diff --git a/.gitignore b/.gitignore index b5022e3..e86d211 100644 --- a/.gitignore +++ b/.gitignore @@ -63,12 +63,19 @@ Temporary Items # End of https://www.toptal.com/developers/gitignore/api/macos,visualstudiocode +# Sealed-secrets related + secrets.env secrets.json +registry.env +registry-secret.json + docker-config.json docker-pull-secret.json cert.yaml +# Helm template temporary output + *-template.yaml \ No newline at end of file diff --git a/charts/backend/templates/registry-secret.yaml b/charts/backend/templates/registry-secret.yaml new file mode 100644 index 0000000..44d8110 --- /dev/null +++ b/charts/backend/templates/registry-secret.yaml @@ -0,0 +1,20 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + creationTimestamp: null + name: default-registry + namespace: backend +spec: + encryptedData: + password: AgAWHAPPGChEadKCRiUYTgql9pwPKhdFeKViSd1YoYDOEiJ+KNNKmLBOQRIORnyiNH5Tz8BOO5QtjBhJ+XG3Q7MVpIrJX9mEnN+zFpIjYSXSZH2f0O9xKsdvr3XllNg0rK+vJtG8UBBmtf9Gv8T9Wm8FAp+0WAaTMIKcMnPYz21e6IVdX4RLzdZfrXDyEQyNR+L0DKL0M2zYTGt9WHRxLES7g/aHa7Sbgs4ju5fubf5nupNmgO2rf3cuUoUXmWHtxzVH1Y4yhtRGodhQKKGTcS+2CvMcAfY7JXda6soRPdxM2lpxSRTUwN1pHKPKlOcz72NLJp7T7w4FKVo/ltEg0eLlTHvMWaaqL0UzBP/bp1qk5ofOABDZBJKvtE0DjzB1Tr36aTIuKkncAAmw7ncrm7lWMLqvtlGYlZKBv9PvRfMv4fUJxLaqNwIRj+6TtkZsX9JNUcICivbqPje20tlQhXI5Duql0/Vmr7W7OjsR1wtyNasgbmsi/MRx0JrDG/hokIqg/R6NKRVo2GB4VdRtFl7WWD3fvwQd+5WzfDrygL3tNAYEMLWV4ThQ1Blj8VSYgJk2Y6dDj3o5eyo1JFNCRiULdSErgsHhuc+MMJV4HIOldQRs69KWDMOF21ZR5kfNORwjBuprpqZcSy4HWb4DqxztzssKQrk2/gZ8bkafJcnZuIWx0xMr5ngzWNBwhxEKXw+G+VW/cWm9W2gDGNyhdYUxO30VuogWIhb/wJDngyX1MOMTkhk= + username: AgCgDtCYLcqsBCgsoAAL2um8PMoRuqpMORAmYQXjqiZ7sf4OXuPcDCeeLGi0MNvxoK5urYFsmXlV6rWORLf0onaMoqG5+vhKz7jfuQwmN0mAyGuKWe//BdQSwCt2/X41hqPP27a/mfT1XP4nTeZOJOZtlgXQtq8cNwDf7hvuJb7YxDpETLUrtBowSeh6BEuuEi2Mk2S/d1wfbJMb2Hy23vLPB4y+M+sc0AWj3w1mMBtkfOs1PSmgT522p6JBPioFkOpIFaTW7TNTDeYVnMFnBHZe20+/5ZSguD+ZH8C7uvUhZW9/3n0v7sKNNwF6UyDXb5ak6qNIv6DsWbJcUTNQLW8wpScvv4y+TEdNiozmyxC/ngymkR36kXgN5LvUcIVfezZlQYESiCtlZj5QCUWLJET4vKUYS6NmgFEB2mjrua5nGQALEpPw0d8meXMOcB0kwZek4hrf/v2lFOR0ZGq3qXsCKReJZ9dG8sLBEyAjXp9UPo06ueJuCSWq+oWJpwFJYipjLxvdP8RwG/pIxMKVeauU42p6zldXQ3D9rQU810es97KUzvIjHtGajsa8ZQDbu1AIBP6CfyRi+kR1FEcEeK+dVz4PvzepNcns12V7iD9oxQO4CDXC7Hp44R4G+kpKTGmuJLmQEOvjOs8Nkc+3PskryZDPsXfxwBgWAw6kgNyqeG0qarZtO8uf5X3f2cCmgqlgkfS6 + template: + metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + creationTimestamp: null + name: default-registry + namespace: backend + diff --git a/generate-sealed-secrets.sh b/generate-sealed-secrets.sh index e92c1ef..9fb9a4c 100755 --- a/generate-sealed-secrets.sh +++ b/generate-sealed-secrets.sh @@ -1,7 +1,10 @@ kubectl create secret generic application-secret --dry-run=client --from-env-file=./secrets.env -o json > secrets.json kubeseal --controller-name so1s-sealed-secrets --controller-namespace sealed-secrets --scope cluster-wide -o yaml < secrets.json > sealed-secret.yaml +kubectl create secret generic default-registry --dry-run=client --from-env-file=./registry.env -n backend -o json > registry-secret.json +kubeseal --controller-name so1s-sealed-secrets --controller-namespace sealed-secrets --scope cluster-wide -o yaml < registry-secret.json > registry-secret.yaml + kubectl create secret docker-registry so1s --dry-run=client --from-file=.dockerconfigjson=./docker-config.json -o json > docker-pull-secret.json kubeseal --controller-name so1s-sealed-secrets --controller-namespace sealed-secrets --scope cluster-wide -o yaml < docker-pull-secret.json > docker-pull-secret.yaml -mv sealed-secret.yaml docker-pull-secret.yaml ./charts/backend/templates/ \ No newline at end of file +mv sealed-secret.yaml docker-pull-secret.yaml registry-secret.yaml ./charts/backend/templates/ \ No newline at end of file