cd
/
k8s-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: cd:864f58ff01d4c26adcd94c5a8478b2cf7340f150
Branches Tags
cd:master
..
compare: cd:a547d0052ff12ce6c47bffab3e9701e0a4727903
Branches Tags
cd:master

2 Commits
864f58ff01 ... a547d0052f

Author SHA1 Message Date
James Pace a547d0052f Add Dockerfile for kanboard. 2023-04-01 00:16:30 -04:00
James Pace 7a9b158339 Remove old deployments. Add keycloak. 2023-03-31 23:54:41 -04:00
13 changed files with 223 additions and 452 deletions
Show Stats Expand all files Collapse all files

53
cluster-v2-design.md
View File

@ -330,20 +330,33 @@ nmcli connection up id br0
``` ```
### Kubeseal Use ### Kubeseal Use
```
apiVersion: v1
kind: Secret
metadata:
name: test-secret
namespace: my-namespace
type: Opaque
data:
username: dmFsdWUtMQ0K
password: dmFsdWUtMg0KDQo=
stringData:
hostname: myapp.mydomain.com
```
cat secret.yaml | kubeseal --format yaml > sealedsecret.yaml cat secret.yaml | kubeseal --format yaml > sealedsecret.yaml
# Actual Install Notes # Actual Install Notes
## To Do List ## To Do List
Infra Cluster: Infra Cluster: [x]
- On Host: - On Host:
1. CoreDNS [x] 1. CoreDNS [x]
2. Wireguard [x] 2. Wireguard [x]
- On Cluster: - On Cluster:
1. Keycloak 1. Keycloak [x]
2. Kanboard 2. Kanboard [x]
3. OneDev 3. Gitea [x]
4. Harbor [x] 4. Harbor [x]
Main Cluster: Main Cluster:
@ -351,14 +364,19 @@ Main Cluster:
1. Wireguard [x] 1. Wireguard [x]
- On Cluster: - On Cluster:
1. Tekton 1. Tekton
2. MQTT Broker Base install [ ]
3. Squid Add namespace
4. j7s-os-deployment Push images
Update tasks
Update jobs
5. Flux 5. Flux
1. MQTT Broker
2. Squid
3. j7s-os-deployment
[x] Give accounts on Harbor to clusters. [x] Give accounts on Harbor to clusters.
[ ] Push images to Harbor. [ ] Push images to Harbor.
[ ] Hubble. [x] Hubble.
## Regularly Scheduled Programming ## Regularly Scheduled Programming
@ -638,4 +656,23 @@ ngress-nginx-controller LoadBalancer 10.45.94.103 192.168.1.112
``` ```
> 10.100.100.7:31566 > 10.100.100.7:31566
### Tekton
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
### Keycloak
kubectl describe pv pvc-4bcbb023-e686-4082-855f-d062ff418c74 --namespace keycloak
`/var/lib/rancher/k3s/storage/pvc-4bcbb023-e686-4082-855f-d062ff418c74_keycloak_keycloak-db-pvc`
`scp /tmp/db-backup.tar.gz jimmy@192.168.1.112:.`
```
sudo su
chown root:root ./db-backup.tar.gz
cd /var/lib/rancher/k3s/storage/pvc-4bcbb023-e686-4082-855f-d062ff418c74_keycloak_keycloak-db-pvc
rm -rf *
tar xpvzf /home/jimmy/db-backup.tar.gz
sudo chown -R systemd-oom:systemd-oom *
```

