cd
/
k8s-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: cd:a547d0052ff12ce6c47bffab3e9701e0a4727903
Branches Tags
cd:master
..
compare: cd:864f58ff01d4c26adcd94c5a8478b2cf7340f150
Branches Tags
cd:master

No commits in common. "a547d0052ff12ce6c47bffab3e9701e0a4727903" and "864f58ff01d4c26adcd94c5a8478b2cf7340f150" have entirely different histories.
a547d0052f ... 864f58ff01

13 changed files with 452 additions and 223 deletions
Show Stats Expand all files Collapse all files

53
cluster-v2-design.md
View File

@ -330,33 +330,20 @@ nmcli connection up id br0
``` ```
### Kubeseal Use ### Kubeseal Use
```
apiVersion: v1
kind: Secret
metadata:
name: test-secret
namespace: my-namespace
type: Opaque
data:
username: dmFsdWUtMQ0K
password: dmFsdWUtMg0KDQo=
stringData:
hostname: myapp.mydomain.com
```
cat secret.yaml | kubeseal --format yaml > sealedsecret.yaml cat secret.yaml | kubeseal --format yaml > sealedsecret.yaml
# Actual Install Notes # Actual Install Notes
## To Do List ## To Do List
Infra Cluster: [x] Infra Cluster:
- On Host: - On Host:
1. CoreDNS [x] 1. CoreDNS [x]
2. Wireguard [x] 2. Wireguard [x]
- On Cluster: - On Cluster:
1. Keycloak [x] 1. Keycloak
2. Kanboard [x] 2. Kanboard
3. Gitea [x] 3. OneDev
4. Harbor [x] 4. Harbor [x]
Main Cluster: Main Cluster:
@ -364,19 +351,14 @@ Main Cluster:
1. Wireguard [x] 1. Wireguard [x]
- On Cluster: - On Cluster:
1. Tekton 1. Tekton
Base install [ ] 2. MQTT Broker
Add namespace 3. Squid
Push images 4. j7s-os-deployment
Update tasks
Update jobs
5. Flux 5. Flux
1. MQTT Broker
2. Squid
3. j7s-os-deployment
[x] Give accounts on Harbor to clusters. [x] Give accounts on Harbor to clusters.
[ ] Push images to Harbor. [ ] Push images to Harbor.
[x] Hubble. [ ] Hubble.
## Regularly Scheduled Programming ## Regularly Scheduled Programming
@ -656,23 +638,4 @@ ngress-nginx-controller LoadBalancer 10.45.94.103 192.168.1.112
``` ```
> 10.100.100.7:31566 > 10.100.100.7:31566
### Tekton
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
### Keycloak
kubectl describe pv pvc-4bcbb023-e686-4082-855f-d062ff418c74 --namespace keycloak
`/var/lib/rancher/k3s/storage/pvc-4bcbb023-e686-4082-855f-d062ff418c74_keycloak_keycloak-db-pvc`
`scp /tmp/db-backup.tar.gz jimmy@192.168.1.112:.`
```
sudo su
chown root:root ./db-backup.tar.gz
cd /var/lib/rancher/k3s/storage/pvc-4bcbb023-e686-4082-855f-d062ff418c74_keycloak_keycloak-db-pvc
rm -rf *
tar xpvzf /home/jimmy/db-backup.tar.gz
sudo chown -R systemd-oom:systemd-oom *
```

104
deployments/kanboard-deployment.yaml Normal file
View File

@ -0,0 +1,104 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kanboard-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kanboard-deployment
labels:
app: kanboard
spec:
replicas: 1
selector:
matchLabels:
app: kanboard
template:
metadata:
labels:
app: kanboard
spec:
containers:
- name: oauth-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
args:
- --cookie-secret=`$COOKIE_SECRET`
- --cookie-secure=false
- --email-domain=*
- --provider=keycloak-oidc
- --client-id=kanboard
- --client-secret=oT6dMBS87jc385utLumMoffJ9MqLEGRY
- --redirect-url=https://kanboard.jpace121.net
- --oidc-issuer-url=https://auth.jpace121.net/realms/jpace121-main
- --reverse-proxy=true
- --upstream=http://localhost:80/
- --http-address=0.0.0.0:8080
ports:
- containerPort: 8080
env:
- name: COOKIE_SECRET
valueFrom:
secretKeyRef:
name: kanboard-cookie
key: cookie-secret
- name: kanboard-app
image: 192.168.1.149:8443/kanboard:latest
ports:
- containerPort: 80
- containerPort: 443
env:
- name: DATABASE_URL
value: "postgres://postgres:jdsjkksksklw@localhost/kanboard"
- name: kanboard-db
image: docker.io/library/postgres:bullseye
env:
- name: POSTGRES_DB
value: "kanboard"
- name: POSTGRES_PASSWORD
value: "jdsjkksksklw"
volumeMounts:
- name: db-storage
mountPath: "/var/lib/postgresql/data"
volumes:
- name: db-storage
persistentVolumeClaim:
claimName: kanboard-pvc
---
apiVersion: v1
kind: Service
metadata:
name: kanboard-service
spec:
selector:
app: kanboard
ports:
- protocol: TCP
targetPort: 8080
port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kanboard-ingress
spec:
rules:
- host: kanboard.jpace121.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kanboard-service
port:
number: 80

