diff --git a/cluster-v2-design.md b/cluster-v2-design.md index 7bf1380..c5a6347 100644 --- a/cluster-v2-design.md +++ b/cluster-v2-design.md @@ -330,20 +330,33 @@ nmcli connection up id br0 ``` ### Kubeseal Use +``` +apiVersion: v1 +kind: Secret +metadata: + name: test-secret + namespace: my-namespace +type: Opaque +data: + username: dmFsdWUtMQ0K + password: dmFsdWUtMg0KDQo= +stringData: + hostname: myapp.mydomain.com +``` cat secret.yaml | kubeseal --format yaml > sealedsecret.yaml # Actual Install Notes ## To Do List -Infra Cluster: +Infra Cluster: [x] - On Host: 1. CoreDNS [x] 2. Wireguard [x] - On Cluster: - 1. Keycloak - 2. Kanboard - 3. OneDev + 1. Keycloak [x] + 2. Kanboard [x] + 3. Gitea [x] 4. Harbor [x] Main Cluster: @@ -351,14 +364,19 @@ Main Cluster: 1. Wireguard [x] - On Cluster: 1. Tekton - 2. MQTT Broker - 3. Squid - 4. j7s-os-deployment + Base install [ ] + Add namespace + Push images + Update tasks + Update jobs 5. Flux + 1. MQTT Broker + 2. Squid + 3. j7s-os-deployment [x] Give accounts on Harbor to clusters. [ ] Push images to Harbor. -[ ] Hubble. +[x] Hubble. ## Regularly Scheduled Programming @@ -638,4 +656,23 @@ ngress-nginx-controller LoadBalancer 10.45.94.103 192.168.1.112 ``` > 10.100.100.7:31566 +### Tekton + +kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml +kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml +kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml +kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml + +### Keycloak +kubectl describe pv pvc-4bcbb023-e686-4082-855f-d062ff418c74 --namespace keycloak +`/var/lib/rancher/k3s/storage/pvc-4bcbb023-e686-4082-855f-d062ff418c74_keycloak_keycloak-db-pvc` +`scp /tmp/db-backup.tar.gz jimmy@192.168.1.112:.` +``` +sudo su +chown root:root ./db-backup.tar.gz +cd /var/lib/rancher/k3s/storage/pvc-4bcbb023-e686-4082-855f-d062ff418c74_keycloak_keycloak-db-pvc +rm -rf * +tar xpvzf /home/jimmy/db-backup.tar.gz +sudo chown -R systemd-oom:systemd-oom * +``` diff --git a/deployments/kanboard-deployment.yaml b/deployments/kanboard-deployment.yaml deleted file mode 100644 index da12558..0000000 --- a/deployments/kanboard-deployment.yaml +++ /dev/null @@ -1,104 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: kanboard-pvc -spec: - accessModes: - - ReadWriteOnce - storageClassName: local-path - resources: - requests: - storage: 2Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kanboard-deployment - labels: - app: kanboard -spec: - replicas: 1 - selector: - matchLabels: - app: kanboard - template: - metadata: - labels: - app: kanboard - spec: - containers: - - name: oauth-proxy - image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0 - args: - - --cookie-secret=`$COOKIE_SECRET` - - --cookie-secure=false - - --email-domain=* - - --provider=keycloak-oidc - - --client-id=kanboard - - --client-secret=oT6dMBS87jc385utLumMoffJ9MqLEGRY - - --redirect-url=https://kanboard.jpace121.net - - --oidc-issuer-url=https://auth.jpace121.net/realms/jpace121-main - - --reverse-proxy=true - - --upstream=http://localhost:80/ - - --http-address=0.0.0.0:8080 - ports: - - containerPort: 8080 - env: - - name: COOKIE_SECRET - valueFrom: - secretKeyRef: - name: kanboard-cookie - key: cookie-secret - - name: kanboard-app - image: 192.168.1.149:8443/kanboard:latest - ports: - - containerPort: 80 - - containerPort: 443 - env: - - name: DATABASE_URL - value: "postgres://postgres:jdsjkksksklw@localhost/kanboard" - - name: kanboard-db - image: docker.io/library/postgres:bullseye - env: - - name: POSTGRES_DB - value: "kanboard" - - name: POSTGRES_PASSWORD - value: "jdsjkksksklw" - volumeMounts: - - name: db-storage - mountPath: "/var/lib/postgresql/data" - volumes: - - name: db-storage - persistentVolumeClaim: - claimName: kanboard-pvc - ---- -apiVersion: v1 -kind: Service -metadata: - name: kanboard-service -spec: - selector: - app: kanboard - ports: - - protocol: TCP - targetPort: 8080 - port: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: kanboard-ingress -spec: - rules: - - host: kanboard.jpace121.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: kanboard-service - port: - number: 80 \ No newline at end of file diff --git a/deployments/onedev.yaml b/deployments/onedev.yaml deleted file mode 100644 index 419f999..0000000 --- a/deployments/onedev.yaml +++ /dev/null @@ -1,340 +0,0 @@ ---- -# Source: onedev/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: onedev - labels: - helm.sh/chart: onedev-7.8.5 - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - app.kubernetes.io/version: "7.8.5" - app.kubernetes.io/managed-by: Helm ---- -# Source: onedev/templates/secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: onedev-mysql -stringData: - password: changeit ---- -# Source: onedev/templates/persistentvolumeclaim.yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: onedev - labels: - helm.sh/chart: onedev-7.8.5 - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - app.kubernetes.io/version: "7.8.5" - app.kubernetes.io/managed-by: Helm - tier: onedev - annotations: - "helm.sh/resource-policy": keep -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi ---- -# Source: onedev/templates/persistentvolumeclaim.yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: onedev-mysql - labels: - helm.sh/chart: onedev-7.8.5 - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - app.kubernetes.io/version: "7.8.5" - app.kubernetes.io/managed-by: Helm - tier: mysql - annotations: - "helm.sh/resource-policy": keep -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi ---- -# Source: onedev/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: onedev - labels: - helm.sh/chart: onedev-7.8.5 - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - app.kubernetes.io/version: "7.8.5" - app.kubernetes.io/managed-by: Helm -rules: - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "create", "delete"] #require this permission to run builds in isolated namespaces - - apiGroups: ["rbac.authorization.k8s.io"] - resources: ["clusterrolebindings"] - verbs: ["get", "list", "create", "delete"] #require this permission to bind cluster roles to service account of running builds - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list"] #require this permission to search nodes matching executor criterias - - apiGroups: [""] - resources: ["services", "pods", "pods/log", "pods/exec", "secrets", "configmaps", "events"] - verbs: ["get", "list", "watch", "create", "patch", "delete"] #require this permission to run builds as pods - - apiGroups: ["apps"] - resources: ["deployments"] - verbs: ["get", "list", "create", "patch", "delete"] #require this permission to run builds as pods ---- -# Source: onedev/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: onedev - labels: - helm.sh/chart: onedev-7.8.5 - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - app.kubernetes.io/version: "7.8.5" - app.kubernetes.io/managed-by: Helm -subjects: - - kind: ServiceAccount - namespace: default - name: onedev -roleRef: - kind: ClusterRole - name: onedev - apiGroup: rbac.authorization.k8s.io ---- -# Source: onedev/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: onedev - labels: - helm.sh/chart: onedev-7.8.5 - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - app.kubernetes.io/version: "7.8.5" - app.kubernetes.io/managed-by: Helm - tier: onedev - annotations: - null -spec: - type: ClusterIP - ports: - - name: http - port: 80 - targetPort: 6610 - protocol: TCP - - name: ssh - port: 2222 - targetPort: 6611 - protocol: TCP - selector: - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - tier: onedev ---- -# Source: James Custom ---- -apiVersion: v1 -kind: Service -metadata: - name: onedev-ssh -spec: - type: NodePort - ports: - - name: ssh - port: 22 - targetPort: 6611 - protocol: TCP - selector: - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - tier: onedev ---- -# Source: onedev/templates/service.yaml ---- -apiVersion: v1 -kind: Service -metadata: - name: onedev-mysql - labels: - helm.sh/chart: onedev-7.8.5 - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - app.kubernetes.io/version: "7.8.5" - app.kubernetes.io/managed-by: Helm - tier: mysql -spec: - ports: - - port: 3306 - selector: - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - tier: mysql ---- -# Source: onedev/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: onedev - labels: - helm.sh/chart: onedev-7.8.5 - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - app.kubernetes.io/version: "7.8.5" - app.kubernetes.io/managed-by: Helm - tier: onedev -spec: - replicas: 1 # only allow one replicas as OneDev doesn't support clustering - selector: - matchLabels: - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - tier: onedev - strategy: - type: Recreate - template: - metadata: - name: onedev - labels: - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - tier: onedev - spec: - serviceAccountName: onedev - nodeSelector: - kubernetes.io/os: linux - containers: - - name: onedev - resources: - requests: - memory: 1024Mi - volumeMounts: - - mountPath: "/opt/onedev" - name: onedev - image: "1dev/server:7.9.2" - ports: - - containerPort: 6610 - - containerPort: 6611 - env: - - name: k8s_service - value: onedev - - name: ingress_host - value: onedev.intenral.jpace121.net - - name: ingress_tls - value: "false" - - name: hibernate_dialect - value: org.hibernate.dialect.MySQL5InnoDBDialect - - name: hibernate_connection_driver_class - value: com.mysql.cj.jdbc.Driver - - name: hibernate_connection_url - value: jdbc:mysql://onedev-mysql:3306/onedev?serverTimezone=UTC&allowPublicKeyRetrieval=true&useSSL=false - - name: hibernate_connection_username - value: root - - name: hibernate_connection_password - valueFrom: - secretKeyRef: - name: onedev-mysql - key: password - - name: hibernate_hikari_maximumPoolSize - value: "25" - initContainers: - - name: init - image: busybox - command: ["sh", "-c", "until nslookup onedev-mysql.default.svc.cluster.local; do echo waiting for mysql; sleep 2; done;"] - volumes: - - name: onedev - persistentVolumeClaim: - claimName: onedev ---- -# Source: onedev/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: onedev-mysql - labels: - helm.sh/chart: onedev-7.8.5 - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - app.kubernetes.io/version: "7.8.5" - app.kubernetes.io/managed-by: Helm - tier: mysql -spec: - selector: - matchLabels: - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - tier: mysql - strategy: - type: Recreate - template: - metadata: - name: onedev-mysql - labels: - app.kubernetes.io/name: onedev - app.kubernetes.io/instance: onedev - tier: mysql - spec: - nodeSelector: - kubernetes.io/os: linux - containers: - - name: mysql - image: mysql:5.7 - args: - - "--character-set-server=utf8mb4" - - "--collation-server=utf8mb4_unicode_ci" - - "--ignore-db-dir=lost+found" - env: - - name: MYSQL_DATABASE - value: onedev - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: onedev-mysql - key: password - ports: - - containerPort: 3306 - resources: - requests: - memory: 256Mi - volumeMounts: - - name: mysql - mountPath: /var/lib/mysql - readinessProbe: - exec: - command: - - bash - - "-c" - - | - mysql -uroot -p$MYSQL_ROOT_PASSWORD -e 'SELECT 1' - initialDelaySeconds: 5 - periodSeconds: 2 - timeoutSeconds: 1 - volumes: - - name: mysql - persistentVolumeClaim: - claimName: onedev-mysql ---- -# Source: onedev/templates/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: onedev -spec: - rules: - - host: onedev.internal.jpace121.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: onedev - port: - number: 80 diff --git a/infra-cluster/keycloak/images/Dockerfile b/infra-cluster/keycloak/images/Dockerfile new file mode 100644 index 0000000..1534178 --- /dev/null +++ b/infra-cluster/keycloak/images/Dockerfile @@ -0,0 +1,5 @@ +FROM quay.io/keycloak/keycloak:20.0 +WORKDIR /opt/keycloak +RUN ./bin/kc.sh build \ + --spi-x509cert-lookup-provider=nginx \ + --features docker \ No newline at end of file diff --git a/infra-cluster/keycloak/manifests/deployment.yaml b/infra-cluster/keycloak/manifests/deployment.yaml new file mode 100644 index 0000000..57b3ef7 --- /dev/null +++ b/infra-cluster/keycloak/manifests/deployment.yaml @@ -0,0 +1,75 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: keycloak-deployment + namespace: keycloak + labels: + app: keycloak +spec: + replicas: 1 + selector: + matchLabels: + app: keycloak + template: + metadata: + labels: + app: keycloak + spec: + containers: + - name: keycloak-db + image: docker.io/library/postgres:bullseye + volumeMounts: + - name: db-storage + mountPath: "/var/lib/postgresql/data" + env: + - name: POSTGRES_DB + value: keycloak + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: keycloak-db-secret + key: POSTGRES_PASSWORD + - name: keycloak + image: harbor.internal.jpace121.net/k8s/jpace-keycloak:20.0.0 + env: + - name: KC_LOG_LEVEL + value: DEBUG + - name: KEYCLOAK_ADMIN + value: admin + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: keycloak-secret + key: KEYCLOAK_ADMIN_PASSWORD + - name: KC_DB + value: postgres + - name: KC_DB_USERNAME + value: postgres + - name: KC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: keycloak-secret + key: KC_DB_PASSWORD + volumeMounts: + - name: keycloak-config + mountPath: /opt/keycloak-config/ + args: + - start + - --hostname-url=https://auth.jpace121.net + - --hostname-strict-backchannel=true + - --hostname-admin-url=https://auth.jpace121.net + - --https-client-auth=request + - --spi-truststore-file-file=/opt/keycloak-config/truststore.jks + - --spi-truststore-file-password=password + - --spi-x509cert-lookup-nginx-ssl-client-cert=ssl-client-cert + - --spi-x509cert-lookup-provider=nginx + - --features docker + - --proxy=edge + volumes: + - name: db-storage + persistentVolumeClaim: + claimName: keycloak-db-pvc + - name: keycloak-config + configMap: + name: keycloak-config \ No newline at end of file diff --git a/infra-cluster/keycloak/manifests/ingress.yaml b/infra-cluster/keycloak/manifests/ingress.yaml new file mode 100644 index 0000000..60ed8a2 --- /dev/null +++ b/infra-cluster/keycloak/manifests/ingress.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak-ingress + namespace: keycloak + annotations: + nginx.ingress.kubernetes.io/proxy-buffering: "on" + nginx.ingress.kubernetes.io/proxy-buffer-size: "512k" +spec: + rules: + - host: auth.jpace121.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: keycloak-service + port: + number: 8080 \ No newline at end of file diff --git a/infra-cluster/keycloak/manifests/keycloak-config.yaml b/infra-cluster/keycloak/manifests/keycloak-config.yaml new file mode 100644 index 0000000..a03ddd6 --- /dev/null +++ b/infra-cluster/keycloak/manifests/keycloak-config.yaml @@ -0,0 +1,8 @@ +--- +kind: ConfigMap +metadata: + name: keycloak-config + namespace: keycloak +apiVersion: v1 +binaryData: + truststore.jks: MIIC4gIBAzCCAowGCSqGSIb3DQEHAaCCAn0EggJ5MIICdTCCAnEGCSqGSIb3DQEHBqCCAmIwggJeAgEAMIICVwYJKoZIhvcNAQcBMGYGCSqGSIb3DQEFDTBZMDgGCSqGSIb3DQEFDDArBBR06xf6EozPqDQ/xzGXp40CBqhk+AICJxACASAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEFizOH2LYOBzcHQsXzKXTJaAggHgiX6o5k8bo8w5RiwFngx7snUOMw9eYheq8YgkhuUhLgnx2uxYcw3ajFXYXuq/M6a5vXjQ7bLpeoidY9YdBl74UZjXEbLnTnWQQjjjoMIhBImmMe4ycxbRJ56EAJ4XDPhMwjf1dsGnCL1LX4KHNqVmHSGdkNJSB+PeU4Z6NrdO6sD9LPgaSTTq5b1czv3I8vH5aY/sT+8U4JR+P7xjNzobHzK2L+zcNTS1Hu29qYllQNsfks3gBsJn2Gmdw8NZXrRXCZZXQt7G4mqdPMuLrkd1pTjndYhsMHFMKA67WhNQe14UMlWPKpAPZ2nnS8x+AIVz2H5mQldVEXdeZDvujLYzRp5LyLwEYRHTIMEahGE0d9BIkijJ6kc5hGpF1IRlimVhZDowvX9sbtjHWgJdo5Gm3UEfSTQ9FSB7E8D11MbNZcaqbJcrK8GwKJHnSokCApaJ/Q2eat7YhhWJ/AkveXF0JYd8VPn4BTeOmukr+uZKzRPRoNyvG3orQYm78gJhmMqloHzI4f1VL68h+80VHtt2m+p99p3ZswyYh9dMhpdEue94VSCaMN9ZpEDB7RTYC6O0ZkVdd4uo6Kmu8MGhF8KQEBBCHKqL8ONVXFAcTzF1g5h8h644G29OmqXiro/Dy/gVME0wMTANBglghkgBZQMEAgEFAAQgGlefxTaHIgl4GJ5h3SQvPJSGNfFH2tCI9jtTh4U8KjEEFATo1+WMtc4hIa6Jt1vjX5YGS5mmAgInEA== diff --git a/infra-cluster/keycloak/manifests/pvc.yaml b/infra-cluster/keycloak/manifests/pvc.yaml new file mode 100644 index 0000000..87fbf5e --- /dev/null +++ b/infra-cluster/keycloak/manifests/pvc.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: keycloak-db-pvc + namespace: keycloak +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi diff --git a/infra-cluster/keycloak/manifests/service.yaml b/infra-cluster/keycloak/manifests/service.yaml new file mode 100644 index 0000000..48f2d60 --- /dev/null +++ b/infra-cluster/keycloak/manifests/service.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: keycloak-service + namespace: keycloak +spec: + selector: + app: keycloak + ports: + - protocol: TCP + targetPort: 8080 + port: 8080 \ No newline at end of file diff --git a/infra-cluster/keycloak/namespaces/keycloak.yaml b/infra-cluster/keycloak/namespaces/keycloak.yaml new file mode 100644 index 0000000..80e7888 --- /dev/null +++ b/infra-cluster/keycloak/namespaces/keycloak.