From ff231eb41747109f3a3fb7edb46d6e535501de2e Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Mon, 27 Feb 2023 02:14:53 +0800 Subject: [PATCH] feat(hugo-test): add cloudflared Signed-off-by: JJGadgets --- .../Biohazard/2-config/3-secrets.yaml | 131 ++++++------------ .../1-clusters/Biohazard/2-config/4-vars.yaml | 6 +- .../Biohazard/2-config/5-deploy.yaml | 7 + kube/3-deploy/2-apps/hugo-test/2-secrets.yaml | 38 ----- kube/3-deploy/2-apps/hugo-test/3-install.yaml | 8 +- .../2-apps/hugo-test/4-cloudflared.yaml | 54 ++++++++ .../2-apps/hugo-test/kustomization.yaml | 1 + 7 files changed, 111 insertions(+), 134 deletions(-) delete mode 100644 kube/3-deploy/2-apps/hugo-test/2-secrets.yaml create mode 100644 kube/3-deploy/2-apps/hugo-test/4-cloudflared.yaml diff --git a/kube/1-clusters/Biohazard/2-config/3-secrets.yaml b/kube/1-clusters/Biohazard/2-config/3-secrets.yaml index f625877a..a83eabe5 100644 --- a/kube/1-clusters/Biohazard/2-config/3-secrets.yaml +++ b/kube/1-clusters/Biohazard/2-config/3-secrets.yaml @@ -4,9 +4,9 @@ metadata: name: biohazard-flux-github-ssh-key namespace: flux-system data: - identity: ENC[AES256_GCM,data:Z1qItIOsYqA96ROCluBxKu2AUVR7uSmsdFE04UIK6+aUfN4iJhUEc7W6Hqqd6NICT0gCbhZ9DAuTl6SbA/WtZSlD4wrSFU3cDbxAwUqjq7fc2VO5Hhg9CEZYwGKEwzAFNwotoyW3Tm3Jwlih/SCpW7u14BUE+xNYRUlxbKsjobOF/XmERBoWHZaMkW38UPZeuW+6Hs3NY1APZXknxGOzlg==,iv:SiARd37QOG1F2ZScdTlnwnrAesPjNIxjDPTuXZncTsE=,tag:U+QX476OYUQJ5/xlackQAQ==,type:str] - identity.pub: ENC[AES256_GCM,data:6EKjYGsZLHRPyKK00p8oMGRnN6fNqQYqoYRHy/8OYZ4j9UiRsWL/GFyNJ0ET9O9sTZN/HitwZS1qp/zv4uxDHuxgu969sZI8JweqRVidfhz7uG5116MRthLSt5GSCXQDTVJnVsUjvbwhFziL,iv:4GVFPURbvMWgrhNHaG7sKps1l2SrRO7nsW1T4j233aI=,tag:Ew8MnberHl5irMQ7ThUbMg==,type:str] - known_hosts: ENC[AES256_GCM,data:qqen+U4ADkLsjU8eBXR2WQmjhYdzlYhZUK+ZHvAKL5Hei4P8h2eFOPxJCB/vEvVySSxe472wszSXd0PMuok/SOO6j3X+YqlQPTZpiDHsMIPxzh3F7+dThGVEYVed8K/3GOYIp7wyIUo49NTb0NGe2vDc8jZzPXtMvQqhG922FMXn7v4iJBE3sRHGH3pf5MpGMJGRkIS9ilxJARMY/zgLzZPkVe53CaMOKYZ8BIxvOsRjTNfKTEHqs5EsgiJdMFplniQingXLQNp5LUj/QF6oKNa5bGF38tsu6TrsTZBYNDXuDrvd,iv:jhLp8+qF6f2gTHILpoWHLDt5tfLT2N5ASC6uEiSqmng=,tag:WblnX51AoR0BQeIMDm83BA==,type:str] + identity: ENC[AES256_GCM,data:RFsW4U172L+N9e2LsAlW5ESSYh1O2VjTZxTYY/OVPS9FvJcQSQStXSk21xIQ6PnxeNrjKR44/e20m6L4l59bRiLWaw/KAEPsdJAAHFzPU6gIfnvasbFAR/3ATc1RjctQGcKhkpsJtcqEpT3TPCZGOuEgDngc0xq5fQgztRtbu0JDXKb3fDHlvXmoN8lgtRwNqqcnpUCMg8Q64dmmhtuNcA==,iv:RI2KdjgYNuyNHgRzgWM6X7sUNu7bjJ1Zq8khbiOMmt4=,tag:THCUmBrpdadaqawf5iTo9Q==,type:str] + identity.pub: ENC[AES256_GCM,data:CXuK+5MEyGuVQNVlfNC699qdW2FmJDrUPZUuh2ZHe+tbKlTg3lgt5b0J1VjPO0TMUQpTitvgyjDV96JeRoCnUTkKcYGsCDZMX5M/t+K/S3SSgJMOYHV2+VGTwc5LC2kuK8wm/WxDARQmK3Rl,iv:1TZ9KKcKwJZDvm22qQcRfVWwYkmOXgek0mfZZInihCA=,tag:qh5hhjN8lBZC27usPpKNjA==,type:str] + known_hosts: ENC[AES256_GCM,data:JzFUDHL0EOi/WxL2hNloUgOFTXNv27On6OyMHHw6D0fp472dqyPrjrk4VtdVjTGDHSY1NVkLnNl7kZaNf3An5RwafjWqbjohueY8WsQ+044b7IZGskANmd8XCdyDwKM8g9U7uNWtviwgAhM2HkrzNJWSuIxvCpDXQQlEx3tiM1UVtFCVEnQGtcurVpk5Ijv4DhcrlyqofqOZwLC2H1eATyI6hW6Iqnt5FTic/5muteP9qN5926byid938RLWdrRqb3wNJU2xtuqZ4LhZlPmUfsC9glSk1OApYMKK/RfVGjLTd7TR,iv:wnOfzKaAskg+eVFNl0OcVAcqGWxg3KvjjdUKA+nNw5E=,tag:LcxIOc1z1A6+Ap7dF3VNHQ==,type:str] sops: