rearrange

12 months ago · 1049be1bcc
parent b82c24b339
commit 1049be1bcc
10 changed files with 42 additions and 43 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,5 +1,6 @@
 creation_rules:
  - path_regex: env/.*/master\.json$
    pgp: 4FA79E5B6598505C8DFA30A7A466CEE1415C0B9C
-  - path_regex: env/beta/.*\.yaml$
+  - path_regex: env/base/.*\.yaml$
+    encrypted_regex: ^(data|stringData)$
    age: age1d5vst0g82v6xml29ydsrxefmf3vclgm6dj3npw6mefa7yu9xueaqztjqlg
--- a/6
+++ b/6
@ -69,7 +69,7 @@ gen: $(GOBIN)/sqlc buf.lock


 .PHONY: setup
-setup: $(GOBIN)/sqlc $(GOBIN)/buf ./env/beta/.age.txt
+setup: $(GOBIN)/sqlc $(GOBIN)/buf ./env/.age.txt
 	@asdf install || true

 buf.lock: $(GOBIN)/buf
@ -87,8 +87,8 @@ $(GOBIN)/sqlc:
 	@kind get kubeconfig --name=bh-local > .kubeconfig

 # used to encrypt/decrypt sensitive values with sops
-age_identity=$(shell sops -d ./env/beta/master.json)
-./env/beta/.age.txt:
+age_identity=$(shell sops -d ./env/master.json)
+./env/.age.txt:
 	@echo "# created: $(shell echo '$(age_identity)' | jq -r '.created')" >> $@
 	@echo "# public key: $(shell echo '$(age_identity)' | jq -r '.public_key')" >> $@
 	@echo "$(shell echo '$(age_identity)' | jq -r '.private_key')" >> $@
--- a/env/base/image-pull-secret.yaml
+++ b/env/base/image-pull-secret.yaml
@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: bh-registry
+type: kubernetes.io/dockerconfigjson
+stringData:
+    .dockerconfigjson: ENC[AES256_GCM,data:bfqlh7Vy3HDYFtgv56xO+8lXOLO9bQWRC16N8hAzv6xJaIN6CmXDwFzoLoGWPrP9s/o446tuOEJEylf5z/ITnLtdGJgMsN13Xk7OiF9B2unV8yOOrzt6U6R2s5cFpbSL3tAHQmDKHxRrzbvyV2J3magen7oHQWbkwkOQq7FqV/k7wFly+bei1u+YLJ9hq798Xa5HG9j4LsVWi5izKt1BBss2xFlo3yzEFqNmQ+AzcUN1uK1xwStplK4IKC36rewONDS+yyqj830LLShb,iv:qDwYxBqK+ZamBcWEuF+UEfW8gLFROagaBqVAc1tCjUI=,tag:OYhChcvisxP0r3kQ4hq4SA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1d5vst0g82v6xml29ydsrxefmf3vclgm6dj3npw6mefa7yu9xueaqztjqlg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaRG1ERkdkTXMvUllCSHdS
+            TXVBVWNMd0hYeXMvTXh6OFVTYXV0MkVoOEJ3Ck9XakJTbHMyTWpvazFzYUtNcmtx
+            NTVoVnUwWkpKYjg4MWs1dmxpT3JGRFUKLS0tIHdHRk8yL1lCRk9DM0haYjN4Z1Ry
+            d25rRklvOUdLQlU0S2l0WXBpUXhyR2MKQgJXQgxp0T2rr0V2NjwSjWFlzNyig5vW
+            S8PW6OpCOyfMqzz5NWTdUVymY7UEdAguwZH+MY2DdvEn3NM/TcnRwA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-05-27T02:48:45Z"
+    mac: ENC[AES256_GCM,data:SCjcJPn7hg9sUFYlOUKAVJBXKNIrcz/x3aqyX43xf7UO7Zo/pGDp1JDaKA7lCaKTgPEAe1zRRv6LjejNGX3DlpmxMS6o2xaI3nb0e0CnLj9t9t57L5svrciwh9wOennWj26DirgzAB+uqCJ/NGOJh4S8yTPOF5MgBNkqNw6FN94=,iv:YTtckdYzKnBBqbQYvjw9FpvGHsUxX6MnAeNopYhFe7I=,tag:BPUitJtY65JbnanHJgJatg==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3
--- a/env/base/kustomization.yaml
+++ b/env/base/kustomization.yaml
@ -1,4 +1,5 @@
 resources:
