badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 2 Actions Packages Projects Releases Activity

Install argocd and rotate zot secrets

Browse Source
This commit is contained in:
Nikolai Rodionov 2025-04-10 21:37:58 +02:00
parent ce1814c330
commit e6397ae56c
6 changed files with 71 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
helmfiles/platform.yaml
View File

@ -21,6 +21,8 @@ repositories:
oci: true oci: true
- name: bedag - name: bedag
url: https://bedag.github.io/helm-charts/ url: https://bedag.github.io/helm-charts/
- name: argo
url: https://argoproj.github.io/argo-helm
releases: releases:
- name: external-dns - name: external-dns
@ -34,11 +36,20 @@ releases:
- name: flux2 - name: flux2
chart: flux-community/flux2 chart: flux-community/flux2
installed: false
version: 2.15.0 version: 2.15.0
namespace: flux-system namespace: flux-system
inherit: inherit:
- template: common-values-tpl - template: common-values-tpl
- name: argocd
chart: argo/argo-cd
version: 7.8.23
namespace: argocd
inherit:
- template: env-values
- template: env-secrets
- name: keel - name: keel
chart: keel/keel chart: keel/keel
version: v1.0.5 version: v1.0.5

21
values/badhouseplants/argocd/argocd/secrets.yaml Normal file
View File

@ -0,0 +1,21 @@
configs:
cm:
dex.config: ENC[AES256_GCM,data:/PUs7FdzvwQzsRpJ98cL9f9tYvIab8s34GaQY7vrCg0W8WJIU2EuzknA3WQVEHryL+qC6xS/CH/7R7arb8zkIoTpFle6Hz0+S9FO6FYBnmDuL1Koc8YuuwNqcUoALXa0trpqT+X7h+RyolbkO4wzLvRB468Kwqdg3Ed6spAt0HjviZRz+EqWx5T7/e+E4m30kY9oWE/GVtShRb1gTzknczh6zxDKDl6fMFNWsSSU1JMCW8+zM9WxZ4+AaFP/nPI+/IeAqSiPaVEsQgDfIegkBtzBXK0SZNDCoLryOAXhp2jqM5HT4uHXkbghPqXY570=,iv:EguMqSLbgYS+/9HW73VTi1l6i7uQW0LvyxJ7keyWeiI=,tag:evws7j6zoZ+bE2sBX8PgJg==,type:str]
credentialTemplates:
ssh-creds:
sshPrivateKey: ENC[AES256_GCM,data:j5tZRZ97nshiSM/BU2uHCNWkk2dEYJP5rFWlaM/VFXSa9K2m16qVGzomOxiLF6MuF/w28JKXVBds7wvzMqGmimkDQCDnpDMdM8n+nFrBipldBsLAhD1FBR0VQS8JeBobUzBkWyCxiPwlnx58rYet+44yCp2t4iR2ymIRSyfFWIDnY9jlTOEy7sl06BeWHH2cyBFSI+dOF7xj9XOBqcKMjcDMynSMULg1JDOXaTlKyKO1L2uRByg0VbygiIqgM2d5UcyUTAppeT9pU5QQyHJJq/n70s0K8rR8w8KVoKmkegK/QGLTd6AOqMgsthMLGp6/q+f65jbAh1DYfb3PwbXHKVvki+Jueg8pXcwswazDn5acniKSz+NQIzNk5YSI+tMGUtUru013EXPcKKVrRoehS+gRoXh6Hax1dTAM6YE1g0Ws2kY5wgGUMMFQKDvnZazKDQJK8vLyQ5VX+w+vqv/AJtm6XyD7sySbRttuNkXOKWe9NBuH85UbxAGmSHPvk4q0l97yNTvt5+F3beQU3yn0s9MJ1l6M/DYqp9PM,iv:IKGB1ylSDqd5MvjgOQlF26u/rNYfg8u6rYwdbqauvSI=,tag:VrYXRz5l+d+h/JaViMt9mg==,type:str]
sops:
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGMDhFNGM2MHdBWnhpVG12
T0Q3cTF1WlRsb25zQzZiczBqVytNanlXZVR3CnVKamhvV0l4VjREN2JCMXJvakxi
KzNBdCs3QzVyZ2tMOGJDc0VXbHY1eUEKLS0tIE83TWdveFhiaGN4QTBoR3J0TXQx
bi9SNEI5eDFBWUxvU1p4Z0UwUFczSWcKtfjZsrEJSFZ5RSJsLU3X3WtapjE8yidF
S49BQXS6rEuWe8BH6i2me2j7/UiS/fY2w61TzZ5AQVZfwePN60g3BA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-10T19:10:16Z"
mac: ENC[AES256_GCM,data:J/dmpRJYe4xtu4KWyCNbyyIieul0618jp7YtT/+zNLvKG8K70nsYuNvGxXbE8Qqj+zXNVClJbW1U8dKGwU03u8T7QDB2PVd7ViI7JdRPKfiNIPabi8i/BZwEdLnAlidpjm0UYkC4VIVOR8DzAowOtHrqe4uo5bGXEkUl9OqVH18=,iv:2bh0LHfhSYIliepDsb5GU3B2K/213naEFdLbanI9GlY=,tag:VWN34NbtH+Xh576mW0Dy+Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1