340
deployments/onedev.yaml Normal file
View File

@ -0,0 +1,340 @@
---
# Source: onedev/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: onedev
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
---
# Source: onedev/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: onedev-mysql
stringData:
password: changeit
---
# Source: onedev/templates/persistentvolumeclaim.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: onedev
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
tier: onedev
annotations:
"helm.sh/resource-policy": keep
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
---
# Source: onedev/templates/persistentvolumeclaim.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: onedev-mysql
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
tier: mysql
annotations:
"helm.sh/resource-policy": keep
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
# Source: onedev/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: onedev
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list", "create", "delete"] #require this permission to run builds in isolated namespaces
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterrolebindings"]
verbs: ["get", "list", "create", "delete"] #require this permission to bind cluster roles to service account of running builds
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list"] #require this permission to search nodes matching executor criterias
- apiGroups: [""]
resources: ["services", "pods", "pods/log", "pods/exec", "secrets", "configmaps", "events"]
verbs: ["get", "list", "watch", "create", "patch", "delete"] #require this permission to run builds as pods
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "create", "patch", "delete"] #require this permission to run builds as pods
---
# Source: onedev/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: onedev
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
subjects:
- kind: ServiceAccount
namespace: default
name: onedev
roleRef:
kind: ClusterRole
name: onedev
apiGroup: rbac.authorization.k8s.io
---
# Source: onedev/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: onedev
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
tier: onedev
annotations:
null
spec:
type: ClusterIP
ports:
- name: http
port: 80
targetPort: 6610
protocol: TCP
- name: ssh
port: 2222
targetPort: 6611
protocol: TCP
selector:
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
tier: onedev
---
# Source: James Custom
---
apiVersion: v1
kind: Service
metadata:
name: onedev-ssh
spec:
type: NodePort
ports:
- name: ssh
port: 22
targetPort: 6611
protocol: TCP
selector:
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
tier: onedev
---
# Source: onedev/templates/service.yaml
---
apiVersion: v1
kind: Service
metadata:
name: onedev-mysql
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
tier: mysql
spec:
ports:
- port: 3306
selector:
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
tier: mysql
---
# Source: onedev/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: onedev
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
tier: onedev
spec:
replicas: 1 # only allow one replicas as OneDev doesn't support clustering
selector:
matchLabels:
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
tier: onedev
strategy:
type: Recreate
template:
metadata:
name: onedev
labels:
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
tier: onedev
spec:
serviceAccountName: onedev
nodeSelector:
kubernetes.io/os: linux
containers:
- name: onedev
resources:
requests:
memory: 1024Mi
volumeMounts:
- mountPath: "/opt/onedev"
name: onedev
image: "1dev/server:7.9.2"
ports:
- containerPort: 6610
- containerPort: 6611
env:
- name: k8s_service
value: onedev
- name: ingress_host
value: onedev.intenral.jpace121.net
- name: ingress_tls
value: "false"
- name: hibernate_dialect
value: org.hibernate.dialect.MySQL5InnoDBDialect
- name: hibernate_connection_driver_class
value: com.mysql.cj.jdbc.Driver
- name: hibernate_connection_url
value: jdbc:mysql://onedev-mysql:3306/onedev?serverTimezone=UTC&allowPublicKeyRetrieval=true&useSSL=false
- name: hibernate_connection_username
value: root
- name: hibernate_connection_password
valueFrom:
secretKeyRef:
name: onedev-mysql
key: password
- name: hibernate_hikari_maximumPoolSize
value: "25"
initContainers:
- name: init
image: busybox
command: ["sh", "-c", "until nslookup onedev-mysql.default.svc.cluster.local; do echo waiting for mysql; sleep 2; done;"]
volumes:
- name: onedev
persistentVolumeClaim:
claimName: onedev
---
# Source: onedev/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: onedev-mysql
labels:
helm.sh/chart: onedev-7.8.5
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
app.kubernetes.io/version: "7.8.5"
app.kubernetes.io/managed-by: Helm
tier: mysql
spec:
selector:
matchLabels:
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
tier: mysql
strategy:
type: Recreate
template:
metadata:
name: onedev-mysql
labels:
app.kubernetes.io/name: onedev
app.kubernetes.io/instance: onedev
tier: mysql
spec:
nodeSelector:
kubernetes.io/os: linux
containers:
- name: mysql
image: mysql:5.7
args:
- "--character-set-server=utf8mb4"
- "--collation-server=utf8mb4_unicode_ci"
- "--ignore-db-dir=lost+found"
env:
- name: MYSQL_DATABASE
value: onedev
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: onedev-mysql
key: password
ports:
- containerPort: 3306
resources:
requests:
memory: 256Mi
volumeMounts:
- name: mysql
mountPath: /var/lib/mysql
readinessProbe:
exec:
command:
- bash
- "-c"
- |
mysql -uroot -p$MYSQL_ROOT_PASSWORD -e 'SELECT 1'
initialDelaySeconds: 5
periodSeconds: 2
timeoutSeconds: 1
volumes:
- name: mysql
persistentVolumeClaim:
claimName: onedev-mysql
---
# Source: onedev/templates/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: onedev
spec:
rules:
- host: onedev.internal.jpace121.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: onedev
port:
number: 80

