2VTVRYWJPYXRwbkkK66pem98A3JJ5T4kNce1tCXA9uFxDtHHQ + FRO78agCv3niubTBlBCFfBWotIqJ+TxxwGlOu6hW1P5uytOUlHn0kA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-03-25T21:16:26Z" + mac: ENC[AES256_GCM,data:fKpRoKFPH93RTpJZ3mZ13jAps0iTsNuSGO0lhnmKdDO4xIkVALfCOS63lyMf9B4rppVRu8QNL0a2zaPiikZ3zKiTI//GDzInlGC8ImvXEMBfmzSyKNFjTiGPAco8gta+6cMG2Qo9yMxkrIrGxM4JqC9htJpyKjEk4meF8jBqZmk=,iv:N2hAYJsSPPA4k656oUwSQByrBqMRIeOUoQQ2mvoxFww=,tag:ZopRqF0ygsEgfOs6Qt2zaA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.1