add vars

2024-11-18 00:25:01 +01:00 · 2024-11-18 00:25:01 +01:00 · 819cddc2c0
commit 819cddc2c0
parent f22b700704
7 changed files with 36 additions and 1 deletions
--- a/vars/ks.yaml
+++ b/vars/ks.yaml
@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app vars
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  targetNamespace: ${TENANT_NAMESPACE}
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./vars/${TENANT_NAMESPACE}
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: tenant-repos
+  wait: false
+  interval: 10m
+  retryInterval: 1m
+  timeout: 5m
--- a/vars/tenant_name/.gitkeep
+++ b/vars/tenant_name/.gitkeep
--- a/vars/tenant_name/.sops.yaml
+++ b/vars/tenant_name/.sops.yaml
@ -0,0 +1,24 @@
+---
+
+# This example uses YAML anchors which allows reuse of multiple keys 
+# without having to repeat yourself.
+# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
+# for a more complex example.
+keys:
+  age:
+  - &cluster_age_key age13jnzxrtrghlh8zvc9q3d8yd2a9xdp8jset72l8dwz6pept3j3c0qkmxd47
+creation_rules:
+  - path_regex: .+secret(\.sops)?\.ya?ml
+    input_type: yaml
+    encrypted_regex: ^(data|stringData)$
+    key_groups:
+      - age: &key_groups
+          - *cluster_age_key
+  - path_regex: .+secret(\.sops)?\.env
+    input_type: env
+    key_groups:
+      - age: *key_groups
+stores:
+  yaml:
+    indent: 2
+
--- a/vars/tenant_name/README.md
+++ b/vars/tenant_name/README.md
@ -0,0 +1,5 @@
+# Settings and Secrets
+
+Add here settings that depend on the tenant name. This is needed when you include this git ${REPO_NAME} into multiple tenants. You need to ensure this folder is called the same way as the kvant tenant you got.
+
+You can add Config Maps and secrets to this folder. The secrets should be encripted using SOPS (see [WIKI](https://git.kvant.cloud/phoenix/tenant-tpl/wiki/Tenant--Wiki)). Please do not forget adding your own key to the [.sops.yaml](.sops.yaml) before encrypting your secrets if you want to be able to edit them afterwards.
--- a/vars/tenant_name/cluster-settings.yaml
+++ b/vars/tenant_name/cluster-settings.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cluster-settings
+data:
+  EXAMPLE: foo