7
infra-cluster/kanboard/images/Dockerfile
View File

@ -1,7 +0,0 @@
FROM docker.io/library/debian:bullseye as builder
RUN apt update -y && apt install -y git
RUN git clone https://github.com/kanboard/plugin-oauth2.git
FROM docker.io/kanboard/kanboard:latest
COPY --from=builder /plugin-oauth2 /var/www/app/plugins/OAuth2

5
infra-cluster/keycloak/images/Dockerfile
View File

@ -1,5 +0,0 @@
FROM quay.io/keycloak/keycloak:20.0
WORKDIR /opt/keycloak
RUN ./bin/kc.sh build \
--spi-x509cert-lookup-provider=nginx \
--features docker

75
infra-cluster/keycloak/manifests/deployment.yaml
View File

@ -1,75 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak-deployment
namespace: keycloak
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak-db
image: docker.io/library/postgres:bullseye
volumeMounts:
- name: db-storage
mountPath: "/var/lib/postgresql/data"
env:
- name: POSTGRES_DB
value: keycloak
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-db-secret
key: POSTGRES_PASSWORD
- name: keycloak
image: harbor.internal.jpace121.net/k8s/jpace-keycloak:20.0.0
env:
- name: KC_LOG_LEVEL
value: DEBUG
- name: KEYCLOAK_ADMIN
value: admin
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-secret
key: KEYCLOAK_ADMIN_PASSWORD
- name: KC_DB
value: postgres
- name: KC_DB_USERNAME
value: postgres
- name: KC_DB_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-secret
key: KC_DB_PASSWORD
volumeMounts:
- name: keycloak-config
mountPath: /opt/keycloak-config/
args:
- start
- --hostname-url=https://auth.jpace121.net
- --hostname-strict-backchannel=true
- --hostname-admin-url=https://auth.jpace121.net
- --https-client-auth=request
- --spi-truststore-file-file=/opt/keycloak-config/truststore.jks
- --spi-truststore-file-password=password
- --spi-x509cert-lookup-nginx-ssl-client-cert=ssl-client-cert
- --spi-x509cert-lookup-provider=nginx
- --features docker
- --proxy=edge
volumes:
- name: db-storage
persistentVolumeClaim:
claimName: keycloak-db-pvc
- name: keycloak-config
configMap:
name: keycloak-config

21
infra-cluster/keycloak/manifests/ingress.yaml
View File

@ -1,21 +0,0 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak-ingress
namespace: keycloak
annotations:
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/proxy-buffer-size: "512k"
spec:
rules:
- host: auth.jpace121.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: keycloak-service
port:
number: 8080

