infra/metal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added sops keys

Browse Source
This commit is contained in:
Dreaded_X
2025-12-01 01:59:39 +01:00
parent 1da24905ef
commit f5798dae4c
7 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored
View File

@@ -1,2 +1,3 @@
_secrets.yaml filter=git-crypt diff=git-crypt _secrets.yaml filter=git-crypt diff=git-crypt
secrets.yaml filter=git-crypt diff=git-crypt secrets.yaml filter=git-crypt diff=git-crypt
*.agekey filter=git-crypt diff=git-crypt

1
nodes/_defaults.yaml
View File

@@ -31,3 +31,4 @@ patches:
- !patch cilium - !patch cilium
patchesControlPlane: patchesControlPlane:
- !patch allow-control-plane-workloads - !patch allow-control-plane-workloads
- !patch sops

BIN
nodes/testing/_age.agekey Normal file
View File

Binary file not shown.

1
nodes/testing/_defaults.yaml
View File

@@ -6,3 +6,4 @@ cluster:
name: testing name: testing
controlPlaneIp: 192.168.1.100 controlPlaneIp: 192.168.1.100
secretsFile: !realpath _secrets.yaml secretsFile: !realpath _secrets.yaml
sopsKeyFile: !realpath _age.agekey

BIN
nodes/titan/_age.agekey Normal file
View File

Binary file not shown.

1
nodes/titan/_defaults.yaml
View File

@@ -5,3 +5,4 @@ cluster:
name: titan name: titan
controlPlaneIp: 10.0.2.1 controlPlaneIp: 10.0.2.1
secretsFile: !realpath _secrets.yaml secretsFile: !realpath _secrets.yaml
sopsKeyFile: !realpath _age.agekey

17
patches/sops.yaml Normal file
View File

@@ -0,0 +1,17 @@
cluster:
inlineManifests:
- name: sops-key
contents: |
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
---
apiVersion: v1
kind: Secret
metadata:
name: sops-gpg
namespace: flux-system
data:
age.agekey: |
{{ helper.load_secret(node.cluster.sopsKeyFile) }}