104
deployments/kanboard-deployment.yaml
View File

@ -1,104 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kanboard-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kanboard-deployment
labels:
app: kanboard
spec:
replicas: 1
selector:
matchLabels:
app: kanboard
template:
metadata:
labels:
app: kanboard
spec:
containers:
- name: oauth-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
args:
- --cookie-secret=`$COOKIE_SECRET`
- --cookie-secure=false
- --email-domain=*
- --provider=keycloak-oidc
- --client-id=kanboard
- --client-secret=oT6dMBS87jc385utLumMoffJ9MqLEGRY
- --redirect-url=https://kanboard.jpace121.net
- --oidc-issuer-url=https://auth.jpace121.net/realms/jpace121-main
- --reverse-proxy=true
- --upstream=http://localhost:80/
- --http-address=0.0.0.0:8080
ports:
- containerPort: 8080
env:
- name: COOKIE_SECRET
valueFrom:
secretKeyRef:
name: kanboard-cookie
key: cookie-secret
- name: kanboard-app
image: 192.168.1.149:8443/kanboard:latest
ports:
- containerPort: 80
- containerPort: 443
env:
- name: DATABASE_URL
value: "postgres://postgres:jdsjkksksklw@localhost/kanboard"
- name: kanboard-db
image: docker.io/library/postgres:bullseye
env:
- name: POSTGRES_DB
value: "kanboard"
- name: POSTGRES_PASSWORD
value: "jdsjkksksklw"
volumeMounts:
- name: db-storage
mountPath: "/var/lib/postgresql/data"
volumes:
- name: db-storage
persistentVolumeClaim:
claimName: kanboard-pvc
---
apiVersion: v1
kind: Service
metadata:
name: kanboard-service
spec:
selector:
app: kanboard
ports:
- protocol: TCP
targetPort: 8080
port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kanboard-ingress
spec:
rules:
- host: kanboard.jpace121.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kanboard-service
port:
number: 80

340
deployments/onedev.yaml
View File

@ -1,340 +0,0 @@
---
# Source: onedev/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: onedev
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
---
# Source: onedev/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: onedev-mysql
stringData:
password: changeit
---
# Source: onedev/templates/persistentvolumeclaim.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: onedev
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
tier: onedev
annotations:
"helm.sh/resource-policy": keep
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
---
# Source: onedev/templates/persistentvolumeclaim.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: onedev-mysql
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
tier: mysql
annotations:
"helm.sh/resource-policy": keep
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
# Source: onedev/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: onedev
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list", "create", "delete"] #require this permission to run builds in isolated namespaces
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterrolebindings"]
verbs: ["get", "list", "create", "delete"] #require this permission to bind cluster roles to service account of running builds
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list"] #require this permission to search nodes matching executor criterias
- apiGroups: [""]
resources: ["services", "pods", "pods/log", "pods/exec", "secrets", "configmaps", "events"]
verbs: ["get", "list", "watch", "create", "patch", "delete"] #require this permission to run builds as pods
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "create", "patch", "delete"] #require this permission to run builds as pods
---
# Source: onedev/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: onedev
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
subjects:
- kind: ServiceAccount
namespace: default
name: onedev
roleRef:
kind: ClusterRole
name: onedev
apiGroup: rbac.authorization.k8s.io
---
# Source: onedev/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: onedev
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
tier: onedev
annotations:
null
spec:
type: ClusterIP
ports:
- name: http
port: 80
targetPort: 6610
protocol: TCP
- name: ssh
port: 2222
targetPort: 6611
protocol: TCP
selector:
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
tier: onedev
---
# Source: James Custom
---
apiVersion: v1
kind: Service
metadata:
name: onedev-ssh
spec:
type: NodePort
ports:
- name: ssh
port: 22
targetPort: 6611
protocol: TCP
selector:
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
tier: onedev
---
# Source: onedev/templates/service.yaml
---
apiVersion: v1
kind: Service
metadata:
name: onedev-mysql
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
tier: mysql
spec:
ports:
- port: 3306
selector:
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
tier: mysql
---
# Source: onedev/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: onedev
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
tier: onedev
spec:
replicas: 1 # only allow one replicas as OneDev doesn't support clustering
selector:
matchLabels:
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
tier: onedev
strategy:
type: Recreate
template:
metadata:
name: onedev
labels:
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
tier: onedev
spec:
serviceAccountName: onedev
nodeSelector:
kubernetes.io/os: linux
containers:
- name: onedev
resources:
requests:
memory: 1024Mi
volumeMounts:
- mountPath: "/opt/onedev"
name: onedev
image: "1dev/server:7.9.2"
ports:
- containerPort: 6610
- containerPort: 6611
env:
- name: k8s_service
value: onedev
- name: ingress_host
value: onedev.intenral.jpace121.net
- name: ingress_tls
value: "false"
- name: hibernate_dialect
value: org.hibernate.dialect.MySQL5InnoDBDialect
- name: hibernate_connection_driver_class
value: com.mysql.cj.jdbc.Driver
- name: hibernate_connection_url
value: jdbc:mysql://onedev-mysql:3306/onedev?serverTimezone=UTC&allowPublicKeyRetrieval=true&useSSL=false
- name: hibernate_connection_username
value: root
- name: hibernate_connection_password
valueFrom:
secretKeyRef:
name: onedev-mysql
key: password
- name: hibernate_hikari_maximumPoolSize
value: "25"
initContainers:
- name: init
image: busybox
command: ["sh", "-c", "until nslookup onedev-mysql.default.svc.cluster.local; do echo waiting for mysql; sleep 2; done;"]
volumes:
- name: onedev
persistentVolumeClaim:
claimName: onedev
---
# Source: onedev/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: onedev-mysql
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
tier: mysql
spec:
selector:
matchLabels:
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
tier: mysql
strategy:
type: Recreate
template:
metadata:
name: onedev-mysql
labels:
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
tier: mysql
spec:
nodeSelector:
kubernetes.io/os: linux
containers:
- name: mysql
image: mysql:5.7
args:
- "--character-set-server=utf8mb4"
- "--collation-server=utf8mb4_unicode_ci"
- "--ignore-db-dir=lost+found"
env:
- name: MYSQL_DATABASE
value: onedev
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: onedev-mysql
key: password
ports:
- containerPort: 3306
resources:
requests:
memory: 256Mi
volumeMounts:
- name: mysql
mountPath: /var/lib/mysql
readinessProbe:
exec:
command:
- bash
- "-c"
- |
mysql -uroot -p$MYSQL_ROOT_PASSWORD -e 'SELECT 1'
initialDelaySeconds: 5
periodSeconds: 2
timeoutSeconds: 1
volumes:
- name: mysql
persistentVolumeClaim:
claimName: onedev-mysql
---
# Source: onedev/templates/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: onedev
spec:
rules:
- host: onedev.internal.jpace121.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: onedev
port:
number: 80