kms: [] gcp_kms: [] @@ -16,24 +16,24 @@ sops: - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcm1MSGZ0U0UxWjRuSks3 - TGxyY3VBSjBMSUhEL1VWaHBRYzZwWkZLTFdrCmxjcTZPYi9yWVdYcmpUTDVkQVI4 - Qzc0cVVHc2NtQ3ZDem5VaWsxSGVGYVUKLS0tIE9YUFlDQ2pOc1JpRVVZSXV5V2lK - dEt6Y1ZES2tITFd3aUZCRlZ6UDNFL0EKWp2bySnObMJMFCyKapkQJcgXaJhqIrtA - JOshYQPuGBRvQ89TSgG2NZnHENao8WLFk4tIxW9yTNTxMH/zGTPvWA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeXMrWE01RzBHSHlHaXNW + cE9KMG5jaEZEeG9LclRqOHIvT3QrRS9TTzM4Cjg4d0orK1d6QncrdjNrVDFNRm5p + b2ZwVUJUcG5jbWxoTG1RZ2NBSFM5RW8KLS0tIDBsd1R1MzR5WURLWEMrYTFjK0Ux + UmFEd0UveklMeHpwYmJWcG91cU4xUUUKYKm5ZiuBX5d4oadXp8mNt+v0MASMRbqT + k6WGNihbkfA5z8aLnx4vR7tA4ORv70s7ALXvzZCD0m/fMnG8e9ssdA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-26T11:24:19Z" - mac: ENC[AES256_GCM,data:NOhVMJSxPP3qjmQyowec2Wn5Ss0vJ6nPZ7lcSZTuL3KcaYihDVe+zNqnnq6uBMZuKVafmUZgdxGVBMvQpsSjiEqmpDLVbamIoUyVtfu0qKT7jUyQqPkP5uGQa+4Y2qSHclzMhlOfX3q9VKItDrLM8XHebPNt0FAcnDpekir+8qk=,iv:lcm2nER/j4VTq0EOgfw+Ir/HL4OBrMqPgw/sgiDFFsY=,tag:Lf3C4cpxdewLkbckE476yQ==,type:str] + lastmodified: "2023-02-26T18:12:44Z" + mac: ENC[AES256_GCM,data:v+gykqgTjK3oQi21TMAM1VTXiW19QNay+nOo3Ou3EL79C6wVEX8U7MSHR/6t4LbcfVqzI+O66/VkV8rx8gOtId2A3TrgmR2At9FQQ/vkgUbmuXENBpyGe5hOuT2eQnPsgN+FjPIqR3PZxLfY5GgesDsj/RTs5uQm+njFl+OdUwU=,iv:LLyw2K0hOHhNYtE6A1m3q3lK16lsRhP7zAZABb1FH4E=,tag:G4hGY7ZCnucuBb8dGLqozw==,type:str] pgp: - - created_at: "2023-02-26T11:24:18Z" + - created_at: "2023-02-26T18:12:43Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAlSYcf1No8zLF8ZrTMNyGBonjWQG7DOMDR0GJHMjOcygw - XyyKZ5i6EOmWeMCi5WEqJlK1vFOQRBhyzkvAUU6QYdR1NNDUqcRck6oQ3Nmmy4ID - 0l4BeqBQZ5aTTUTnU++uoC5jZFPEGAdHLxgomt9iVyj+9wI8VrmukCIHPTk8sNCW - 2zyXrH7iWK7zBgaY/Sk7LNXAwj7MvCfjVCXsU+X0eBtL4Z0v1SS6uPbsju3KdjtD - =ARWj + hF4DAAAAAAAAAAASAQdAQUq9YeKzVuiJzH+x8GkoeSzzL9XDQh2P9oLHv1U/vEcw + 7XSvNa6VkyDsST2+YLeja1TGyqiQUofHzTKmclN9QAFHyVcOjOs7gQ3dqwzEcA4Y + 0l4Beu5Ek/6r99UrMxrmGzSyNUxrTc+41FKH1VVHobSnC1CO8Qfql+GdikUMoBWL + ZwoxmhuHZfO/1AvWb8EgwAJcfCB3GjKtCbUxGEcgRyVJm8hxnfsUottVtGUCsdtN + =v630 -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(NETBIRD_AUTH_AUDIENCE|NETBIRD_AUTH_CLIENT_ID|NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID|NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT|NETBIRD_DOMAIN|NETBIRD_MGMT_DNS_DOMAIN|WHOOGLE_CONFIG_URL|ZT_ALLOW_MANAGEMENT_FROM|ZU_CONTROLLER_ENDPOINT|ZU_DEFAULT_PASSWORD|ZU_DEFAULT_USERNAME|addresses|clusterDomain|commonName|config.yaml|data|dnsNames|dnsZones|domain|email|externalIPs|host|hosts|ip|ipv4NativeRoutingCIDR|k8sServiceHost|loadBalancerIP|my-asn|nameservers|peer-address|peer-asn|secretName|stringData|whitelist-source-range)$ @@ -45,7 +45,7 @@ metadata: name: biohazard-secrets-decrypt-sops-age namespace: flux-system data: - age.agekey: ENC[AES256_GCM,data:u+xt0bXsPzBdUP0od9kXyWb6OV1sk11hethDQgWz+eE2TguUtlTgtqdWu4rmubLapvnKWAWjzrOuTIMxZQAB9FWjH3/78S60XrabOJOGMVwS7iTX2YRcQnlovIjqLv4gfcRNbLH2x+JTheT/U7ZBbw5NFu0AjVLzdm1TuMFqHbREdi5JYfm2EiWCAh7QL/xWImqBkq7i6FP4b+EZ5aMcfmPU74IqFlGDIoVlCTfMnSEqpQe8nLXywjZfhLNc6Ecgh7vJ1nYQJoYpV+JJh1tb4h+mb49mfeH2zvOef2YDIK8F0uhIBvBxfXnjYYncMWYujuRAoZhV65KOh2JY,iv:DztiDErsOrgIC0MoqXA2qdtbteKwAehDrrUKwPnzXGE=,tag:/KrQQMYqpzHkoyC7r5AcLQ==,type:str] + age.agekey: ENC[AES256_GCM,data:wv5tjeWMyGPVLO6Y0VEy46vzmdn35JI2HV1ltOX/PgP9yDcqTGvDPVQLD4PNWUZHFHA/87tm0A6g/t3tev/t5SotNuQyI9vM3hiz5IvEdk1kCh+X5wuD37sOwtsczkGBOnBUusFSqHFFJlb1aTrmqiA6LQUXSWSULs9BPq3kBtzU+gO+LJcL2XxviUMDz+mMSBiydXmAJESbSVlmtytz2l+vq5ce/ArTx7/CdhG2tr7AoiFk1aHwJ5lOy2V1mprpdfY5YJ8VPcBYocNd3jDDw8YxT8pG5t1V0LfhQAFxZI8kaIJ87C6JMYF3+xRw4OG0YYyqmdzFjeQIwWcw,iv:kTKRG6Nvs2MXOcnfBBbAha52xDnqe9HjG2AToXIB/k0=,tag:hPi27FQC5wPJtPfI8GKKVw==,type:str] sops: kms: [] gcp_kms: [] @@ -55,24 +55,24 @@ sops: - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcm1MSGZ0U0UxWjRuSks3 - TGxyY3VBSjBMSUhEL1VWaHBRYzZwWkZLTFdrCmxjcTZPYi9yWVdYcmpUTDVkQVI4 - Qzc0cVVHc2NtQ3ZDem5VaWsxSGVGYVUKLS0tIE9YUFlDQ2pOc1JpRVVZSXV5V2lK - dEt6Y1ZES2tITFd3aUZCRlZ6UDNFL0EKWp2bySnObMJMFCyKapkQJcgXaJhqIrtA - JOshYQPuGBRvQ89TSgG2NZnHENao8WLFk4tIxW9yTNTxMH/zGTPvWA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeXMrWE01RzBHSHlHaXNW + cE9KMG5jaEZEeG9LclRqOHIvT3QrRS9TTzM4Cjg4d0orK1d6QncrdjNrVDFNRm5p + b2ZwVUJUcG5jbWxoTG1RZ2NBSFM5RW8KLS0tIDBsd1R1MzR5WURLWEMrYTFjK0Ux + UmFEd0UveklMeHpwYmJWcG91cU4xUUUKYKm5ZiuBX5d4oadXp8mNt+v0MASMRbqT + k6WGNihbkfA5z8aLnx4vR7tA4ORv70s7ALXvzZCD0m/fMnG8e9ssdA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-26T11:24:19Z" - mac: ENC[AES256_GCM,data:NOhVMJSxPP3qjmQyowec2Wn5Ss0vJ6nPZ7lcSZTuL3KcaYihDVe+zNqnnq6uBMZuKVafmUZgdxGVBMvQpsSjiEqmpDLVbamIoUyVtfu0qKT7jUyQqPkP5uGQa+4Y2qSHclzMhlOfX3q9VKItDrLM8XHebPNt0FAcnDpekir+8qk=,iv:lcm2nER/j4VTq0EOgfw+Ir/HL4OBrMqPgw/sgiDFFsY=,tag:Lf3C4cpxdewLkbckE476yQ==,type:str] + lastmodified: "2023-02-26T18:12:44Z" + mac: ENC[AES256_GCM,data:v+gykqgTjK3oQi21TMAM1VTXiW19QNay+nOo3Ou3EL79C6wVEX8U7MSHR/6t4LbcfVqzI+O66/VkV8rx8gOtId2A3TrgmR2At9FQQ/vkgUbmuXENBpyGe5hOuT2eQnPsgN+FjPIqR3PZxLfY5GgesDsj/RTs5uQm+njFl+OdUwU=,iv:LLyw2K0hOHhNYtE6A1m3q3lK16lsRhP7zAZABb1FH4E=,tag:G4hGY7ZCnucuBb8dGLqozw==,type:str] pgp: - - created_at: "2023-02-26T11:24:18Z" + - created_at: "2023-02-26T18:12:43Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAlSYcf1No8zLF8ZrTMNyGBonjWQG7DOMDR0GJHMjOcygw - XyyKZ5i6EOmWeMCi5WEqJlK1vFOQRBhyzkvAUU6QYdR1NNDUqcRck6oQ3Nmmy4ID - 0l4BeqBQZ5aTTUTnU++uoC5jZFPEGAdHLxgomt9iVyj+9wI8VrmukCIHPTk8sNCW - 2zyXrH7iWK7zBgaY/Sk7LNXAwj7MvCfjVCXsU+X0eBtL4Z0v1SS6uPbsju3KdjtD - =ARWj + hF4DAAAAAAAAAAASAQdAQUq9YeKzVuiJzH+x8GkoeSzzL9XDQh2P9oLHv1U/vEcw + 7XSvNa6VkyDsST2+YLeja1TGyqiQUofHzTKmclN9QAFHyVcOjOs7gQ3dqwzEcA4Y + 0l4Beu5Ek/6r99UrMxrmGzSyNUxrTc+41FKH1VVHobSnC1CO8Qfql+GdikUMoBWL + ZwoxmhuHZfO/1AvWb8EgwAJcfCB3GjKtCbUxGEcgRyVJm8hxnfsUottVtGUCsdtN + =v630 -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(NETBIRD_AUTH_AUDIENCE|NETBIRD_AUTH_CLIENT_ID|NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID|NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT|NETBIRD_DOMAIN|NETBIRD_MGMT_DNS_DOMAIN|WHOOGLE_CONFIG_URL|ZT_ALLOW_MANAGEMENT_FROM|ZU_CONTROLLER_ENDPOINT|ZU_DEFAULT_PASSWORD|ZU_DEFAULT_USERNAME|addresses|clusterDomain|commonName|config.yaml|data|dnsNames|dnsZones|domain|email|externalIPs|host|hosts|ip|ipv4NativeRoutingCIDR|k8sServiceHost|loadBalancerIP|my-asn|nameservers|peer-address|peer-asn|secretName|stringData|whitelist-source-range)$ @@ -84,10 +84,8 @@ metadata: name: biohazard-secrets namespace: flux-system stringData: - TEST: ENC[AES256_GCM,data:KZpmB4clC4WLAbgq,iv:OumuDYe+Ke69aV3KbWBgMIYX89qTQ7OloZvyncaPQf4=,tag:k0Nwtq9wdndFhBhdO7AwRA==,type:str] - SECRET_SANDSTORM_ADMIN_PASSWORD: ENC[AES256_GCM,data:3u2adhVdsNcG5Eq6sNMb,iv:a97htEJFdTk3UAlp8XqsTKgW+KCNHiwJwSi6Ku9BbNk=,tag:Zf6Ug9LcX7fWaYHcXHh1Iw==,type:str] -data: - SECRET_HUGO_TEST_CODE_SERVER_GIT: ENC[AES256_GCM,data:BOSNLeYuNm3Cy77daTCE1bTtUf93ArWLOO/CzGIJTNnirNZPdZs4A2Da4cqhlUEAlFnBQF2xr9WYH7DzOytOqDQKXW0w96xyHnft3qDpfy5WpNyreFd7hX5hUxXTYrea2pB0OGSXFb3mbDtyTwqsOx6f0joRik7s9ypepk9FV/rTpA3B7W+IHYwN6LvNgJWvh1m0S4YMU5CEtPXiptQh+2zrW8NDSMdtSgi5q0u1Aa/qN1j4AcF+xYqUKzy2MznkU8KuBOi1hwUx7A3NEEfLaZdk5EmtRD43qV+MqGzP0YD+gDPIvjOAuKCP8W1aAjcOilvyGlLr24MiigoVohE/hn9Xa9iQTddI7fMmiIwk2flnb+2eVlbS2csiUpUvtNxtuTLmXr8otQL+iTSdCmpEenf2VdtG0QpYuIrf3P8ku8hvKhCKmbEpSg9MbAx0FIp09UsVCMr6TpGBdI+z7Yd61Zhk/XpwiFQbHB4q+dm/fLPPHyUTgEKBDjgYC7azkuPKnPG8rl9JLpDA9wQS5BmvjrY9QLAphzpHDkRr2pPiIqbnCWc1ShU85FDkYL9q/CNflkfHsBCSD//QU779DeZ0xCtrdB6lLJ5A0OUzQ/VRu+64334o9KJuekqaF/KXaKFlDoK/y9BmLp5qoSmtyDzfVARHzWvYtMxno5JJav5iL3ID2bulax7kqAMk2WgCleHlHSnBMh5D015QS4d+euEpRTSiKow=,iv:BZgtyrizIKmfkhfyH6ypD8fl8IJvpFAuv3adUTYzB8E=,tag:suTeM7AgQ89Q8m2exRdcgg==,type:str] + TEST: ENC[AES256_GCM,data:Hg7qUIV8/LcdFZT2,iv:jgNFUecJhj9EgkFCexym843VQUJQJVHW2Ne4H59BUa4=,tag:G/D7ZjLSkNQAJN4TOMSaaw==,type:str] + SECRET_SANDSTORM_ADMIN_PASSWORD: ENC[AES256_GCM,data:iYMzuIT3l8Na9R+ivzw/,iv:aSz/PDfnf5NjprFP0F/8MSCHbSNvW1jPKGO3OXM63wE=,tag:TXpMceEeEQMDpSpSwkihTA==,type:str] sops: kms: [] gcp_kms: [] @@ -97,63 +95,24 @@ sops: - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcm1MSGZ0U0UxWjRuSks3 - TGxyY3VBSjBMSUhEL1VWaHBRYzZwWkZLTFdrCmxjcTZPYi9yWVdYcmpUTDVkQVI4 - Qzc0cVVHc2NtQ3ZDem5VaWsxSGVGYVUKLS0tIE9YUFlDQ2pOc1JpRVVZSXV5V2lK - dEt6Y1ZES2tITFd3aUZCRlZ6UDNFL0EKWp2bySnObMJMFCyKapkQJcgXaJhqIrtA - JOshYQPuGBRvQ89TSgG2NZnHENao8WLFk4tIxW9yTNTxMH/zGTPvWA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeXMrWE01RzBHSHlHaXNW + cE9KMG5jaEZEeG9LclRqOHIvT3QrRS9TTzM4Cjg4d0orK1d6QncrdjNrVDFNRm5p + b2ZwVUJUcG5jbWxoTG1RZ2NBSFM5RW8KLS0tIDBsd1R1MzR5WURLWEMrYTFjK0Ux + UmFEd0UveklMeHpwYmJWcG91cU4xUUUKYKm5ZiuBX5d4oadXp8mNt+v0MASMRbqT + k6WGNihbkfA5z8aLnx4vR7tA4ORv70s7ALXvzZCD0m/fMnG8e9ssdA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-26T11:24:19Z" - mac: ENC[AES256_GCM,data:NOhVMJSxPP3qjmQyowec2Wn5Ss0vJ6nPZ7lcSZTuL3KcaYihDVe+zNqnnq6uBMZuKVafmUZgdxGVBMvQpsSjiEqmpDLVbamIoUyVtfu0qKT7jUyQqPkP5uGQa+4Y2qSHclzMhlOfX3q9VKItDrLM8XHebPNt0FAcnDpekir+8qk=,iv:lcm2nER/j4VTq0EOgfw+Ir/HL4OBrMqPgw/sgiDFFsY=,tag:Lf3C4cpxdewLkbckE476yQ==,type:str] + lastmodified: "2023-02-26T18:12:44Z" + mac: ENC[AES256_GCM,data:v+gykqgTjK3oQi21TMAM1VTXiW19QNay+nOo3Ou3EL79C6wVEX8U7MSHR/6t4LbcfVqzI+O66/VkV8rx8gOtId2A3TrgmR2At9FQQ/vkgUbmuXENBpyGe5hOuT2eQnPsgN+FjPIqR3PZxLfY5GgesDsj/RTs5uQm+njFl+OdUwU=,iv:LLyw2K0hOHhNYtE6A1m3q3lK16lsRhP7zAZABb1FH4E=,tag:G4hGY7ZCnucuBb8dGLqozw==,type:str] pgp: - - created_at: "2023-02-26T11:24:18Z" + - created_at: "2023-02-26T18:12:43Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAlSYcf1No8zLF8ZrTMNyGBonjWQG7DOMDR0GJHMjOcygw - XyyKZ5i6EOmWeMCi5WEqJlK1vFOQRBhyzkvAUU6QYdR1NNDUqcRck6oQ3Nmmy4ID - 0l4BeqBQZ5aTTUTnU++uoC5jZFPEGAdHLxgomt9iVyj+9wI8VrmukCIHPTk8sNCW - 2zyXrH7iWK7zBgaY/Sk7LNXAwj7MvCfjVCXsU+X0eBtL4Z0v1SS6uPbsju3KdjtD - =ARWj - -----END PGP MESSAGE----- - fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 - encrypted_regex: ^(NETBIRD_AUTH_AUDIENCE|NETBIRD_AUTH_CLIENT_ID|NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID|NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT|NETBIRD_DOMAIN|NETBIRD_MGMT_DNS_DOMAIN|WHOOGLE_CONFIG_URL|ZT_ALLOW_MANAGEMENT_FROM|ZU_CONTROLLER_ENDPOINT|ZU_DEFAULT_PASSWORD|ZU_DEFAULT_USERNAME|addresses|clusterDomain|commonName|config.yaml|data|dnsNames|dnsZones|domain|email|externalIPs|host|hosts|ip|ipv4NativeRoutingCIDR|k8sServiceHost|loadBalancerIP|my-asn|nameservers|peer-address|peer-asn|secretName|stringData|whitelist-source-range)$ - version: 3.7.3 ---- -apiVersion: v1 -kind: Secret -metadata: - name: codeserver - namespace: hugo-test -data: - id_rsa: ENC[AES256_GCM,data:NPHaPwwCXECZu2uw4UgRx0ccBtbet+9iPuLb8jejxK0XMA4Jy+YDQswIWFVqaI8MqBg9xxKC+mjoQDbQeeJtNQGuLbxfjZRRkU7seb6L9eq5/G78eo9ibRAJWV5xcIbSC/Ddh1JapE7lNb/VxyaxtPRFA9uVx3w0wKXEbv6yRahmHVEZokraJFKDloN7+q988n0CcCyTob/jRiJ6k8bQcEMYGzn3u/+h1qMwviRI+7wMD2o0k2/sgiGZN7cEYd9N/BRanMdFWZ8yFcecTznwImq6AsSPuczT1GxtoyaW2JC+5YNjlrKjQzcKMYiYlJGrKkaMOm1NyuGl855fyWqAPv3XVqmO9dBiQfjkMLvMfLeR046N3tBg4bdfRQAOuvgq/ACAaWBoJP5OkOugnJcDNbmxr6GEYEY4hphUmSD66LjRu/Wnyex1p8nOx6r0pE5u0iFCcRZdyUIG9IYHoOh3ufm3dJOOxFrXrCESq0tMBPH/BAHxHqGgRGZnR0wsURouBxsQjrjj9zJeeyBC126XuhwAs/ffOl/YokVJBTymejxPRC6j9SNBncAVRexFhmi1o3ZH1tAMoAjiYpzOfdwCwdjfUlz/6z6d1O+il1DvMQ+/XyiEP5I3jKbToXcOThnuhUehmvyZ9Phu8HsY/zHaVUOCUu2/s4W6HYI9tgzpuQZwOUwl3I7dVW3diepJka4TwNQzkwQ4NwN3zin5bVTCvYLkKIE=,iv:YmgY/1g8NlcizinvegZoDrHvZHvuiS69MVEa7Wa6/UE=,tag:ldCc9pCHYuwJbltQOFc1qA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcm1MSGZ0U0UxWjRuSks3 - TGxyY3VBSjBMSUhEL1VWaHBRYzZwWkZLTFdrCmxjcTZPYi9yWVdYcmpUTDVkQVI4 - Qzc0cVVHc2NtQ3ZDem5VaWsxSGVGYVUKLS0tIE9YUFlDQ2pOc1JpRVVZSXV5V2lK - dEt6Y1ZES2tITFd3aUZCRlZ6UDNFL0EKWp2bySnObMJMFCyKapkQJcgXaJhqIrtA - JOshYQPuGBRvQ89TSgG2NZnHENao8WLFk4tIxW9yTNTxMH/zGTPvWA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-26T11:24:19Z" - mac: ENC[AES256_GCM,data:NOhVMJSxPP3qjmQyowec2Wn5Ss0vJ6nPZ7lcSZTuL3KcaYihDVe+zNqnnq6uBMZuKVafmUZgdxGVBMvQpsSjiEqmpDLVbamIoUyVtfu0qKT7jUyQqPkP5uGQa+4Y2qSHclzMhlOfX3q9VKItDrLM8XHebPNt0FAcnDpekir+8qk=,iv:lcm2nER/j4VTq0EOgfw+Ir/HL4OBrMqPgw/sgiDFFsY=,tag:Lf3C4cpxdewLkbckE476yQ==,type:str] - pgp: - - created_at: "2023-02-26T11:24:18Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hF4DAAAAAAAAAAASAQdAlSYcf1No8zLF8ZrTMNyGBonjWQG7DOMDR0GJHMjOcygw - XyyKZ5i6EOmWeMCi5WEqJlK1vFOQRBhyzkvAUU6QYdR1NNDUqcRck6oQ3Nmmy4ID - 0l4BeqBQZ5aTTUTnU++uoC5jZFPEGAdHLxgomt9iVyj+9wI8VrmukCIHPTk8sNCW - 2zyXrH7iWK7zBgaY/Sk7LNXAwj7MvCfjVCXsU+X0eBtL4Z0v1SS6uPbsju3KdjtD - =ARWj + hF4DAAAAAAAAAAASAQdAQUq9YeKzVuiJzH+x8GkoeSzzL9XDQh2P9oLHv1U/vEcw + 7XSvNa6VkyDsST2+YLeja1TGyqiQUofHzTKmclN9QAFHyVcOjOs7gQ3dqwzEcA4Y + 0l4Beu5Ek/6r99UrMxrmGzSyNUxrTc+41FKH1VVHobSnC1CO8Qfql+GdikUMoBWL + ZwoxmhuHZfO/1AvWb8EgwAJcfCB3GjKtCbUxGEcgRyVJm8hxnfsUottVtGUCsdtN + =v630 -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(NETBIRD_AUTH_AUDIENCE|NETBIRD_AUTH_CLIENT_ID|NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID|NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT|NETBIRD_DOMAIN|NETBIRD_MGMT_DNS_DOMAIN|WHOOGLE_CONFIG_URL|ZT_ALLOW_MANAGEMENT_FROM|ZU_CONTROLLER_ENDPOINT|ZU_DEFAULT_PASSWORD|ZU_DEFAULT_USERNAME|addresses|clusterDomain|commonName|config.yaml|data|dnsNames|dnsZones|domain|email|externalIPs|host|hosts|ip|ipv4NativeRoutingCIDR|k8sServiceHost|loadBalancerIP|my-asn|nameservers|peer-address|peer-asn|secretName|stringData|whitelist-source-range)$ diff --git a/kube/1-clusters/Biohazard/2-config/4-vars.yaml b/kube/1-clusters/Biohazard/2-config/4-vars.yaml index d7a32c4a..400f28e3 100644 --- a/kube/1-clusters/Biohazard/2-config/4-vars.yaml +++ b/kube/1-clusters/Biohazard/2-config/4-vars.yaml @@ -30,8 +30,6 @@ data: APP_IP_SANDSTORM: ENC[AES256_GCM,data:2V+Dy1c3hOepKEo=,iv:l1nv+BrnEjsrvdONhBY9EgA8lSO2Nmtdr7Ktl9twfT4=,tag:ls8DbeJnvdwZhUA+deP02Q==,type:str] APP_DNS_SANDSTORM: ENC[AES256_GCM,data:dc/OufmvPkYMRg==,iv:8GUBWGGdEJ5A+wYFaLJljYYn3hUlpH9/cGy6641GDEw=,tag:gE3j/iytsqPKUm+R1g3suQ==,type:str] APP_DNS_AUTH: ENC[AES256_GCM,data:A67gznl/VxXxPiMh9zH1fa8VQA==,iv:oCCxFDb7Uo+AfXtuOf8L8Cukm4VAWzL92w8VgJp40dM=,tag:xFCS9csJIFvJ9XufVrq4Rg==,type:str] - APP_DNS_HUGO_TEST: ENC[AES256_GCM,data:smTPKmBvi6auJ+Xt,iv:URrZRLrslY5dR9+jSOipFmvmfK8B0tGL9O+XpkdVgzI=,tag:mPA9C5HPW0YJX4COIif6iw==,type:str] - APP_DNS_HUGO_TEST_VSCODE: ENC[AES256_GCM,data:WncE/VSy6DkCEnhuMyY3kg==,iv:/eoTpz1yNNTvWuPodLlP70kw1BWwZrgUTpI+BGyg6ws=,tag:Wp5oxJjwYCYQ03KA80rRrg==,type:str] CONFIG_MINECRAFT_OPS: ENC[AES256_GCM,data:BKfjfUQQXd025nNZCHQki/SeqiMQVCUP9tCkmNwUgfvj7XK6,iv:7+tp1IJ06UfZt53HLnFOByrTWFY31AHiQwjrrUS4OqI=,tag:TSvw3notEqgPIORTWHwUBw==,type:str] CONFIG_MINECRAFT_ICON: ENC[AES256_GCM,data:AINTGnjPbWZCVJKdL4Mx8bBhOUnQU2BEhqr0730/OJATkKBzcvxf7R9HlX37uFI=,iv:HsvxmHYUb350vSulAVdBHonB6cA+0pu03t5BaU8EuUs=,tag:gGr7OY++7+yuZ36TwXcbaA==,type:str] CONFIG_MINECRAFT_NAME: ENC[AES256_GCM,data:zhsyGymdQKgeX58X2Q==,iv:dGbrb4ZytcRpj4ie9dzM2TUVnzC4YQvCey+/G9uFcGs=,tag:IpFutt4G5JMP4hUIOgbqqw==,type:str] @@ -54,8 +52,8 @@ sops: SnpvS3RUUlFMM1dUNGZQNkVqQ2VqNDAKywch6CgtS1AFLYxfML5dB7/5V6qZ0ob1 63vBpqjOza3EqvfNKo+UMtK/fRK0Q5jlpuI+0/z9VrxzKEWsgUCBVQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-26T11:48:09Z" - mac: ENC[AES256_GCM,data:W2c4HeSCEoOeyaTuqZeLm/azrksOkIRVgDeqWQQzf/YxIQqegoB4QQoMdVHdcs6PtGfPjTTdMdT3nD9OWocM+uwy8vqfoXLNYGiupSXDRrTxpTQsVFvekO2RysU5Gj2KsY35UPzQ4JQqrwwQbQ69tzbYg2aKIr18cXRHy8AZXQs=,iv:hp4iGTAnlD/eghh02kUBzikG6jHnLctmi0E1eD2JdXE=,tag:JEFf0lcJxL0j4gjQRCA+Sg==,type:str] + lastmodified: "2023-02-26T18:06:26Z" + mac: ENC[AES256_GCM,data:9+b3qv9G/DE02nz9k5r3Ti2Yx45ECntx4Apt8ChmB5nWYWQEoLfHdyjLiaP4NwhhCkp1Ebz/ZDfaQFy02nn85y1tWP22a4EzSRjMHoWtf1Wrb6OZoejsiDCuwM1A0TQCLiWR88IqoO6TXcNm8jui9KrznB/pef3Q0VfBnDALShE=,iv:4hh1GZv26OwfiRRsWW9Cz7tjtdgXd3nUgKwTpTazaLc=,tag:8I7gd2DO6aMZDI1Z/7LA7A==,type:str] pgp: - created_at: "2023-02-22T08:12:31Z" enc: | diff --git a/kube/1-clusters/Biohazard/2-config/5-deploy.yaml b/kube/1-clusters/Biohazard/2-config/5-deploy.yaml index 1cce1ef3..5e5fa8c7 100644 --- a/kube/1-clusters/Biohazard/2-config/5-deploy.yaml +++ b/kube/1-clusters/Biohazard/2-config/5-deploy.yaml @@ -230,9 +230,16 @@ kind: Kustomization metadata: name: biohazard-2-apps-hugo-test namespace: flux-system + labels: + substitution.flux.home.arpa/disabled: "true" spec: path: ./kube/3-deploy/2-apps/hugo-test dependsOn: - name: biohazard-1-core-02-storage-rook-ceph - name: biohazard-1-core-04-dns - name: biohazard-1-core-05-ingress-nginx + postBuild: + substituteFrom: + - kind: Secret + name: hugo-test-secrets + optional: false diff --git a/kube/3-deploy/2-apps/hugo-test/2-secrets.yaml b/kube/3-deploy/2-apps/hugo-test/2-secrets.yaml deleted file mode 100644 index 63b713d5..00000000 --- a/kube/3-deploy/2-apps/hugo-test/2-secrets.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: codeserver - namespace: hugo-test -data: - id_rsa: ENC[AES256_GCM,data:hWAGIyHDNaGJ1Vb8SnDbH5OSoZuPBUh8Vm5VFyasoJMsKpo=,iv:jIaLGlqKkR1cd0gMJCyG52fBxIryLQ+F+NN54lFgOpk=,tag:fJvXxuzkUhyqVYJvX3LRJQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHaVhReUxxMTVyWXRRRktt - VXRuK3pDRTBUaEd0RlY5NUVVN3ZnLzdMZmk4Cm0zUlczc3hkaFhwTnBEUVNNZW1K - S21NeXZROCtpejNnM24xTDc4M1grQ0kKLS0tICtHWlQ1ZFZXNS9aUUY4ZThxckM3 - MVpkeS9UWVFoT0VxUTJURmJvejFKNUUKA7SYSvElQvJtK1Q1rWojHuB2QvPaFukC - 6BzbJbUUww7zH1zlku7NAEN7jcXx+Y1w3t9Nn2BSe+rArO5nr0thcg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-26T11:27:40Z" - mac: ENC[AES256_GCM,data:mMqULwoqC1LUGEDSEBWMeK+///2hbOaxXWQFxluDeK6dTOnLbyIzt04wyGujExjU7czFh+ASwz47OkIUgoukEKDnEsVpjAsBRx7lh7p+xGfQdVOT+bUqE93x99UZ5V7ysCPMi9fkv5SmKfsep/74BJ5y9m5dYF36yliZlGMJ6ZU=,iv:/VzLh5SKyECH+HKGJPuz/WLKH+oR10WeNKuoAr7aUIw=,tag:v6lZLZ0fBpBQX1RongRi8g==,type:str] - pgp: - - created_at: "2023-02-26T11:27:39Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hF4DAAAAAAAAAAASAQdA4Yuv+E1XdItCc86bLrmqiJ5DMB0n9xmXaVXNOSKQgXgw - yScZ61b351fN8kXqLcDwfso9zAtKTj059e/eukhEqVohhCozyzGb6rwZrTIAsDYD - 0l4BRUNwfL4maaHVoVq+CcWwpvA99p/VfEJgo0lizsnf4O1cev9E0qj6f3RCGJat - M7Fu+304VQOe4NRYjt+xPHSEpAh6pZ2d8yUvx3DZlWdtqMalY+nRjYl+3Su9ihTW - =fW7E - -----END PGP MESSAGE----- - fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 - encrypted_regex: ^(NETBIRD_AUTH_AUDIENCE|NETBIRD_AUTH_CLIENT_ID|NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID|NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT|NETBIRD_DOMAIN|NETBIRD_MGMT_DNS_DOMAIN|WHOOGLE_CONFIG_URL|ZT_ALLOW_MANAGEMENT_FROM|ZU_CONTROLLER_ENDPOINT|ZU_DEFAULT_PASSWORD|ZU_DEFAULT_USERNAME|addresses|clusterDomain|commonName|config.yaml|data|dnsNames|dnsZones|domain|email|externalIPs|host|hosts|ip|ipv4NativeRoutingCIDR|k8sServiceHost|loadBalancerIP|my-asn|nameservers|peer-address|peer-asn|secretName|stringData|whitelist-source-range)$ - version: 3.7.3 diff --git a/kube/3-deploy/2-apps/hugo-test/3-install.yaml b/kube/3-deploy/2-apps/hugo-test/3-install.yaml index 870480d9..667bcb2b 100644 --- a/kube/3-deploy/2-apps/hugo-test/3-install.yaml +++ b/kube/3-deploy/2-apps/hugo-test/3-install.yaml @@ -13,7 +13,7 @@ spec: fullNameOverride: hugo-test image: repository: docker.io/klakegg/hugo - tag: 0.107.0-debian-ci + tag: 0.107.0-ext-debian-ci command: ["hugo"] args: ["server"] env: @@ -23,6 +23,7 @@ spec: enabled: true type: pvc retain: true + readOnly: false storageClass: block size: 5Gi mountPath: /src @@ -48,11 +49,6 @@ spec: paths: - path: / pathType: Prefix - - path: "/outpost.goauthentik.io" - pathType: Prefix - backend: - service: - name: authentik tls: - hosts: - "${APP_DNS_HUGO_TEST_VSCODE}" diff --git a/kube/3-deploy/2-apps/hugo-test/4-cloudflared.yaml b/kube/3-deploy/2-apps/hugo-test/4-cloudflared.yaml new file mode 100644 index 00000000..1736d68b --- /dev/null +++ b/kube/3-deploy/2-apps/hugo-test/4-cloudflared.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: cloudflared + namespace: hugo-test + labels: + helm.flux.home.arpa/app-template: "true" +spec: + values: + controller: + strategy: RollingUpdate + image: + repository: cloudflare/cloudflared + tag: 2023.2.1-amd64 + args: + - tunnel + - --config + - /etc/cloudflared/config.yaml + - run + service: + main: + enabled: false + persistence: + config: + enabled: true + type: configMap + name: cloudflared-config + mountPath: /etc/cloudflared/config.yaml + subPath: config.yaml + readOnly: true + credentials: + enabled: true + type: secret + name: cloudflared-credentials + mountPath: /etc/cloudflared/credentials.json + subPath: credentials.json + readOnly: true + configMaps: + config: + enabled: true + data: + config.yaml: | + tunnel: "${SECRET_CLOUDFLARE_TUNNEL_HUGO_TEST_ID}" + credentials-file: /etc/cloudflared/credentials.json + no-autoupdate: true + ingress: + - hostname: ${APP_DNS_CF_HUGO_TEST_HELLO} + service: hello_world + - hostname: ${APP_DNS_CF_HUGO_TEST} + service: http://hugo-test:1313 + - hostname: ${APP_DNS_CF_HUGO_TEST_VSCODE} + service: http://hugo-test-addon-codeserver:12321 + - service: http_status:200 diff --git a/kube/3-deploy/2-apps/hugo-test/kustomization.yaml b/kube/3-deploy/2-apps/hugo-test/kustomization.yaml index b9677f6d..6cfe64aa 100644 --- a/kube/3-deploy/2-apps/hugo-test/kustomization.yaml +++ b/kube/3-deploy/2-apps/hugo-test/kustomization.yaml @@ -5,3 +5,4 @@ resources: - 1-namespace.yaml # - 2-secrets.yaml - 3-install.yaml + - 4-cloudflared.yaml