tony/homelab
1
0
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add SOPS

Browse Source
This commit is contained in:
Tony Du 2025-02-13 16:19:09 -08:00
parent df10ddfcef
commit 2ba4eca34e
4 changed files with 44 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
k8s/clusters/dolo/.sops.yaml Normal file
View File

@ -0,0 +1,4 @@
creation_rules:
- path_regex: .yaml
encrypted_regex: ^(data|stringData)$
age: age1gznjylxw2d3mhq6ar4nl4mvltzjems76swlqpe607u4h8j5ykefqz0hhw0

8
k8s/clusters/dolo/infrastructure.yaml
View File

@ -14,6 +14,10 @@ spec:
path: ./k8s/infrastructure/crds path: ./k8s/infrastructure/crds
wait: true wait: true
prune: true prune: true
decryption:
provider: sops
secretRef:
name: sops-age
--- ---
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
@ -33,3 +37,7 @@ spec:
prune: true prune: true
dependsOn: dependsOn:
- name: crds - name: crds
decryption:
provider: sops
secretRef:
name: sops-age

1
k8s/infrastructure/controllers/crowdsec/release.yaml
View File

@ -1,5 +1,6 @@
--- ---
# https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/tree/main/examples/kubernetes # https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/tree/main/examples/kubernetes
# https://docs.crowdsec.net/u/getting_started/installation/kubernetes/
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:

42
k8s/infrastructure/controllers/traefik/plugins/crowdsec.yaml
View File

@ -1,15 +1,35 @@
---
apiVersion: traefik.io/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: bouncer name: bouncer
namespace: traefik namespace: traefik
spec: spec:
plugin: plugin:
bouncer: bouncer:
CrowdsecLapiKey: ***REMOVED*** enabled: "true"
Enabled: "true" logLevel: DEBUG
logLevel: DEBUG crowdsecMode: stream
crowdsecMode: live crowdsecLapiScheme: https
crowdsecLapiHost: crowdsec-service.crowdsec.svc.cluster.local:8080 crowdsecLapiHost: crowdsec-service.crowdsec.svc.cluster.local:8080
crowdsecLapiScheme: http # https://docs.crowdsec.net/u/getting_started/installation/kubernetes/
crowdsecLapiKey: ENC[AES256_GCM,data:6uiMo8nlWN+NJ9Ow8By3435R4sV6Ff4Uug/KSPDExNLnY4D2mM95Ne6Skw==,iv:XA5EhZ1iM+DzTa9ZhZlrKMwCh1YJ471GY4M3ZCJFKc4=,tag:Yn312cAs02oDnovxIVYHQA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1gznjylxw2d3mhq6ar4nl4mvltzjems76swlqpe607u4h8j5ykefqz0hhw0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOW1HRDduS1JkeHp6N2Fx
RWlGTXpDS3Y1SHRRN1dzSm9LaFJXTVJYb0RNCjhuU1BONVhNWW05VUY2cWFOQWVK
cmcxN2dRVDdTWXovUzRJSWNZUjNUdzgKLS0tIHlVYmk4czdoaHI0aERaeWNTNHRz
S3JSOEY2Y0dWci9JNGVFRHM3ckxURjgKKCk3oswfOMyMFwluWbUOy1ugfM24SARR
fPbgrcUqAQAIiGONf88ybs9kWGSlnh9CS/IEhbDKFixAWNebpmv28A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-14T00:15:25Z"
mac: ENC[AES256_GCM,data:sR/HO71a2sjIOmGXTSGkcDU/AAYNG+oy0G9Zr8WKT6Oz+auvp4gy2pUENJl1oX5KiUvfrJe7ref0x+oQ5FtaYHYIXW925zALYGpVFwVKeasAahsZLBqfzbG+Q/8aYrayaz2xidINlLU+DJT/H+M9vGmaRKX/p9CHt8EkAq736TQ=,iv:4rxIvGQnb6okS/kDAe9gkzIaEzIXY12lkQFNcpLYCTs=,tag:X7FjXkH1avrhM9ZQxo2dmQ==,type:str]
pgp: []
encrypted_regex: crowdsecLapiKey
version: 3.9.1