7
infra-cluster/kanboard/images/Dockerfile Normal file
View File

@ -0,0 +1,7 @@
FROM docker.io/library/debian:bullseye as builder
RUN apt update -y && apt install -y git
RUN git clone https://github.com/kanboard/plugin-oauth2.git
FROM docker.io/kanboard/kanboard:latest
COPY --from=builder /plugin-oauth2 /var/www/app/plugins/OAuth2

5
infra-cluster/keycloak/images/Dockerfile Normal file
View File

@ -0,0 +1,5 @@
FROM quay.io/keycloak/keycloak:20.0
WORKDIR /opt/keycloak
RUN ./bin/kc.sh build \
--spi-x509cert-lookup-provider=nginx \
--features docker

75
infra-cluster/keycloak/manifests/deployment.yaml Normal file
View File

@ -0,0 +1,75 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak-deployment
namespace: keycloak
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak-db
image: docker.io/library/postgres:bullseye
volumeMounts:
- name: db-storage
mountPath: "/var/lib/postgresql/data"
env:
- name: POSTGRES_DB
value: keycloak
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-db-secret
key: POSTGRES_PASSWORD
- name: keycloak
image: harbor.internal.jpace121.net/k8s/jpace-keycloak:20.0.0
env:
- name: KC_LOG_LEVEL
value: DEBUG
- name: KEYCLOAK_ADMIN
value: admin
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-secret
key: KEYCLOAK_ADMIN_PASSWORD
- name: KC_DB
value: postgres
- name: KC_DB_USERNAME
value: postgres
- name: KC_DB_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-secret
key: KC_DB_PASSWORD
volumeMounts:
- name: keycloak-config
mountPath: /opt/keycloak-config/
args:
- start
- --hostname-url=https://auth.jpace121.net
- --hostname-strict-backchannel=true
- --hostname-admin-url=https://auth.jpace121.net
- --https-client-auth=request
- --spi-truststore-file-file=/opt/keycloak-config/truststore.jks
- --spi-truststore-file-password=password
- --spi-x509cert-lookup-nginx-ssl-client-cert=ssl-client-cert
- --spi-x509cert-lookup-provider=nginx
- --features docker
- --proxy=edge
volumes:
- name: db-storage
persistentVolumeClaim:
claimName: keycloak-db-pvc
- name: keycloak-config
configMap:
name: keycloak-config

21
infra-cluster/keycloak/manifests/ingress.yaml Normal file
View File

@ -0,0 +1,21 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak-ingress
namespace: keycloak
annotations:
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/proxy-buffer-size: "512k"
spec:
rules:
- host: auth.jpace121.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: keycloak-service
port:
number: 8080

