diff --git a/clusters/titan.lan.huizinga.dev/infrastructure.yaml b/clusters/titan.lan.huizinga.dev/infrastructure.yaml index 9d7bd43..2201446 100644 --- a/clusters/titan.lan.huizinga.dev/infrastructure.yaml +++ b/clusters/titan.lan.huizinga.dev/infrastructure.yaml @@ -4,6 +4,10 @@ metadata: name: infra-controllers namespace: flux-system spec: + decryption: + provider: sops + secretRef: + name: sops-gpg interval: 1h retryInterval: 1m timeout: 5m diff --git a/infrastructure/controllers/cloudnative-pg.yaml b/infrastructure/controllers/cloudnative-pg.yaml new file mode 100644 index 0000000..e5f8b21 --- /dev/null +++ b/infrastructure/controllers/cloudnative-pg.yaml @@ -0,0 +1,74 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cnpg-system +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cnpg + namespace: cnpg-system +spec: + interval: 1m0s + url: https://cloudnative-pg.github.io/charts +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cnpg + namespace: cnpg-system +spec: + chart: + spec: + chart: cloudnative-pg + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: cnpg + version: 0.22.0 + interval: 1m0s +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cnpg-database +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cnpg + namespace: cnpg-database +spec: + interval: 1m0s + url: https://cloudnative-pg.github.io/charts +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cnpg + namespace: cnpg-database +spec: + chart: + spec: + chart: cluster + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: cnpg + version: 0.0.11 + interval: 1m0s + values: + type: postgresql + mode: standalone + cluster: + instances: 1 + backups: + enabled: true + provider: s3 + endpointURL: https://s3.us-west-002.backblazeb2.com + s3: + bucket: titan-k3s-backup + path: /postgres + secret: + create: false + name: b2-access-key diff --git a/infrastructure/controllers/kustomization.yaml b/infrastructure/controllers/kustomization.yaml index 45cb461..c27ebf1 100644 --- a/infrastructure/controllers/kustomization.yaml +++ b/infrastructure/controllers/kustomization.yaml @@ -1,7 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - ./secrets/ - akri.yaml - cert-manager.yaml - traefik.yaml + - cloudnative-pg.yaml # - rook.yaml diff --git a/infrastructure/controllers/secrets/b2-access-key.yaml b/infrastructure/controllers/secrets/b2-access-key.yaml new file mode 100644 index 0000000..0296a34 --- /dev/null +++ b/infrastructure/controllers/secrets/b2-access-key.yaml @@ -0,0 +1,61 @@ +apiVersion: v1 +kind: Secret +metadata: + name: b2-access-key + namespace: cnpg-database +type: Opaque +data: + ACCESS_KEY_ID: ENC[AES256_GCM,data:YpYkexRxH4mVyufrS/Blw3PSrU9H1eO3O6urN9tCZvYBenp7,iv:1ka5Otp0u4HJ5WC3yj+YJLAQC0Cy8Y2vWGqxLSaAGfM=,tag:8SKOcUoUuOWLm0Na2r7Hfw==,type:str] + ACCESS_SECRET_KEY: ENC[AES256_GCM,data:8Q2QsCpe/yiWmETVnIROJe0uiY7gMzQF4e8PiaF2vAgqkNq/oT8ku21bWCQ=,iv:635wzxp/XJ0zoxw9n63km38LdqDcebfU/ltLzN/bHPc=,tag:nGfKtpf8qzNyO3bDbbtn/A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-10-10T23:09:06Z" + mac: ENC[AES256_GCM,data:h7zG2uHCxmhvsdShoPYizxLoDPJ9fJAYyhxQxZ/oqF88/4NIUUw6hItyEXzELBt7PPU4VDjOu5DuyNaTFsHAJkMOBzof7x11JInvtZYvyId73H0uIyT1l7vliz9zae9X4hQPkID27g+mIJLfmT4IRND9CMTTKWVhVw4zAepi3co=,iv:ZqQahzaZqlOJLa0TjxCwr9hrkE6LqXKDzHafEPGWGKQ=,tag:sMvthhyrtkhzgKWvSf7mLg==,type:str] + pgp: + - created_at: "2024-10-10T22:08:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA7pKPTYH5bqOAQ/+MJi/46q5TyjE0mqUfgmx90mYGchNQCvOHOdZJT2E2s2Z + DbqyrI5Bx+EauTl4eYhlMS9Xza/mL5I99GX/49FRpgvfmCwbM/aeOdq/CPWE771n + iylxE6uj0VVQGCazcO84Gg8CUxW3+dtNBbIUQYRxmQST6Pbg/lrmlXF5wDUfEueT + 5FkfOZA7py3TyxUB4tcFA13e10CRFC1a7KHvfZm4ISs/1L97tsr0aZNgwCmHZodO + 5fcm6poWtXEo16N/4XC8CI0z7unqNVRSgvpvVBHCvULkq4abznho2abkForNNkvv + GaN1Zcq8GIclVexMxaSC0M7BFfOdhmCDXuOdkKP/K1etL9UGGBdo7g5WJ7eqAiKN + Xs43VRijJsltIrTui/0s8zVIRzLfxTYGR2JtSnLuFaMGkKAijR34RsC9hXol+OB1 + OAxGVzGfAR8wdgmShV9SPSOl3CtT6317YGuzjzkSbryJ2oYqR4zjV9jXgIEtuDZF + r6RITshhvata0w+e6tHSMYmnsF9YD4LbpGQmLm7r/A5ibBsE/2ZoUGBxNrb68YW1 + vQmD2Ywv/Soe4f2Vj7vXJewrrJ1F0NPV/43sxl9lZB9JVMC6c8pMv7hndVq7dofn + dbqVXXeGd+Os/5X0P2yjlJYBjrMpFsg2tNi5dA5gUJ9uXqzNtSFx7ma9uJ4sX3zU + ZgEJAhDRzwccDHXa3D3+FBVJFbwN80G30Z6hS225mpIrBXqkElDH8hGs7KGkdIP5 + O6CcZKt+j2R+40J0iJIcy1s211qgkzzDgtUaM1yAlVM8t3JpnykjhLp8mMzytOC1 + rag4GdeG4Q== + =9TAG + -----END PGP MESSAGE----- + fp: 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E + - created_at: "2024-10-10T22:08:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA51kG++kLewoAQ//fPw1ZgguXCZSLBnl4J/d4IZok6l4TdnbySDOKTOnZUi0 + xyDusr9kdrEdDb4nYUT3PBrxEC2DsKDIJJSwUgLTZB6moIJgHPa51qermyGgqhKU + c4vyYCMKAJyS6rOoU5fsPb+kJS52ltBLEmyO7JndM32CFmfyq4iwphNcheJE7qFW + xBmEtsJBPh4P1ysFQtG0DH8iroAYvsI4HLJw6+pdy/rI3zu3LDmiOnEidGz685BB + gbYj+bJV2gIBGdSWqsjuAJh37dfP9143Hwvz57raA+uqVPtaTaywGuEyDE7E8B7U + LdxATRKDdRp9+ytdn+UBeZQPYolKhv2bOgm4tzBq/VGmm/11nZbXyv69vgooOqnf + YYPg3VGnqpaGmxy94EFuLCWvD0ZO7rMQMOoz0vZRHGNYsye2tUOF/F6eIzhehh3+ + AhGSrGDZa5HM41dLsTrNnb8YbzGKqljVJyWvORfIniW6RONIuFrz3/Pe4jjnM+Dm + Y8z033SmAm5JT2Jhc/tb9LvYbVQzfrUWImh9qcVGOU5RqvB13VOCaNHmt33crMjg + KFMhBJ5F3ftqe3JiK+6KOuS9g2wd3M5VM5qLHBLr7qTDb5q/JKsBIY7AcLsVyYNx + T3OynFuAkiYVTe4CuXCSrbVPXd9XkV/dDdQh+5ZR8nxo0/TkpnAwwGdh9hFsOtLS + XAEXagTFsM3Cl3T45ehYSPt6oyfx5dwKkQ8wxaqSWIkrvTla/ofOD9xemsBfYNku + b9vLFfbry8J+p5H9fEtS9/co4xYmajP/Mzq54JflEHqt/ej0MTxnNB5m+a45 + =CFmy + -----END PGP MESSAGE----- + fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28 + encrypted_regex: ^(data|stringData)$ + version: 3.9.0 diff --git a/infrastructure/controllers/secrets/kustomization.yaml b/infrastructure/controllers/secrets/kustomization.yaml new file mode 100644 index 0000000..71152a3 --- /dev/null +++ b/infrastructure/controllers/secrets/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - b2-access-key.yaml