43
values/badhouseplants/values.argocd.yaml → values/badhouseplants/argocd/argocd/values.yaml
View File

@ -104,22 +104,31 @@ configs:
accounts.drone.enabled: "true" accounts.drone.enabled: "true"
credentialTemplates: credentialTemplates:
ssh-creds: ssh-creds:
url: git@github.com url: git@gitea.badhouseplants.net
ssh:
applicationSet: # -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm.
metrics: create: true
enabled: false knownHosts: |
serviceMonitor: gitea.badhouseplants.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDpR4dE3oAGModn9GWtwVYrsnFod6pBXU8Z/uRj8l/hHjQaipISwNu8pqteGvssZatXBPkRj3zcf6yqgzufz9dXvt42XBN+H8c9UfeVrysivfTZ2DY3/J+vj0UBZy6kmf/sj83MTDaO2fIpnXOD2o3YYUeRVLL5YzTX1l22ih+LvvynY3gtmncf1SZOee1FTNJ2PdYi38F8Vp1MLAgcOTTsBd0WjCgx5xinzlPXwSxp6l4tp+aB6tsL4j5/6yudJfMkaOGTBCqybXyt6xYnYLTBbgmNlMd/0N9iOw4RYZfIaPDry6lTgNlJUWO5E7psckyjnCs1dvDRrJgL98q7X7+v8WNOqJMOFczLDAVtYq9akSFkJfAoNZ6FY4p//Xbgy3kukRlcSbot5ecBxPw0Cr9HAmO46uiaUHhPnVySyPKTiaDpOc5pjp6vak277jhSOqx0fX38aSVXyGJ5DYDgcg6f2nWjjhiLC3N3HDLtVjDJ6aw/yilldCRLugxXYT+nDtJjz84S8c13HvsREeW0vTncsBiY7y0WWCQyWj2W3Hp9SSNHuwl5xr+gQWSlhzBuDTceDlf4/TjaUIngWV+hVdkJEBFAcb9Oxib6AqF6Qrrw5lJUaboEA5RQs9Lh0lFfuirANzpVy1t279wZ0AEf6oFdeXLeHiV56QzKJLnbkzg8Q==
enabled: false
repositories: repositories:
argo-deployment: go-test:
url: git@github.com:allanger/argo-deployment.git url: git@gitea.badhouseplants.net:sharing/go-test-project.git
name: argo-deployment name: go-test
insecure: "true"
type: git
cluster-config:
url: git@github.com:allanger/cluster-config.git
name: cluster-config
insecure: "true"
type: git type: git
#applicationSet:
# metrics:
# enabled: false
# serviceMonitor:
# enabled: false
#
# repositories:
# argo-deployment:
# url: git@github.com:allanger/argo-deployment.git
# name: argo-deployment
# insecure: "true"
# type: git
# cluster-config:
# url: git@github.com:allanger/cluster-config.git
# name: cluster-config
# insecure: "true"
# type: git

2
values/badhouseplants/kube-system/namespaces/values.yaml
View File

@ -2,6 +2,8 @@ namespaces:
- name: registry - name: registry
- name: flux-system - name: flux-system
defaultRegcred: true defaultRegcred: true
- name: argocd
defaultRegcred: true
- name: kube-system - name: kube-system
defaultRegcred: true defaultRegcred: true
- name: production - name: production

