gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

ops(k8s): fix secret system for k8s

Browse source
This commit is contained in:
Kat Inskip 2024-01-20 13:39:58 -08:00
parent dce5a82121
commit 02f8c4e6b4
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
2 changed files with 42 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.sops.yaml
View file

@ -60,6 +60,7 @@ creation_rules:
- pgp: *pgp_common - pgp: *pgp_common
- path_regex: 'k8s/.*secret.yaml' - path_regex: 'k8s/.*secret.yaml'
shamir_threshold: 1 shamir_threshold: 1
encrypted_suffix: 'Templates'
key_groups: key_groups:
- pgp: *pgp_common - pgp: *pgp_common
age: age:

82
k8s/system/cloudflare-operator/sopssecret.yaml
View file

@ -1,16 +1,16 @@
apiVersion: ENC[AES256_GCM,data:z8CXY+KoYM4Ywa/61nGq4D04efd/DYiwb1/v,iv:Xu++MR/dvymWoJcO419pkTdXWpAQp+tKERXbRpbVgiw=,tag:uqfnf60QJfWjFYu3Z0KSKw==,type:str] apiVersion: isindir.github.com/v1alpha3
kind: ENC[AES256_GCM,data:ucNp0d+rq78fBQ==,iv:53hKxZl4wEbqjpI9F4mqSH2IjPdjmZMvk+VwXNE0f5I=,tag:q4iJs2IOaprhGfw97WYXoQ==,type:str] kind: SopsSecret
metadata: metadata:
creationTimestamp: null creationTimestamp: null
name: ENC[AES256_GCM,data:5ZGPvu3anwI4CiUL5ooQ7hj+1CHEuA==,iv:VI43V5ipOdCtCxHrE3A8j16U4WltEe9ymA3SI9DNiJE=,tag:um0Ib7ATDIFMMzcoOZNDDQ==,type:str] name: cloudflare-sops-secret
namespace: ENC[AES256_GCM,data:vN1XQTOhmTJZpQ0/1skO36g+rocDAD8oADs=,iv:sbnCcahcRrP67L9ZH82y0OGxxS9zErBc45TbXp9dROI=,tag:HrR8MOu+8tqzmNOC/gEnrg==,type:str] namespace: cloudflare-operator-system
spec: spec:
suspend: ENC[AES256_GCM,data:+3hjqlQ=,iv:9MsEfsIZQxighaHKgW0DB8YAvy0dDhD4PcREbPv5Ufw=,tag:/07bweNe4ACRlSW7rjYMJg==,type:bool] suspend: false
secretTemplates: secretTemplates:
- name: ENC[AES256_GCM,data:qWpT9Jt3UDBpMVaAtuZexKA=,iv:9ZUT9txFPnkQ9a+ItDNf1gtofOl4MsCIsPyuXxa4hsc=,tag:a96cQq1yylT/U5Idml1JSQ==,type:str] - name: ENC[AES256_GCM,data:fHrRDNivvb5QCkoqeUsF12c=,iv:16QeiYTVaZbVg+hHWExEfdk6TI81+DvzeQ3qDASNJE8=,tag:WnmP/PMHiSnr/uLewelwrg==,type:str]
data: data:
CLOUDFLARE_API_KEY: ENC[AES256_GCM,data:nGXwUW/P875VZ35fWoApxT0SynC89cdw+m98X9v+CTurH2OaOyN+m7RHGdzH+eKAYKvYXw==,iv:noh0WaHkZYzwYR33F//sR7r1R1XrhM49DrF+Idh2U9I=,tag:1f9P1zQt+Jj/gzvwvi9oOg==,type:str] CLOUDFLARE_API_KEY: ENC[AES256_GCM,data:94rGzIbszYrYfjBBRyVbEsRmDz2U/3JGvhx/44+9yW0DKoVuKFmTk2K5vrAPxrinxZpjTA==,iv:sGKYz9DiTeZ7Y8cY+ReePiFrDsXRh3oLkCS8Kt9cXY4=,tag:O9t/pXA/Moof+UAv546Ktw==,type:str]
