fix(portfolio): add image pull secrets

2024-10-19 12:22:42 -04:00 · 2024-10-19 12:22:42 -04:00 · 756d44b21e
commit 756d44b21e
parent 13ea8de355
5 changed files with 59 additions and 8 deletions
--- a/apps/portfolio/base/deployment.yaml
+++ b/apps/portfolio/base/deployment.yaml
@ -19,4 +19,6 @@ spec:
          ports:
            - containerPort: 8080
              name: http
+      imagePullSecrets:
+        - name: registry-credentials
      restartPolicy: Always
--- a/apps/portfolio/overlays/prod-sites/kustomization.yaml
+++ b/apps/portfolio/overlays/prod-sites/kustomization.yaml
@ -2,8 +2,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

 resources:
- ../../base
- ./ingress.yaml
+  - ../../base
+  - ./ingress.yaml
+
+generators:
+  - ./secret-generator.yaml
+
 images:
- name: registry.int.nc.landry.land/portfolio-site
-  newTag: latest
+  - name: registry.int.nc.landry.land/portfolio-site
+    newTag: latest
--- a/apps/portfolio/overlays/staging-sites/kustomization.yaml
+++ b/apps/portfolio/overlays/staging-sites/kustomization.yaml
@ -2,8 +2,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

 resources:
- ../../base
- ./ingress.yaml
+  - ../../base
+  - ./ingress.yaml
+
+generators:
+  - ./secret-generator.yaml
+
 images:
- name: registry.int.nc.landry.land/portfolio-site
-  newTag: staging
+  - name: registry.int.nc.landry.land/portfolio-site
+    newTag: staging
--- a/apps/portfolio/overlays/staging-sites/secret-generator.yaml
+++ b/apps/portfolio/overlays/staging-sites/secret-generator.yaml
@ -0,0 +1,14 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  # Specify a name
+  name: registry-credentials-secret-generator
+  annotations:
+    config.kubernetes.io/function: |
+      exec:
+        # if the binary is in your PATH, you can do
+        path: ksops
+        # otherwise, path should be relative to manifest files, like
+        # path: ../../../ksops
+files:
+  - ./secret.enc.yaml
--- a/apps/portfolio/overlays/staging-sites/secret.enc.yaml
+++ b/apps/portfolio/overlays/staging-sites/secret.enc.yaml
@ -0,0 +1,27 @@
+apiVersion: v1
+data:
+    .dockerconfigjson: ENC[AES256_GCM,data:RIimNUrojlf4Zpni6l0TICs9z02YbzCCgYZDPy6xOXtI3PTGWUYvE86pKTZCHAkqX6uLOr7fSIYlbjqfCPcVSGse94899ogREzYeg9T0Zp+WgDiZ6PekYbf3Z/rFElD5cFisbF/KR6Rjj1dcOOLQwdmJUBW9zAkub7f4cK9RvSuXIpLObpEW9E5Xn0W6clltsIW0FpZehpF/IHFb9j+IWvplStvP0j8TgqKgQw6CFBlINQpFHSFfcM5bveo=,iv:+XJZfDKZtmDcSBkB5xdm1LCy+Y1xh2decMBde68l1Ig=,tag:exTR3cIab5O3c01Y8XERiA==,type:str]
+kind: Secret
+metadata:
+    name: registry-credentials
+type: kubernetes.io/dockerconfigjson
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1y26vr5qt6th3wu92rnsgkqcpxxah3pqkqa4khcjjycm3kg40aqyqjgfzx9
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArNGRXSFo1dWVZM01Pbmwr
+            TXdPOFJkRFpXc1M3enJZN1pLM2pKVEpYRzNVCjY3bTBIUE1zYkFnZnF1cDFiVHo3
+            LzFJWUF1Uit4b0lnNjlaM1JKemhaalEKLS0tIGZwQVhBQTlwdWp3OHlNUzkxZTBa
+            TUZpMW5oUzZFNmVGS3JFQmtpVlduOUEKuFEpnT+4k3RyECGvNFQJnmTUdaHvKCdt
+            iJ0H9Ssjot7MeZZQoljwbyQiDeU1UH0iAIdVV7ldjErx34MKJRu79A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-19T16:19:04Z"
+    mac: ENC[AES256_GCM,data:wqC8cswdI0vBcFtkUpkIIv9ywuxiU4uTdMUTstDDeqWnsvQumdhLmO5wffpOfqumekGDgqnJQJVj9c7XvDm3iyJmJ0rQ6zS8Rpgexn0X1C8X+D8yzapFAeScHL+5dbUgHgUlxhOAP4xBecGWCkauWf7vml4X1OjRt7QA13Bg214=,iv:4425rHJIP43zWTmBHmJlhOyk0ja1mb4b5P7dEs6Q9/w=,tag:oTSlNqYPFJt7wZ+uxWvLGA==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.1