8
infra-cluster/keycloak/manifests/keycloak-config.yaml Normal file
View File

@ -0,0 +1,8 @@
---
kind: ConfigMap
metadata:
name: keycloak-config
namespace: keycloak
apiVersion: v1
binaryData:
truststore.jks: MIIC4gIBAzCCAowGCSqGSIb3DQEHAaCCAn0EggJ5MIICdTCCAnEGCSqGSIb3DQEHBqCCAmIwggJeAgEAMIICVwYJKoZIhvcNAQcBMGYGCSqGSIb3DQEFDTBZMDgGCSqGSIb3DQEFDDArBBR06xf6EozPqDQ/xzGXp40CBqhk+AICJxACASAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEFizOH2LYOBzcHQsXzKXTJaAggHgiX6o5k8bo8w5RiwFngx7snUOMw9eYheq8YgkhuUhLgnx2uxYcw3ajFXYXuq/M6a5vXjQ7bLpeoidY9YdBl74UZjXEbLnTnWQQjjjoMIhBImmMe4ycxbRJ56EAJ4XDPhMwjf1dsGnCL1LX4KHNqVmHSGdkNJSB+PeU4Z6NrdO6sD9LPgaSTTq5b1czv3I8vH5aY/sT+8U4JR+P7xjNzobHzK2L+zcNTS1Hu29qYllQNsfks3gBsJn2Gmdw8NZXrRXCZZXQt7G4mqdPMuLrkd1pTjndYhsMHFMKA67WhNQe14UMlWPKpAPZ2nnS8x+AIVz2H5mQldVEXdeZDvujLYzRp5LyLwEYRHTIMEahGE0d9BIkijJ6kc5hGpF1IRlimVhZDowvX9sbtjHWgJdo5Gm3UEfSTQ9FSB7E8D11MbNZcaqbJcrK8GwKJHnSokCApaJ/Q2eat7YhhWJ/AkveXF0JYd8VPn4BTeOmukr+uZKzRPRoNyvG3orQYm78gJhmMqloHzI4f1VL68h+80VHtt2m+p99p3ZswyYh9dMhpdEue94VSCaMN9ZpEDB7RTYC6O0ZkVdd4uo6Kmu8MGhF8KQEBBCHKqL8ONVXFAcTzF1g5h8h644G29OmqXiro/Dy/gVME0wMTANBglghkgBZQMEAgEFAAQgGlefxTaHIgl4GJ5h3SQvPJSGNfFH2tCI9jtTh4U8KjEEFATo1+WMtc4hIa6Jt1vjX5YGS5mmAgInEA==

12
infra-cluster/keycloak/manifests/pvc.yaml Normal file
View File

@ -0,0 +1,12 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: keycloak-db-pvc
namespace: keycloak
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

13
infra-cluster/keycloak/manifests/service.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: keycloak-service
namespace: keycloak
spec:
selector:
app: keycloak
ports:
- protocol: TCP
targetPort: 8080
port: 8080

4
infra-cluster/keycloak/namespaces/keycloak.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: keycloak