8
infra-cluster/keycloak/manifests/keycloak-config.yaml
View File

@ -1,8 +0,0 @@
---
kind: ConfigMap
metadata:
name: keycloak-config
namespace: keycloak
apiVersion: v1
binaryData:
truststore.jks: MIIC4gIBAzCCAowGCSqGSIb3DQEHAaCCAn0EggJ5MIICdTCCAnEGCSqGSIb3DQEHBqCCAmIwggJeAgEAMIICVwYJKoZIhvcNAQcBMGYGCSqGSIb3DQEFDTBZMDgGCSqGSIb3DQEFDDArBBR06xf6EozPqDQ/xzGXp40CBqhk+AICJxACASAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEFizOH2LYOBzcHQsXzKXTJaAggHgiX6o5k8bo8w5RiwFngx7snUOMw9eYheq8YgkhuUhLgnx2uxYcw3ajFXYXuq/M6a5vXjQ7bLpeoidY9YdBl74UZjXEbLnTnWQQjjjoMIhBImmMe4ycxbRJ56EAJ4XDPhMwjf1dsGnCL1LX4KHNqVmHSGdkNJSB+PeU4Z6NrdO6sD9LPgaSTTq5b1czv3I8vH5aY/sT+8U4JR+P7xjNzobHzK2L+zcNTS1Hu29qYllQNsfks3gBsJn2Gmdw8NZXrRXCZZXQt7G4mqdPMuLrkd1pTjndYhsMHFMKA67WhNQe14UMlWPKpAPZ2nnS8x+AIVz2H5mQldVEXdeZDvujLYzRp5LyLwEYRHTIMEahGE0d9BIkijJ6kc5hGpF1IRlimVhZDowvX9sbtjHWgJdo5Gm3UEfSTQ9FSB7E8D11MbNZcaqbJcrK8GwKJHnSokCApaJ/Q2eat7YhhWJ/AkveXF0JYd8VPn4BTeOmukr+uZKzRPRoNyvG3orQYm78gJhmMqloHzI4f1VL68h+80VHtt2m+p99p3ZswyYh9dMhpdEue94VSCaMN9ZpEDB7RTYC6O0ZkVdd4uo6Kmu8MGhF8KQEBBCHKqL8ONVXFAcTzF1g5h8h644G29OmqXiro/Dy/gVME0wMTANBglghkgBZQMEAgEFAAQgGlefxTaHIgl4GJ5h3SQvPJSGNfFH2tCI9jtTh4U8KjEEFATo1+WMtc4hIa6Jt1vjX5YGS5mmAgInEA==

12
infra-cluster/keycloak/manifests/pvc.yaml
View File

@ -1,12 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: keycloak-db-pvc
namespace: keycloak
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

13
infra-cluster/keycloak/manifests/service.yaml
View File

@ -1,13 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: keycloak-service
namespace: keycloak
spec:
selector:
app: keycloak
ports:
- protocol: TCP
targetPort: 8080
port: 8080

4
infra-cluster/keycloak/namespaces/keycloak.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: keycloak