CLOUDFLARE_API_TOKEN: ENC[AES256_GCM,data:+qjGyDcjxHedXtYhid2cNixWAdpYMk6fokb7pRDWGBQ/9f+DONgefQcOQnnAR8JS47XD9HUH274=,iv:dvXK7HegLja+QRi8HSawGW3RlB1K+kO4DO6UlNekwmg=,tag:dd/1IArAxujZuHmJEdkDvQ==,type:str] CLOUDFLARE_API_TOKEN: ENC[AES256_GCM,data:EkwVhFS+8k/EKY9wPthfaM5FLjiDclAV5tpfZrcZ4MpS2mn3nHxuGqmAqCCZmedgMEed5V1MVTw=,iv:GHVxCC01NZsFVtkxNmHdrs4YPVZFvoYXrOqeOrNU5YE=,tag:vRJVJXu5gOu5RtHAe1Gp/g==,type:str]
sops: sops:
shamir_threshold: 1 shamir_threshold: 1
kms: [] kms: []
@ -21,49 +21,49 @@ sops:
- recipient: age1nmdv4q8hcyj3s6qevrmc9w2vhd4a8tsj5j5e0cry5utex7vqeprslyjvxz - recipient: age1nmdv4q8hcyj3s6qevrmc9w2vhd4a8tsj5j5e0cry5utex7vqeprslyjvxz
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhT0ZkYVRXazdNN0JmQm91 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvV2FoNEJUWDN3RGNJUUdJ
dlZweHpqK00xalBORE53em5SNjVUMDBwK2kwCm5lejA2aGxueHV2emREd2FTdHhJ OU9CY2FqQnB6UGttZjh2MnRFUUZPU280alZBCk1jWTdYUmI5UUd5UW5qZHJ6TU92
V3dKWGZVcmlxTCtqaDFYdHlSdlFzZjQKLS0tIFZNVUtwdnFYcVFrc1I0ZXExMUo4 UDdVU0trL2F0dmpuak1Mdk1zWTRIUlUKLS0tIERyQXAzdE5sL05BYzlRYzBMdHc3
eUN2ZnRaU0VzSXZDNlBBVFVyQ3lpaGMKAg7VUhl6DM3VLRwpmoIV3J9wkM96MC+r ZHVkSXBhSCtPZEtHb2ovN1ZsOU1GY1UKzr/LPpevNB/vbko8FTfSE3xjYtZD98e8
HapWenCJ0YXmw76JH/Poi7RQDsr1VSTTunpokASqsGexCKa7LPjNXA== kj2LKAkjhuvrVFzpJiSlftQ3yggb6a5Be2WrLcNBOOxTrnv/LW2z7Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-20T21:23:43Z" lastmodified: "2024-01-20T21:39:37Z"
mac: ENC[AES256_GCM,data:0B77eabry0qs0oa696DjgvSJcdq3xjbgTI7vNwvbF1Y6EQnMQ4uYZ8x7ME9z6P2v9r8gOqpnyrs0We5ds75I+DZ4ICGeRT7PGiHFvUJxUOFf6Ot9pkI1a3/X0bj362p9a9pEH7fGEKO8J/+zHFqyd53t18XYbqdKOcsuE3neawk=,iv:lK8Btw45bdRpgVQxILq1oDjC0TjblSfDLHEDj1Nfmbo=,tag:L4N0FIEiKi8yzs43HhDm7w==,type:str] mac: ENC[AES256_GCM,data:7zy1tHkmn7f7PFOAMocBmEh6wZ9l0AlllxfAx2hON2DVTuxIZmZCP/vK333zSYNLaSYfGdDSZzLoCxsMWyqYGLdbTre/CjiluzR8/Vnza4ZqTedX65IEKIE/jOSfQADVhKlzcZigUaAFggGJ71/3nKP19BRveFGhgtWDuRD9md0=,iv:nTzHYAuO1ALxlGIGa9Qxeq8pqKX7AY71N7inoOSCSxY=,tag:fBuKGwYmpitj1xQhTlkGiQ==,type:str]
pgp: pgp:
- created_at: "2024-01-20T21:10:23Z" - created_at: "2024-01-20T21:39:31Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UARAAsXvk5bbFcYLmGaultm9jgPn2q4sxtLpwOs+Mxx8ePm7+ hQIMA82M54yws73UAQ/+JeHkQS219ll/9VOmGkjqZTlZdUOrqozJNKc8mwMvou4O
WJnwSiftweZ+p1ZYXLCWi3fPvUutnI4dsGfPeugSakUIGt1ly5jdjmY5vtfMk4Rl XQ3ZBAlfKwM7T0Mdvo+uq5iRVFUyMp4++Lo+YnGRwbq58MNU8X5FwXwipkJdvYRc
POBpmOqkqOToWHurunt2kQGb1qlLEh9lXotIWeyTnhnO44z6WZXhG/m7GH4JPCi/ 5x5Ha7GLWjwZXl9MMM0fW/ugGEWBizQ1x1ehZ86jyb4egeVMIdj/GsF0HuZoRzTU
6jzPhIoc/Bqya18moG2yh6qP536P2DdxCLIqHfv+FOWBRzKjudeKW+UmDjrofnzD MCMHkgQ5UxVEBlizKEmXn2fcocaBMLoSw+M88w2/xF7U2iZZOCyXYKL8Q80UeQXw
