From 3562dc964a515cdbb8d0d5779f553fbb3abc66e5 Mon Sep 17 00:00:00 2001 From: Dan Manners Date: Tue, 17 Oct 2023 22:06:03 -0400 Subject: [PATCH] Adding Sealed Secrets --- .../sealed-secrets/application.yaml | 31 +++++++++++++++++++ .../sealed-secrets/crds/kustomization.yaml | 7 +++++ .../sealed-secrets/kustomization.yaml | 8 +++++ .../sealed-secrets/namespace.yaml | 6 ++++ .../sealed-secrets/values.yaml | 20 ++++++++++++ 5 files changed, 72 insertions(+) create mode 100644 manifests/bootstrapping-onprem/sealed-secrets/application.yaml create mode 100644 manifests/bootstrapping-onprem/sealed-secrets/crds/kustomization.yaml create mode 100644 manifests/bootstrapping-onprem/sealed-secrets/kustomization.yaml create mode 100644 manifests/bootstrapping-onprem/sealed-secrets/namespace.yaml create mode 100644 manifests/bootstrapping-onprem/sealed-secrets/values.yaml diff --git a/manifests/bootstrapping-onprem/sealed-secrets/application.yaml b/manifests/bootstrapping-onprem/sealed-secrets/application.yaml new file mode 100644 index 00000000..3b519a57 --- /dev/null +++ b/manifests/bootstrapping-onprem/sealed-secrets/application.yaml @@ -0,0 +1,31 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: sealed-secrets + namespace: argocd +spec: + destination: + namespace: kube-system + server: https://kubernetes.default.svc + project: default + sources: + # Git Repo Deployment + - path: manifests/bootstrapping-onprem/sealed-secrets + repoURL: https://github.com/danmanners/homelab-kube-cluster.git + targetRevision: main + # Helm Repo Ref + - repoURL: https://github.com/danmanners/homelab-kube-cluster.git + targetRevision: main + ref: values + # Helm Chart Deployment + - chart: sealed-secrets + repoURL: https://bitnami-labs.github.io/sealed-secrets + targetRevision: 2.13.1 + helm: + valueFiles: + - $values/manifests/bootstrapping-onprem/sealed-secrets/values.yaml + syncPolicy: + automated: + prune: true + syncOptions: + - CreateNamespace=true diff --git a/manifests/bootstrapping-onprem/sealed-secrets/crds/kustomization.yaml b/manifests/bootstrapping-onprem/sealed-secrets/crds/kustomization.yaml new file mode 100644 index 00000000..95e0733a --- /dev/null +++ b/manifests/bootstrapping-onprem/sealed-secrets/crds/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system + +resources: +# renovate: datasource=github-releases depName=bitnami-labs/sealed-secrets +- https://raw.githubusercontent.com/bitnami-labs/sealed-secrets/release/v0.24.2/helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml diff --git a/manifests/bootstrapping-onprem/sealed-secrets/kustomization.yaml b/manifests/bootstrapping-onprem/sealed-secrets/kustomization.yaml new file mode 100644 index 00000000..4e88bb4a --- /dev/null +++ b/manifests/bootstrapping-onprem/sealed-secrets/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system + +resources: +- namespace.yaml +- application.yaml +- crds diff --git a/manifests/bootstrapping-onprem/sealed-secrets/namespace.yaml b/manifests/bootstrapping-onprem/sealed-secrets/namespace.yaml new file mode 100644 index 00000000..74f4266e --- /dev/null +++ b/manifests/bootstrapping-onprem/sealed-secrets/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kube-system + labels: + name: kube-system diff --git a/manifests/bootstrapping-onprem/sealed-secrets/values.yaml b/manifests/bootstrapping-onprem/sealed-secrets/values.yaml new file mode 100644 index 00000000..89d4ce63 --- /dev/null +++ b/manifests/bootstrapping-onprem/sealed-secrets/values.yaml @@ -0,0 +1,20 @@ +kubeVersion: 1.28 +namespace: kube-system + +image: + registry: core.harbor.homelab.danmanners.com/docker.io + +ingress: + enabled: false + ingressClassName: nginx + +createController: true +secretName: sealed-secrets-key + +metrics: + serviceMonitor: + enabled: true + namespace: monitoring + dashboards: + create: true + namespace: monitoring