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: keycloak diff --git a/infra-cluster/keycloak/secrets/keycloak-secret-sealed.yaml b/infra-cluster/keycloak/secrets/keycloak-secret-sealed.yaml new file mode 100644 index 0000000..4f0554d --- /dev/null +++ b/infra-cluster/keycloak/secrets/keycloak-secret-sealed.yaml @@ -0,0 +1,17 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: keycloak-secret + namespace: keycloak +spec: + encryptedData: + KC_DB_PASSWORD: AgCwkQkNAxQXZ+Qpz7UAod6z912Gwj7cNX9pmBeEGMisADDC5o29mZpETaaby3Sn/SHJ0IjBusNwRlbd6ROflQbOdHFuZl30walUWE0kRQg4LcwBMQav19USzJ1IF4cu4uudD4jigbolAHZ1XeSgHJl7jAunmibX8aHhGZtxlvHB2cHTRuA+Gz4EFkbKEJY+7LHfZqPG3J/uig9wAKIEGl2T6qNsPfA5yN9eL0MPdHkTpRuUaIPGpDZOnF8O6B8ItvP9XYRx+IsNcfYWMviKBdBVkZCGvHprcG7gZbVoOksbeRh64BbIKsMm3HMrm85BS30ldTLDuVYB97yUWXrsYDwaIK5ElBj5ALuR8cJ1argTL9ykIm7x9piuWqZeM8kj8NFRSkGP+cJdec83qP0Co1nVnsjh09yyT21LHjBWPM7jTPWz7Q5b2wUSbNBedP/XvHgVAjl8HTsL+MIJI+BLisxh51N0tB9kyCBvBc3yOo4QQpusf1lpBa/6rqZUpkIcbaamcY+l4IGcx68D7iYGkV6/xgYTRuhd/WmGj5C6sV4wfvE6bW4RindRfllkidFyAiJJlIApXdb0Sj8Mht4HUG02n+eszjcdjO68MpXStXnaY1A4jGXEqxG/jkuw9WC9AIIqzEHqbG7nqDP7vkQqcJmUZPPeenc+pHNuJRA6BSfBNHJNYYrOn4OvkFOMj1BMhCkag7VK/Q+YEsBn5Ng0UjjxZskG + KEYCLOAK_ADMIN_PASSWORD: AgCF3NAAFvhv1TohUYkSeQ3nzUdvdL5W/2NawychQf3IJIfxIxT4cxm5xBJq9LD6WQZ39Tj9Qn7+ccZjzc1LwBqCwHECHCKFZ6ccJlblp4gneVPbvppx+ZN7RM0zlTCRluaP10STxp+tvzH8aG2p41+RRCd4maUjASu/kgpdgrzS4Cag0KbI+DLjd2Ep4772D55kVjXaSOUIVf0P22gyS2SuwC0cPLt97jX/cknIRSi5ojg0sxqvIQWxTep7iL1D4cFr4ZAOViU7jGOt3ncSWjLu20Nfc30lcKQFXe8pAOkE6n17Jw91856L3eRh5+RcpcKqvHLuLffJVeWIUkqFud1qliSxc61ulfTeQIMAdMi8ZzYq72fo/U/0Vr1PAO5UshptYOWvzfp6tVSif5Jhk+icWVlHriuRRQu585TjTYU679+qHXF0tNWe/QQBxUH0RvVahlye63UtJ08eLvNBWKc2y2/rJaIOx6UxPg+itb7HuRJxUejsUWCMttwAIrytChjnL2SKhFDkNVZ7Kw+BxPfWQdobSaP1NYaCaTYTlnXmp7ANWtLEiyJdcbk9u46VUUl7gGsEsGdusspNmOPQb/iU4yglBmAjV1cUNXYMrj+jiLyli6NTfQsVFt9rwBnXvU/HzhVz8e2YfmqrKy+YRdj/w9PJ2bCasKjmv78eWmkPYTYETzhuA6pm4NLzBsViTzgcUaYOabp1LDw87XXbElDJrkIkLvfHnsPEC5+kBoWPzXit65U= + template: + metadata: + creationTimestamp: null + name: keycloak-secret + namespace: keycloak + type: Opaque + diff --git a/infra-cluster/keycloak/secrets/sealed-db-secret.yaml b/infra-cluster/keycloak/secrets/sealed-db-secret.yaml new file mode 100644 index 0000000..69d1401 --- /dev/null +++ b/infra-cluster/keycloak/secrets/sealed-db-secret.yaml @@ -0,0 +1,16 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: keycloak-db-secret + namespace: keycloak +spec: + encryptedData: + POSTGRES_PASSWORD: AgATymQkJVhzyGItgEMClsbLdNQA33C8c2ioetx53NaM1MZl40pX8sGW/gGVCGw8VzXjL8WUS/HeVrK12Q6w8E1Z/SWHOeuEpRqyEw99ElrodlILolRUEetr9ytMpJXMEAHeJl+UgSED9IcwrgkPSjlbwnZXgRrqO2gjO5dPie/tsx8Dkjc//oaXJHRaKA62MN9Bjom/V/tP5EnTEJaPTpprmFnW8TqfLJp+XeiPWMqg4FjtP+1oeGoa1jf4b5aaT8SpLHg8q4DWuXOQQb4Xxid3q8hRPi4PLokJb5xjN8PcyMxibr3bZTVj8VpxRkXIrWVRlOz/W8W+96PNH1mY+aSpidowFG1I8Npd59UY4pgoXdPm3hD4DVEy1T9qv5B1D8Duu9GjRloMp/qbcbTvbnRf8xkF3jBucAVOxI5/6BE4VYZxwNojsnYPTdlqdR7n/fvhcFIwSVlisYFrR2cXHJIRMO2Ir6NV7i4/YnPgI+zuWvIiGGGWndKNNcX/5KtZbHn9AZHZi3A23BMjm+Up4V1JeLxdNCcmPsZB3Von5TqJpg9lyR6/NvE8k80HP17GO9f/phLBwu8Q8uJtn0eLwNkc0jCZScDg8CyYKEFMb1Oiq+7WhVp9YucURhS3jqsdb2QRNDacAhKqegB9kAGaIJMx3tZd6rrO8jkozBsuCt/otQVGni4yHzK2nN79O9MiLyd2suofQYr6D3C2vcaYRRdfS4GV + template: + metadata: + creationTimestamp: null + name: keycloak-db-secret + namespace: keycloak + type: Opaque +