maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(k8s): Insert Nixery's secrets via kontemplate

Browse source 
Instead of having a manually prepared secret, use Cloud KMS (as per
the previous commits) to decrypt the in-repo secrets and template them
into the Secret resource in Kubernetes.

Not all of the values are actually secret, it has thus become a bit
easier to edit the known hosts, SSH config and such now.
This commit is contained in:
Vincent Ambo 2019-09-03 16:10:42 +01:00
parent 0bc548e75e
commit 283951388c
5 changed files with 25 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
infra/kubernetes/nixery/config.yaml
View file

@ -3,10 +3,6 @@
# The service via which Nixery is exposed has a private DNS entry
# pointing to it, which makes it possible to resolve `nixery.local`
# in-cluster without things getting nasty.
#
# The 'nixery-keys' secret was configured manually using a created
# service account key. This does not use metadata-based authentication
# due to the requirement for having an actual PEM-key to sign with.
---
apiVersion: apps/v1
kind: Deployment