From 94c514fe6d0ac3726bd7f053ab044fbdff7fa51a Mon Sep 17 00:00:00 2001 From: Kat Inskip Date: Sat, 20 Jan 2024 13:12:01 -0800 Subject: [PATCH] ops(k8s): add cloudflare operator to cluster --- .sops.yaml | 4 +- .../cloudflare-operator/kustomization.yaml | 5 ++ k8s/system/cloudflare-operator/secret.yaml | 65 +++++++++++++++++++ tf/terraform.tfvars.sops | 6 +- 4 files changed, 75 insertions(+), 5 deletions(-) create mode 100644 k8s/system/cloudflare-operator/kustomization.yaml create mode 100644 k8s/system/cloudflare-operator/secret.yaml diff --git a/.sops.yaml b/.sops.yaml index c47abafe..500c8d0b 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -58,9 +58,9 @@ creation_rules: shamir_threshold: 1 key_groups: - pgp: *pgp_common -- path_regex: 'k8s/[^/]+/secret.yaml' +- path_regex: 'k8s/.*secret.yaml' shamir_threshold: 1 key_groups: - pgp: *pgp_common age: - *kuwubernetes_cluster + - *kuwubernetes_cluster diff --git a/k8s/system/cloudflare-operator/kustomization.yaml b/k8s/system/cloudflare-operator/kustomization.yaml new file mode 100644 index 00000000..3e5ee8d1 --- /dev/null +++ b/k8s/system/cloudflare-operator/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- https://github.com/adyanth/cloudflare-operator.git//config/default?ref=v0.10.2 +- secret.yaml diff --git a/k8s/system/cloudflare-operator/secret.yaml b/k8s/system/cloudflare-operator/secret.yaml new file mode 100644 index 00000000..c15cec2e --- /dev/null +++ b/k8s/system/cloudflare-operator/secret.yaml @@ -0,0 +1,65 @@ +apiVersion: ENC[AES256_GCM,data:6tM=,iv:xSPYVxWwySOWXMDG0xYTHpIxzET23JywZF5FAkohQmU=,tag:7VB2Y8ZhbE/cXGn3KpxV8Q==,type:str] +data: + CLOUDFLARE_API_KEY: ENC[AES256_GCM,data:9FWV5dWj5Qll6zq81Y0W8Wi0orctjl4XjAXFLaUfvD6utUVHIGjN+WyRTAwZd3Rvih7TdQ==,iv:rSMSf59OumsNxnsdjODwCrQpedtF/vLiIy55oBHR0+0=,tag:AhNG3Y+a/sUzq4dsWukKBg==,type:str] + CLOUDFLARE_API_TOKEN: ENC[AES256_GCM,data:5KFCNknZLBBNM5vpd0oMQEQIstmGFnSG+L+vKa5rmjc2oZCDkGWeI23c6W3OzDAyZMPoO4v9so0=,iv:wDT36I1wEi3oWAgmC7Bwm9PyCPh4mCdFhSghqklj6tw=,tag:+I5rOGQrPbSqxRF/9l8atw==,type:str] +kind: ENC[AES256_GCM,data:VwEWynNq,iv:Y0IgB4CDzmFxTQ/PLhfqjMQW9w6guI/t0nNhGl2urg0=,tag:84HRARvuQW+P8ooxY4Q6/Q==,type:str] +metadata: + creationTimestamp: null + name: ENC[AES256_GCM,data:ZuNsbuZKHhhK+/bVYAkk75Jy,iv:f28cglBsB0vo6EkmnlCTK5MOHDDEcJlS29GtzY6PRgg=,tag:ZJU5vI2Q2a2t5gPfDdlDyw==,type:str] + namespace: ENC[AES256_GCM,data:vN1XQTOhmTJZpQ0/1skO36g+rocDAD8oADs=,iv:sbnCcahcRrP67L9ZH82y0OGxxS9zErBc45TbXp9dROI=,tag:HrR8MOu+8tqzmNOC/gEnrg==,type:str] +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1nmdv4q8hcyj3s6qevrmc9w2vhd4a8tsj5j5e0cry5utex7vqeprslyjvxz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhT0ZkYVRXazdNN0JmQm91 + dlZweHpqK00xalBORE53em5SNjVUMDBwK2kwCm5lejA2aGxueHV2emREd2FTdHhJ + V3dKWGZVcmlxTCtqaDFYdHlSdlFzZjQKLS0tIFZNVUtwdnFYcVFrc1I0ZXExMUo4 + eUN2ZnRaU0VzSXZDNlBBVFVyQ3lpaGMKAg7VUhl6DM3VLRwpmoIV3J9wkM96MC+r + HapWenCJ0YXmw76JH/Poi7RQDsr1VSTTunpokASqsGexCKa7LPjNXA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-01-20T21:10:38Z" + mac: ENC[AES256_GCM,data:I3KxSUJa+czks5P9n8sVQe3cyGIJuwY+yS4u5p1paBiUiM3Fv22oUBNFh/+p2vCn2gKorsYLmsPfFI7XTX3QFAxD8xpsuU+v0GEXoTJ9qI5+0m6X6W3hkAr4JgULwwJMtgmeXu4ZBh2wY3YKlYS6FvOSdAIPg1O+gtVvt5+KGu0=,iv:nZ8928ocV4ZRMraXUNyaS0kYRCdrMedEuclpySd8AhA=,tag:lv1HAjX+O+S3p6Xi5AF2vA==,type:str] + pgp: + - created_at: "2024-01-20T21:10:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UARAAsXvk5bbFcYLmGaultm9jgPn2q4sxtLpwOs+Mxx8ePm7+ + WJnwSiftweZ+p1ZYXLCWi3fPvUutnI4dsGfPeugSakUIGt1ly5jdjmY5vtfMk4Rl + POBpmOqkqOToWHurunt2kQGb1qlLEh9lXotIWeyTnhnO44z6WZXhG/m7GH4JPCi/ + 6jzPhIoc/Bqya18moG2yh6qP536P2DdxCLIqHfv+FOWBRzKjudeKW+UmDjrofnzD + eVcrDeLX14efzW+KWLHGdH03Amy3wiNSMEvR2J6SSyKW4qdtiZNXc0mdev15cUNj + kij2DFBxj15ACmkI5T0MCdokCYiutMQFmcp6DMzWDx+QNV2GD3pBZ7DrqpP/+oZg + 1rpfuJWSjL1IeiwwxpAmDTPpMUv5CRTU0YtMb0Vr8kLDsmj9+QdMYjkCBUcI6PDY + 7ipfcXMm6V23euj3NNd/001SsbO7R/KO+UZZ2CjvYd4hH77IJ65/STw94Zi5YAdk + D1pk97x4moXCna2z2eIwF8xAInpm27eNyWDDteKhX7haMi3M+e5j5CRZra4XUuVE + OFbtzzvvfxuImRb8fpE87gMadGhJAWWoFA4TlKtckNmrhKIeOTWeE2JnzjZEON/5 + ZKChof6s4K8lFHyQT8oo4DuJMsTN9JnngNRZgNATyysRNXpl4hmDCy/LJ1Mbh2LS + XAGb19rTGO+HfJN8hQzED8OO+qWctWNK+/uXzcLPE4GWBewsEHtCxUOPcSThcuN0 + a6ok4QvjvdDo/1LUKkdlZsjx9MQLrQZLexLunZcqK7gzVxHmzhFCN8XcwgDQ + =0PES + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + - created_at: "2024-01-20T21:10:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA2W9MER3HLb7AQf+Pd7EweWoLLwB9/efdE8TdyRLk0p92zXnhh48CYmsJhhf + mFyv8JBdBCRqPItOd+yyBhF9lARb24GA9h51XgDBLvS+E2GN3pFpFBp8UNCPNp4W + E3wk4Ps6YyeLwRFBfI8Lvd8pHDzGPdP4EURvDCogal6IDKMR0MFA1SYPGoj56MOM + BQc1zcnKlIy2I+iC/hIkAyOLqD7jBaaiYoycwOZ/Hs+T9CxUyCnTapOWacj3dc/e + frxqSDAG9K7j+dj2UZ3zxkVtC0FihA+j8A6MupL/GLoLgk1Y5NJ1H5l8z4WHjwhz + rWp1d+0RHkE1zwv6j+Oy+MLcWpZ9FgsHvZ2wUgJoBdJcAWkR8wDDpflXHeWCJGIl + q+4oTeCqmuG8vhLEaoU+PSnpSqD0PT9JpNkPLhFqmnjabex04KGjVacu/3FBjIHY + XUF9Cfj9CVEJg3cwMGh+w6L/JbfUqsejhttkZMU= + =NUfI + -----END PGP MESSAGE----- + fp: 65BD3044771CB6FB + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/tf/terraform.tfvars.sops b/tf/terraform.tfvars.sops index 8c8de3e4..df9fe038 100644 --- a/tf/terraform.tfvars.sops +++ b/tf/terraform.tfvars.sops @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:3XMRMEbW5GOBBe8qDnDIpRebRY9fd7qpgG3zyQAYfYfWaCFof1QMP6nkT98Hv4Z8YbKOEU4sAJT5rXHESwu4dWJQ8P4S1SrbcPimXAmZKi9mhfe8Igh+vG57KgZvLs6FwQLSZ9QMtNjy9j5IglqvviL1tPtUPCSQe6zN72/Tj9c7QCCXmHrh1K3bX8SKZCJtRhJdFrV5lOl+PmFtOc6+IKT7nOQGz3Iqs3zCkNv7PVpz1Y8V4YfxG4uZD6KKsoJbnufOHEgf4HJXshHcR4BtU7aLsN7miIrvTYJAOpZ/jmjz5iST5biTQl+pTrYmhWrQXX+w2s7Q5WUatdqBzqwoB8BEDKLDPCzOpCGP+bhFptIz6l6SOsFOcOzjNnqEKJo3I5Am6DVoumMysy/CKcjqi1OFzVKzsEYziwtQ0/e4vRJ/4PI0b5prt7ZqwlSG0DZIcCaQkVxkAhAkJfcl6JSScwfQXoSa1v00SUg7VrxZCodwc+nPx+6VGhH3vT3DrlH0AFHgu7DiXSKnyIXXyQxjcSY7y3Kdz1DgpvMxMPymq8pDXK3D36dM/D15r/a88qgabEVSndWlf/Iq5JP5xAFF/NXAa8uqHPR5ZfsiT2t8sZ6HXTI420kupC4rA+aoBWB189e2S2+yjwUBqxvu8cpqCzXh/vxsNdpriKIH44QZzi4Nrv1mdeCtalnB/B7vy62e9C/xpsobSTw2F8OhA8IqZMYsktBI9861fUAg9K7aat15JzZxiMTbXT5oBu8Ckz9S6QbFnJmIla16Cac+mX9A0eWk1KXUMBKjmhVnAcfG1uITWeRknDawRzuVN1apHAbGpaJhe5c59whDaJU0F9lc/QEeV2NerYa7in8ahBwFiLVwmZU5wyLfuyu432uLA9y3ZV2dfow0rPY04rI5V622QvbB+YzhEzrjMl+WPNtbwq/3dIG3,iv:G/