28
values/badhouseplants/platform/zot/secrets.yaml
View File

File diff suppressed because one or more lines are too long

26
values/badhouseplants/secrets.argocd.yaml
View File

@ -1,26 +0,0 @@
configs:
cm:
dex.config: ENC[AES256_GCM,data:bSlWRFGEJG2minUCqhi822rrOd/oiYtiiH6+qN58W1ZgWED8Fk2v6BfH4oIircNOKi57SDl/LU9L6ZtjN4rE1WApRUrffdvfVEz9n6wSfz3IZAzr0X4QXqqybpsj0M02yJYYmu/BQn2HBI6mCuARZRo9XN14+qamF59fg+/uPYQ0ZYPemgU0xPaCKBt2YAPLZEJdxOi1lBTFSNnJ1bLSC5aaW3/C4RqRIwAlEn0EEoimiBXaVSiCvqEqgvtTFjq8PCu+zmZ9wy1Kw/BvfLDXIRNZzR3uV/8TnUy2+joU5wlYKHNUxehE/tIn9T1hOoFKKmBbVKHs6Wh8Nwo5iIy0x0EatZP/5KrgRZPc7ZF03ZlGjOKk6Ap5AvhWQgO9JFJ94dgCdmk9gzCuuHjiZh9qat7alkFBnEYsOrprEvLkpavxFj9om3pY61Qg/i9fk9gFtxoM7yTaxHTuIUsXpto+/ofviFPTm7dgrIMPbERJYaN7ETcrHglJPp/zizQkaKNspOcBCMkAnFCaVn257/an7iLhm7orcdDt7nVLGlCQyq4GBEdy5+x4JVIF9H27R2d9774TTHrFYWo68pDndrT5OCviZebuVqPj0W9LASkUcIwB2mPj6Gi3OBAuQLX48f5s9uGLfNh4UXdz4Rp6zKJJ0IImly7ut5yglrwFxDpXcLoku8/lyEeQlkOADP3+bBcpB36rBLm9gZ77CjHMNsu2zCNx3pMu6W2GAWJbv7FysAMASHfikhaCDx6oxlJdaGnYk8LJeWhSLERsP2qwkSEDr42A4YRsmsvkKohcZy4Ub3xQWE3dwTrc6vr8wJ8Sqj0cK8y7RaM79SulBJ8WExg6nzvZRfOcp8I=,iv:/xI16L5fvHC2IPAsEpg5QR4vz7Tnjlnl0C7cEDSSnek=,tag:5XLlpaauuQQuy3SrPdYZNw==,type:str]
credentialTemplates:
ssh-creds:
sshPrivateKey: ENC[AES256_GCM,data:iIxxWhxfKhcHoTOfECWhOP+725xbUWIlq+cIoehrxMBP6XfHvxZpN3tQegeH5geYlbYWy5/kvJ5aLWVPEtWy19GjwoGk0ozS5l3AufIroWm3W/zkD+bcCgG+4wKTI6YQq0KVQDYY2ZMyxFnKLPXWdKDJSIS0y0dQB8G9fQeANUvtozXAcMpLfoAPKEUpZQhY5e3vMut3lUDF12u3S0kWJJF8xTjTNjmR0IrLWILc8TH5EKTHrLGfFB8M+T3P8+zatIFE9w+RInp1t0yU+OHFWeu0WSt+tLOc+DBTQhdugKd62nnmRAav/O3DJqCVGe7/JP6ZwGdHw8f/zEf+FnDJq6I8LnHQl35KGYH8FftzA0uG5UCoXPkTz69HRa2gDsuY4YSuAoWkDIFIrf85hfC+pl//1McjIExkY2fW+t4FWWZSoCAGRzQymXetDh6KColRGNMk1LOjUXFTV+AHB8rm7ZQ4+mGw5IVdBLE/TcmmHOyQq9fHQaUZMvj/9/p2DIS39rQbRRplR9JJIA7OrlwZUZLuLxXshUjP3hB8TJHXdo1eJWEWB8XaCwOX8mI4xVa+tVC