+  - ./image-pull-secret.yaml
  - ./namespace.yaml
  - ./catalog-deployment.yaml
  - ./runner-deployment.yaml
--- a/env/base/namespace.yaml
+++ b/env/base/namespace.yaml
@ -10,15 +10,6 @@ metadata:
    app: barretthousen
 ---
 apiVersion: v1
-kind: Secret
-metadata:
-  name: bh-registry
-type: kubernetes.io/dockerconfigjson
-stringData:
-  .dockerconfigjson: |
-    { "auths": {}}
---
-apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: barretthousen-service
--- a/env/beta/image-pull-secret.yaml
+++ b/env/beta/image-pull-secret.yaml
@ -1,27 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-    name: bh-registry
-type: kubernetes.io/dockerconfigjson
-stringData:
-    .dockerconfigjson: ENC[AES256_GCM,data:4K5pv9g2Pusdn1I0HiUrtImSWenISuB6BgS1Py7jmKrXj1PIYy0XdSWU0oqDK593iDdC6uZhC4JRjUilI0Fs3ktjd3tlUDXabqCAfsLdInaKyUbG6JhrnGwVx5Oo9v1ZWWuILb5hRhTyk6hdlASkVckXUaX+r6Eo9ciMGSoyPAWksUQx/kt7elLckKAE6lpy+7nn91ZkeDNn4+WknyCkbJqgN+FEiF1e7hiS3KKSdDylntHiXxPIGfP5yRr7Da+8Q7tjiOLh0e0NnAeERpiE3bVpXqZU3ZQetLCa4szg,iv:1T17J5eHKmb0uWuKo2iGuRn4qW56xkmnTlkeSrXNCUk=,tag:fOzEkDDknAbVVSXLAw5iUQ==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1d5vst0g82v6xml29ydsrxefmf3vclgm6dj3npw6mefa7yu9xueaqztjqlg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTViswR2JQRFJWeElqaHBX
-            alRoRVFKeHM1SlVXaUZHalJjam5ZamsreTFNCkdXWmx6aE1iZ3ZBbnMrVS9pQzhi
-            bkNTeldDQmdrNWtBT3dyakxtYnZGMWcKLS0tIEtxS210eGFlMlhodEdqQ2R6YkI2
-            cUNGbUdOdzJpSHAybkY1Y1ZkRVRyK2sKjkRn5IUfgz1SoHKbrkyowLeqrsIFWILd
-            572KkWjg2LLkUTh0AzpFz8nM/XF8DAphkdMbGLNqT2dSZ3v8Fz8Qgw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-05-27T02:20:27Z"
-    mac: ENC[AES256_GCM,data:BAqauGGLuVw0jZ7BDL0HpxemXMHf5ZQb3q8UKbPoqsBmzH958x4oeaKoifwSkedYc9v5F3LJDs/v3RXsZX4mgekwuOtCLtl8Ua+uYx4fue+Qf8lhxPPVhFHhXUKoua29OTkide+6CWc2BNviafk4zuJAr+JH9tNvjMyWXhV7lPM=,iv:pGX+oph31m8iCqlyne9LJ52PdRYhNkurGcV7eY9IoXU=,tag:9x7zyVs7hDNVswhHP1mf1A==,type:str]
-    pgp: []
-    encrypted_regex: ^(stringData)
-    version: 3.7.3
--- a/env/beta/kustomization.yaml
+++ b/env/beta/kustomization.yaml
@ -5,9 +5,6 @@ commonLabels:
 nameSuffix: -beta
 namespace: barretthousen-beta

-patchesStrategicMerge:
-  - image-pull-secret.yaml
-
 patches:
  - target:
      kind: Ingress
--- a/env/local/image-pull-secret.yaml
+++ b/env/local/image-pull-secret.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: bh-registry
+type: kubernetes.io/dockerconfigjson
+stringData:
+    .dockerconfigjson: |
+        { "auths": {} }
--- a/env/local/kustomization.yaml
+++ b/env/local/kustomization.yaml
@ -10,6 +10,7 @@ namespace: barretthousen-local
 patchesStrategicMerge:
  - debug-catalog.yaml
  - debug-runner.yaml
+  - image-pull-secret.yaml

 patches:
  - target:
--- a/env/beta/master.json
+++ b/env/beta/master.json