diff --git a/.gitattributes b/.gitattributes index cd0b993..9fc5447 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,3 @@ _secrets.yaml filter=git-crypt diff=git-crypt secrets.yaml filter=git-crypt diff=git-crypt +*.agekey filter=git-crypt diff=git-crypt diff --git a/nodes/_defaults.yaml b/nodes/_defaults.yaml index 1f70843..4b17c1b 100644 --- a/nodes/_defaults.yaml +++ b/nodes/_defaults.yaml @@ -31,3 +31,4 @@ patches: - !patch cilium patchesControlPlane: - !patch allow-control-plane-workloads + - !patch sops diff --git a/nodes/testing/_age.agekey b/nodes/testing/_age.agekey new file mode 100644 index 0000000..791ab44 Binary files /dev/null and b/nodes/testing/_age.agekey differ diff --git a/nodes/testing/_defaults.yaml b/nodes/testing/_defaults.yaml index 1f0088a..080b997 100644 --- a/nodes/testing/_defaults.yaml +++ b/nodes/testing/_defaults.yaml @@ -6,3 +6,4 @@ cluster: name: testing controlPlaneIp: 192.168.1.100 secretsFile: !realpath _secrets.yaml + sopsKeyFile: !realpath _age.agekey diff --git a/nodes/titan/_age.agekey b/nodes/titan/_age.agekey new file mode 100644 index 0000000..ee154d0 Binary files /dev/null and b/nodes/titan/_age.agekey differ diff --git a/nodes/titan/_defaults.yaml b/nodes/titan/_defaults.yaml index efa57c0..816b841 100644 --- a/nodes/titan/_defaults.yaml +++ b/nodes/titan/_defaults.yaml @@ -5,3 +5,4 @@ cluster: name: titan controlPlaneIp: 10.0.2.1 secretsFile: !realpath _secrets.yaml + sopsKeyFile: !realpath _age.agekey diff --git a/patches/sops.yaml b/patches/sops.yaml new file mode 100644 index 0000000..b81cda3 --- /dev/null +++ b/patches/sops.yaml @@ -0,0 +1,17 @@ +cluster: + inlineManifests: + - name: sops-key + contents: | + apiVersion: v1 + kind: Namespace + metadata: + name: flux-system + --- + apiVersion: v1 + kind: Secret + metadata: + name: sops-gpg + namespace: flux-system + data: + age.agekey: | + {{ helper.load_secret(node.cluster.sopsKeyFile) }}