17
infra-cluster/keycloak/secrets/keycloak-secret-sealed.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: keycloak-secret
namespace: keycloak
spec:
encryptedData:
KC_DB_PASSWORD: AgCwkQkNAxQXZ+Qpz7UAod6z912Gwj7cNX9pmBeEGMisADDC5o29mZpETaaby3Sn/SHJ0IjBusNwRlbd6ROflQbOdHFuZl30walUWE0kRQg4LcwBMQav19USzJ1IF4cu4uudD4jigbolAHZ1XeSgHJl7jAunmibX8aHhGZtxlvHB2cHTRuA+Gz4EFkbKEJY+7LHfZqPG3J/uig9wAKIEGl2T6qNsPfA5yN9eL0MPdHkTpRuUaIPGpDZOnF8O6B8ItvP9XYRx+IsNcfYWMviKBdBVkZCGvHprcG7gZbVoOksbeRh64BbIKsMm3HMrm85BS30ldTLDuVYB97yUWXrsYDwaIK5ElBj5ALuR8cJ1argTL9ykIm7x9piuWqZeM8kj8NFRSkGP+cJdec83qP0Co1nVnsjh09yyT21LHjBWPM7jTPWz7Q5b2wUSbNBedP/XvHgVAjl8HTsL+MIJI+BLisxh51N0tB9kyCBvBc3yOo4QQpusf1lpBa/6rqZUpkIcbaamcY+l4IGcx68D7iYGkV6/xgYTRuhd/WmGj5C6sV4wfvE6bW4RindRfllkidFyAiJJlIApXdb0Sj8Mht4HUG02n+eszjcdjO68MpXStXnaY1A4jGXEqxG/jkuw9WC9AIIqzEHqbG7nqDP7vkQqcJmUZPPeenc+pHNuJRA6BSfBNHJNYYrOn4OvkFOMj1BMhCkag7VK/Q+YEsBn5Ng0UjjxZskG
KEYCLOAK_ADMIN_PASSWORD: AgCF3NAAFvhv1TohUYkSeQ3nzUdvdL5W/2NawychQf3IJIfxIxT4cxm5xBJq9LD6WQZ39Tj9Qn7+ccZjzc1LwBqCwHECHCKFZ6ccJlblp4gneVPbvppx+ZN7RM0zlTCRluaP10STxp+tvzH8aG2p41+RRCd4maUjASu/kgpdgrzS4Cag0KbI+DLjd2Ep4772D55kVjXaSOUIVf0P22gyS2SuwC0cPLt97jX/cknIRSi5ojg0sxqvIQWxTep7iL1D4cFr4ZAOViU7jGOt3ncSWjLu20Nfc30lcKQFXe8pAOkE6n17Jw91856L3eRh5+RcpcKqvHLuLffJVeWIUkqFud1qliSxc61ulfTeQIMAdMi8ZzYq72fo/U/0Vr1PAO5UshptYOWvzfp6tVSif5Jhk+icWVlHriuRRQu585TjTYU679+qHXF0tNWe/QQBxUH0RvVahlye63UtJ08eLvNBWKc2y2/rJaIOx6UxPg+itb7HuRJxUejsUWCMttwAIrytChjnL2SKhFDkNVZ7Kw+BxPfWQdobSaP1NYaCaTYTlnXmp7ANWtLEiyJdcbk9u46VUUl7gGsEsGdusspNmOPQb/iU4yglBmAjV1cUNXYMrj+jiLyli6NTfQsVFt9rwBnXvU/HzhVz8e2YfmqrKy+YRdj/w9PJ2bCasKjmv78eWmkPYTYETzhuA6pm4NLzBsViTzgcUaYOabp1LDw87XXbElDJrkIkLvfHnsPEC5+kBoWPzXit65U=
template:
metadata:
creationTimestamp: null
name: keycloak-secret
namespace: keycloak
type: Opaque

16
infra-cluster/keycloak/secrets/sealed-db-secret.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: keycloak-db-secret
namespace: keycloak
spec:
encryptedData:
POSTGRES_PASSWORD: AgATymQkJVhzyGItgEMClsbLdNQA33C8c2ioetx53NaM1MZl40pX8sGW/gGVCGw8VzXjL8WUS/HeVrK12Q6w8E1Z/SWHOeuEpRqyEw99ElrodlILolRUEetr9ytMpJXMEAHeJl+UgSED9IcwrgkPSjlbwnZXgRrqO2gjO5dPie/tsx8Dkjc//oaXJHRaKA62MN9Bjom/V/tP5EnTEJaPTpprmFnW8TqfLJp+XeiPWMqg4FjtP+1oeGoa1jf4b5aaT8SpLHg8q4DWuXOQQb4Xxid3q8hRPi4PLokJb5xjN8PcyMxibr3bZTVj8VpxRkXIrWVRlOz/W8W+96PNH1mY+aSpidowFG1I8Npd59UY4pgoXdPm3hD4DVEy1T9qv5B1D8Duu9GjRloMp/qbcbTvbnRf8xkF3jBucAVOxI5/6BE4VYZxwNojsnYPTdlqdR7n/fvhcFIwSVlisYFrR2cXHJIRMO2Ir6NV7i4/YnPgI+zuWvIiGGGWndKNNcX/5KtZbHn9AZHZi3A23BMjm+Up4V1JeLxdNCcmPsZB3Von5TqJpg9lyR6/NvE8k80HP17GO9f/phLBwu8Q8uJtn0eLwNkc0jCZScDg8CyYKEFMb1Oiq+7WhVp9YucURhS3jqsdb2QRNDacAhKqegB9kAGaIJMx3tZd6rrO8jkozBsuCt/otQVGni4yHzK2nN79O9MiLyd2suofQYr6D3C2vcaYRRdfS4GV
template:
metadata:
creationTimestamp: null
name: keycloak-db-secret
namespace: keycloak
type: Opaque