17
infra-cluster/keycloak/secrets/keycloak-secret-sealed.yaml
View File

@ -1,17 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: keycloak-secret
namespace: keycloak
spec:
encryptedData:
KC_DB_PASSWORD: AgCwkQkNAxQXZ+Qpz7UAod6z912Gwj7cNX9pmBeEGMisADDC5o29mZpETaaby3Sn/SHJ0IjBusNwRlbd6ROflQbOdHFuZl30walUWE0kRQg4LcwBMQav19USzJ1IF4cu4uudD4jigbolAHZ1XeSgHJl7jAunmibX8aHhGZtxlvHB2cHTRuA+Gz4EFkbKEJY+7LHfZqPG3J/uig9wAKIEGl2T6qNsPfA5yN9eL0MPdHkTpRuUaIPGpDZOnF8O6B8ItvP9XYRx+IsNcfYWMviKBdBVkZCGvHprcG7gZbVoOksbeRh64BbIKsMm3HMrm85BS30ldTLDuVYB97yUWXrsYDwaIK5ElBj5ALuR8cJ1argTL9ykIm7x9piuWqZeM8kj8NFRSkGP+cJdec83qP0Co1nVnsjh09yyT21LHjBWPM7jTPWz7Q5b2wUSbNBedP/XvHgVAjl8HTsL+MIJI+BLisxh51N0tB9kyCBvBc3yOo4QQpusf1lpBa/6rqZUpkIcbaamcY+l4IGcx68D7iYGkV6/xgYTRuhd/WmGj5C6sV4wfvE6bW4RindRfllkidFyAiJJlIApXdb0Sj8Mht4HUG02n+eszjcdjO68MpXStXnaY1A4jGXEqxG/jkuw9WC9AIIqzEHqbG7nqDP7vkQqcJmUZPPeenc+pHNuJRA6BSfBNHJNYYrOn4OvkFOMj1BMhCkag7VK/Q+YEsBn5Ng0UjjxZskG
KEYCLOAK_ADMIN_PASSWORD: AgCF3NAAFvhv1TohUYkSeQ3nzUdvdL5W/2NawychQf3IJIfxIxT4cxm5xBJq9LD6WQZ39Tj9Qn7+ccZjzc1LwBqCwHECHCKFZ6ccJlblp4gneVPbvppx+ZN7RM0zlTCRluaP10STxp+tvzH8aG2p41+RRCd4maUjASu/kgpdgrzS4Cag0KbI+DLjd2Ep4772D55kVjXaSOUIVf0P22gyS2SuwC0cPLt97jX/cknIRSi5ojg0sxqvIQWxTep7iL1D4cFr4ZAOViU7jGOt3ncSWjLu20Nfc30lcKQFXe8pAOkE6n17Jw91856L3eRh5+RcpcKqvHLuLffJVeWIUkqFud1qliSxc61ulfTeQIMAdMi8ZzYq72fo/U/0Vr1PAO5UshptYOWvzfp6tVSif5Jhk+icWVlHriuRRQu585TjTYU679+qHXF0tNWe/QQBxUH0RvVahlye63UtJ08eLvNBWKc2y2/rJaIOx6UxPg+itb7HuRJxUejsUWCMttwAIrytChjnL2SKhFDkNVZ7Kw+BxPfWQdobSaP1NYaCaTYTlnXmp7ANWtLEiyJdcbk9u46VUUl7gGsEsGdusspNmOPQb/iU4yglBmAjV1cUNXYMrj+jiLyli6NTfQsVFt9rwBnXvU/HzhVz8e2YfmqrKy+YRdj/w9PJ2bCasKjmv78eWmkPYTYETzhuA6pm4NLzBsViTzgcUaYOabp1LDw87XXbElDJrkIkLvfHnsPEC5+kBoWPzXit65U=
template:
metadata:
creationTimestamp: null
name: keycloak-secret
namespace: keycloak
type: Opaque

16
infra-cluster/keycloak/secrets/sealed-db-secret.yaml
View File

@ -1,16 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: keycloak-db-secret
namespace: keycloak
spec:
encryptedData:
POSTGRES_PASSWORD: AgATymQkJVhzyGItgEMClsbLdNQA33C8c2ioetx53NaM1MZl40pX8sGW/gGVCGw8VzXjL8WUS/HeVrK12Q6w8E1Z/SWHOeuEpRqyEw99ElrodlILolRUEetr9ytMpJXMEAHeJl+UgSED9IcwrgkPSjlbwnZXgRrqO2gjO5dPie/tsx8Dkjc//oaXJHRaKA62MN9Bjom/V/tP5EnTEJaPTpprmFnW8TqfLJp+XeiPWMqg4FjtP+1oeGoa1jf4b5aaT8SpLHg8q4DWuXOQQb4Xxid3q8hRPi4PLokJb5xjN8PcyMxibr3bZTVj8VpxRkXIrWVRlOz/W8W+96PNH1mY+aSpidowFG1I8Npd59UY4pgoXdPm3hD4DVEy1T9qv5B1D8Duu9GjRloMp/qbcbTvbnRf8xkF3jBucAVOxI5/6BE4VYZxwNojsnYPTdlqdR7n/fvhcFIwSVlisYFrR2cXHJIRMO2Ir6NV7i4/YnPgI+zuWvIiGGGWndKNNcX/5KtZbHn9AZHZi3A23BMjm+Up4V1JeLxdNCcmPsZB3Von5TqJpg9lyR6/NvE8k80HP17GO9f/phLBwu8Q8uJtn0eLwNkc0jCZScDg8CyYKEFMb1Oiq+7WhVp9YucURhS3jqsdb2QRNDacAhKqegB9kAGaIJMx3tZd6rrO8jkozBsuCt/otQVGni4yHzK2nN79O9MiLyd2suofQYr6D3C2vcaYRRdfS4GV
template:
metadata:
creationTimestamp: null
name: keycloak-db-secret
namespace: keycloak
type: Opaque