4GazHvpvhOxWAgBhG/Ba6eXSFY+bQz6tySg3WEESEZ+ihC20AjAn1kFKQz55vxI9/NLcUw++LmwV5f0f0Qk91HLkQR16/P6h8ce71P8knhDP5gDBVuPHM94NJ3TW9klzfhMFwNZXwtEqwiTUBSbYwzYs5AMwLhYjLDHrWodulmVFfhw6qCekDkMup/PPim/Khk/6yZPDW/Re4MNpRWsfM+AT5SomhRBf3VFI0PRyXaPHXNU62OwjCs6+Z0SBjdx357qt8q3G35eF1Ido79U5W7YtPN8V/lgNJxGCZsOgX6+Mgq1JIlrHkU//emgRXVQnAtQDr9SGf9NR4L4qwzGpdbhzYNlQ3756ycdjFZ+itaBP6vaq2Eszj6EzTODunMonFWCAyxlgeAMXpQAhlJVvu02cdipK6mkwC++nPqCknCnLEKJNHKEBlzcmJ7Bg09HiS4IXkXryEQ+BU0YLJWDIDTVFRG8tleATDJ6uFhBoryS52SVbfXPK88SGL1bAFdtvNXF4bsefQC3gI/pBKW4gS5EyCr11joocAsHX+CIe54K+UQdGF3cvIAjwbBRDjzW8+JTnZWdb0z5joWi2pQGpg9aB6XddBww5VJhRoiOOJrc+RKzg4WMwNDm1Th8QaTrAHpO+ILiDFXTviexk+Ggg9m0MpqKX25EHQVmjL68D03lyJ99xlU7Ee9Uvk5DeamPpdvuwWTSm6NUrJ1LeKt1Sw7wIAwbVan45G7yRahIH/+BJPm6byMAyB109jTJdfEqzNgowN4rJXd+1g7K6+jMCbgv0pA3aqHLbWZt0n1ZCA4BztwxuT3zvzXZnLpe0HJeauZls49YEGhvWpcxXDRNoZ5nXKZ94K0hbaLVzpx1mWp0lGxSTlGFyBQVhhAKF0MClVuyGVLRuuYCHcPdx521pK4qeEQo3gr6XTM4H3fkqhKsxsJVx43gjtj8bhEmlScHX839+D8rlVYQZwupSmSCYfnUnk9Izm5hcEGkpzemribmv/pD7Lqu72TbqpI7dj4GKFjfeG8gIwKlqHhBY64YBeYGVRjJrxYIQBkLswA5yrIeu9UZJMF4uc2s90sYye8jrI6FNV4C5EhD2HDUGOvjDwgIlV6RyDJCuPeuR6Qm6OO9NMby9Xi5xQdg/tGtkghTQzgRUGMW+bpurr1IplYpJfY8mQBz38ibvKp6Xjl7bTlc8IUanugG9HKETiXhNDDQVhhfZrsfwIwx6ejCNombMrMlV3k9ZSvKyvg/dpUQPxayKMolE11b2mA71dkNUVt0LjhjIO2PA1Das5PRAqu6QBevXSoBSb2A5VLok2BtqZo4kKhboL8vl2FcJO9lGB3ZuxQaNX7c30H4n57Ri/JgXG22L1IJMfAvw4e1HlLvop0sgoGkz0Ngz+U2VzPRMuUwPjKTUSN/tq4FpXvUCA5g/YmNhCnDH/LGTJsN26zEjqjYvALtTprmFqSN1I+8QM3ZA3ZaE+EcquhD4CNfcN1kvkz/4Yv+9sQym2fqbLGKzSSEXKVtnJnIlttfiDD/4wU3ARDqnzwWq+SJe3aEnnz05i13m5TGdQV1QQ3NwHIpk0leRIu9X9afvR/uInjkSNKhB00JWPhYzp7htnFo0uVvqHGBKRuK2KQOnANjaQweesoIHM+bj/v1ryr/i6Owf8D+Go5ESMPVTUD6xVTvdkE2gn+DN6mYZH3G2vIjbze5PNJ1GA11Mzhekh+1QxyBpbHPlDaaVzF+sEyCPdnvlAYZ4bycae2eIrToxmSv1EBTmBRJEq42RcC16xB9I+uxBFEJFM0A8lVOW/7J4qbMfyYb7+naptsNN3wgPg5E2iQI6kLLAy1cDtkbDLhczm4w9sz+4SRLcAt0jXMx8422BjxuuwEApyyVjTwtzL3p0z1fCNlBBfwOBlUfTR42Z04Q6XnQFmCUMaL9ZZQHHjVYlQTvY/61eLcADFxu77Y1pYh8NP6jJyuAynJmy6IRMMoYw1mhvZWxnqxgyvPZQ6a952yd24GArB8YRTcKM1d6cbVTvyOrHns+rNeviwqb2c1446/mdUvHurYfnxbc/NTzNTaKWnwRMcnPRkpqbH0XkIAooQLKgmTvDs4IdK89Ja5iHu408TMZUgNkXqCjJ7WsZQZ2I3ogZPdMCxpZdcRNhcS98Sf6BlF3zxbBtLSc5Jv5buXPYYOFGrDJa09LG6YEU4Sk1P62Sm1KtR8XgaKWbx+jXQSbgBKavGC8Wh1C0OHVlJzDirskjSs6Unr2lUpyp75IaGDaWin1we3J+kxfpFKZDBh147Bf9XoTXVvi/GtSMYGmv77r7kZHuNTriXlW+lrak6wnATo9+Bi4bT3B6KurTcEROM2RC+fnG8Az9eUOSg/SUtaV3swmN6g/9DfeYCZY06zpXpmDV1Ib3hexidrnu5FvQcUofr/FzwP+Md2KZ3rapDXcFxRGG1Pggf/N3bXpGkHJXkeAghWXn6UWObrssbcCEsTKBI9vnioP0a62tObwrLKJQMvEZDm6WDGcFmZIWmpHAXakpxdGiqqOe/NMJAneGZWTdLYFs5OUKiMVAf4UUCdM/j4W2i/h1uluqJvRlZxOsM1XK0tj3KMveWqVsJeT8MK6QESLVa7o03ZVvv92KBamNy/16N66U4imzo+23FKPJupPnaMuhYCt5nVK+2DerhtismXBrWKyIPpoAW/8L9KXPW/UzMuClDSZ7Uo2e5pZ3PTHH+EBpjbCQj1veIskTXog2KFbv0bgiXzX3oWrmlFh1D9pwg752V9ZSGOP/eZdQ/cxdOURhu+ZWPG7WgxyyX/ZVh1aZRaBRuw5FAsqhZtjhkqiWtUHznaBRgn55poux+GFkN7XxHxO7idum6ecPLF6xPNyqkvPm5lUNdfml6qP6tQfO0uQ==,iv:cswd5iTvERSH5JQUz6IT7U9+agzsS3PheG4Md71hSrY=,tag:QeBr865/eWBrZtcrE3QRYQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlOVJweE5UeUlhUkNId0w2
a1kwM1dsWjJtZUt1QmNTZmlJNHkxRHdwaFhjCnoySGZDYUVJdzNGYUNyRnRKOXIr
SktxNlNBbmRDRXdZTDFFRnRnSVpwNXcKLS0tIHJaOUwya0pqRlBRVFZvaERjQk5N
aWVQUFo3bDJpK1R6SEJpMVdmWks1dkkK50KPI/hji2aJ1CLYqtxU87oE2tsBcl+I
d+Vs4aKRjY/mpdO7NWhmeguH1boGhMaKpZlSV+TZGBtEsl7RQ6mbtQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:21Z"
mac: ENC[AES256_GCM,data:pRtlf2AnmG9ztZyXwbxR2foagCMBX8BwfhLrsoLeEpSyFLbNMKIGKMSZKaJ3r9IU7gErXh4KoUGXcg31LB80B1G+YFlICvxmlXX0MB3MmedzTi6I6N7ydFse11n3WF/XaRUhpZVE9sCyZgNxgyuhf0LTnS0FU7tauVgAERAazYE=,iv:zwojdj+/HIglNNdS/lYokVqiAvH0pTZIk5jK20oiA7c=,tag:rRi0uEIP8ag/45cv8/4FYg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1