x99mJUSak8EqvwNRJcEatBLJrheobSDl6TIfEPuhg=,tag:gePsgq/ycuOUobf5SHUGYA==,type:str]", + "data": "ENC[AES256_GCM,data:aQfZiJ9huBNA8kXUPaKcl15qI+fT+dJWPlfr5hH25GdbGROnlcQVraoeUjYkFaEQDBbf+dy0UinNi8v2zHBqZemL1zxfYIvLvqRns+SigjXSiRwPXjdZyxLkFIU1rDQy1stebTmuQ3IUusAeR7+ISUjyOdi+9kdGn5kF4JSSMyH0N32I80/3HM6Mh0taPfGxLz0Niycq14/ncNmHUvN4o9laT/ZErSxLAUdZXzauMIA2CCfCH5fH5p0SgGyVC0R6pK854rs569TCEal7fG6/9zgfXZZtn+tA7tLt7Ffw/eSA7e5fMe88pgyg97vpZ37JWNQbrCumC2pExfaUHWXfeo2VUyZmMVuuNMG2n5VGGaNwF7ozP5cepBb36AR6bJoryc7Cel/1RvwLZ44CjA4dl7cUh2ZKKrBR7D+s2UHJBJMV4sNPfnYL/hUL3OAZvOtxXoZVl98VmNfGKPGvGxWGp0QbiYSu9+l+nCYU3LjneytF/BCFJh7Au6gp9+MMohAKSCXLtxu8b7J82VM8WwSKo0LIZ2HPvXgzPCll4rqCeSkSugywJ4Rdmdumw3DJF4lr0IZHTPnKzEeEov7wUW6yUxxrIXWfiEzTUrf1wHcRSqj3vfZErSEemxaDZscOgWvQuvweyWwfaW7vh2Mat8CZBKT/ye3ZkiI405RV/SeKUV3Go69xFxRl6jv97rmiCi62T7FwiZ9fNrD7rykDDKwMRZerhk9IbonqHfEVQQyhuor+3Ba50+6PLn9pl7R59ol2fjzKanwaCF0/Vq8jQ9cou1SJGhCXMFkXjil2z/fkDjfK7JV63WQsJ4O5GS/128wT3CxB03IKbHuxYUIc5kdxRU2X1hWt9tCsiji8GpHL+9y7LH3NEb3eO1Qyp8/pTfrHS7CfOnBtzzQHWvoQH5hq/9z5woZbxn12i+iYZbhty9Ovcnzn8hZ8N2qY/p2yopZ0lJnPVlKqVv3c/QF9lPoPGCPPCXBinz8g0cpPnq3P7JaGV3lqu/dbPyFp7JE3uVtOX//KJqmarrI+LKQ=,iv:6e2GXBrFVja3oXUkSzGAEA1uYDgv0Z5mSPiQD1krbQs=,tag:1qwH4nhU1lbhfbLlfm2DjA==,type:str]", "sops": { "shamir_threshold": 1, "kms": null, @@ -7,8 +7,8 @@ "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2024-01-19T18:36:07Z", - "mac": "ENC[AES256_GCM,data:ErSy+IxhckdRdTnwMZhKfk85/urFP0Ukg2Wd7OYovsOtyFFdpZHKKI+EmwdcWfQHsm/BIuYpk5SZWzglAQC27QN5NlOHyA0Kv4Qwh1CiC0ucro7h7Zxp9DyPwEw9H6S6trFnNKiQ6NspIovQVnie1uAB8yDcfb6LrK2LJsYUudY=,iv:kGoWodrusKAn9i8P6OwvpzvV+7puFufF8zQOKZaLyrc=,tag:infvlgnI7lCdSMU7NJljug==,type:str]", + "lastmodified": "2024-01-20T21:05:40Z", + "mac": "ENC[AES256_GCM,data:VQjveQ626J3wdWqbOtY2og7bCokGWvU4JOJd7KD6lBwhHCS759xaTNbqR3FCQpaC2Kjfh0C1i5FXYslOamttz8Px0VSZzGARuTiFiLE4ztDNPCU76x4NzSR7nYd33ipDzgj54xdpIBt/R1EsAIQegEBy18wglU7Sp6M1RbKVZCY=,iv:E7qy1DLlvQGO1OuYD2lfxyEa84SbrRShD9lHIOfjSdE=,tag:LwjyuROYKmU3XRBGhVcMbg==,type:str]", "pgp": [ { "created_at": "2024-01-14T19:49:29Z",