eVcrDeLX14efzW+KWLHGdH03Amy3wiNSMEvR2J6SSyKW4qdtiZNXc0mdev15cUNj 4OWDb42RnwjtomswvUp7Vnw84m3jdMo84LZtKa5aiVpWF0ZY25/pMGrQ+swA4bSO
kij2DFBxj15ACmkI5T0MCdokCYiutMQFmcp6DMzWDx+QNV2GD3pBZ7DrqpP/+oZg vhLuhYBRytjL/T2ZaIDsXFjTb9wmAMcCs6YPkiP+sCCguJ7CcWd4Tqnkb9M2+pXf
1rpfuJWSjL1IeiwwxpAmDTPpMUv5CRTU0YtMb0Vr8kLDsmj9+QdMYjkCBUcI6PDY OO57yEsi7QQIdn2SsdbKsHcEiJKbZr7d8LPmCO0DTzOgQsuPaWpeWwIuC3p6sxbE
7ipfcXMm6V23euj3NNd/001SsbO7R/KO+UZZ2CjvYd4hH77IJ65/STw94Zi5YAdk /jcNQIucn7i6BVV/9NMQmnE9T8EcM3axGfnbOQXueSlWXH2xF4L6AQ7YSSADi6ir
D1pk97x4moXCna2z2eIwF8xAInpm27eNyWDDteKhX7haMi3M+e5j5CRZra4XUuVE 6h7usvA/Ja+5Q+QOThuzJItTWKJn1OaggZIuvdSrunc4r/rXXf/Epv5r/psC18PW
OFbtzzvvfxuImRb8fpE87gMadGhJAWWoFA4TlKtckNmrhKIeOTWeE2JnzjZEON/5 e3zc/3317meSb+cbD+V3y4hQtBFm2fqzhzra3VXKNQ5iqLcLL43YYQNRsJgnhsiL
ZKChof6s4K8lFHyQT8oo4DuJMsTN9JnngNRZgNATyysRNXpl4hmDCy/LJ1Mbh2LS fTDT3ipGwOwv9so9HCxRGhB4bR2Lu0f73e4SoMLuffkdnZlbfs7r+IvUWzFkdO3S
XAGb19rTGO+HfJN8hQzED8OO+qWctWNK+/uXzcLPE4GWBewsEHtCxUOPcSThcuN0 XgFXW7WdrG22JmNonT+A1R4C5Y/wKaqjH9mE8+wyb05U3auXeddkz1KPOMHkYdk7
a6ok4QvjvdDo/1LUKkdlZsjx9MQLrQZLexLunZcqK7gzVxHmzhFCN8XcwgDQ +/tGZCHb29870vtHX7l49jmgubiuY4pPRz8tjaNIGCEV+eiQYQ5u2LlmTEQJM/8=
=0PES =Mr6d
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4 fp: CD8CE78CB0B3BDD4
- created_at: "2024-01-20T21:10:23Z" - created_at: "2024-01-20T21:39:31Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQEMA2W9MER3HLb7AQf+Pd7EweWoLLwB9/efdE8TdyRLk0p92zXnhh48CYmsJhhf hQEMA2W9MER3HLb7AQf/aq2zWjRyKI+DrJUlutwftMNiNZ18Awpvl0oUve4olKHT
mFyv8JBdBCRqPItOd+yyBhF9lARb24GA9h51XgDBLvS+E2GN3pFpFBp8UNCPNp4W jitTDJo+PgY4o5OPvrlUIsnAhbMoqXkrwddnLv34uJ6lIjYH3fMviPwq75OH0Qhd
E3wk4Ps6YyeLwRFBfI8Lvd8pHDzGPdP4EURvDCogal6IDKMR0MFA1SYPGoj56MOM Yh1nRaJTu+yg6A2ec5ces9hFaubznyoG8DFKaNFgrjdpbFbMnPBQPbVvwpU+k4Z9
BQc1zcnKlIy2I+iC/hIkAyOLqD7jBaaiYoycwOZ/Hs+T9CxUyCnTapOWacj3dc/e KbTGkIOAYBzTt2X1GpKSedj8Y6i6HcRebq/19b/vpFL4Cn5wi24rjdeA+Kq+77QG
frxqSDAG9K7j+dj2UZ3zxkVtC0FihA+j8A6MupL/GLoLgk1Y5NJ1H5l8z4WHjwhz kuazXcQHaLY8dx3Sz90lQk87pNU3pTOca+449GQ2dv31OQ570Vjd1yPX76TE7PkZ
rWp1d+0RHkE1zwv6j+Oy+MLcWpZ9FgsHvZ2wUgJoBdJcAWkR8wDDpflXHeWCJGIl Fdx4ITtNTQBOmXTXAlTxQ3+/nzVOhLu8bci8rWPNUtJeAcQFAGfFuukFHcH5vttA
q+4oTeCqmuG8vhLEaoU+PSnpSqD0PT9JpNkPLhFqmnjabex04KGjVacu/3FBjIHY kYJzvNcFxOtyI8p56HZs4BUxXDvOSeKMWt1gDVIBQabHyM4mR6Jy6aevtSB0uVTL
XUF9Cfj9CVEJg3cwMGh+w6L/JbfUqsejhttkZMU= ELHu0tJfgxBHhR0Hmue8exvdo+knfTAHjzO1eGWPcw==
=NUfI =5FTl
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 65BD3044771CB6FB fp: 65BD3044771CB6FB
unencrypted_suffix: _unencrypted encrypted_suffix: Templates
version: 3.8.1 version: 3.8.1