fix(portfolio): add image pull secrets

2024-10-19 12:22:42 -04:00 · 2024-10-19 12:22:42 -04:00 · 756d44b21e
commit 756d44b21e
parent 13ea8de355
5 changed files with 59 additions and 8 deletions
--- a/apps/portfolio/base/deployment.yaml
+++ b/apps/portfolio/base/deployment.yaml
@ -19,4 +19,6 @@ spec:
          ports:
            - containerPort: 8080
              name: http
      imagePullSecrets:
        - name: registry-credentials
      restartPolicy: Always
--- a/apps/portfolio/overlays/prod-sites/kustomization.yaml
+++ b/apps/portfolio/overlays/prod-sites/kustomization.yaml
@ -2,8 +2,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
- ../../base
+  - ../../base
- ./ingress.yaml
+  - ./ingress.yaml
 generators:
  - ./secret-generator.yaml
 images:
- name: registry.int.nc.landry.land/portfolio-site
+  - name: registry.int.nc.landry.land/portfolio-site
-  newTag: latest
+    newTag: latest
--- a/apps/portfolio/overlays/staging-sites/kustomization.yaml
+++ b/apps/portfolio/overlays/staging-sites/kustomization.yaml
@ -2,8 +2,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
- ../../base
+  - ../../base
- ./ingress.yaml
+  - ./ingress.yaml
 generators:
  - ./secret-generator.yaml
 images:
- name: registry.int.nc.landry.land/portfolio-site
+  - name: registry.int.nc.landry.land/portfolio-site
-  newTag: staging
+    newTag: staging
--- a/apps/portfolio/overlays/staging-sites/secret-generator.yaml
+++ b/apps/portfolio/overlays/staging-sites/secret-generator.yaml
@ -0,0 +1,14 @@
 apiVersion: viaduct.ai/v1
 kind: ksops
 metadata:
  # Specify a name
  name: registry-credentials-secret-generator
  annotations:
    config.kubernetes.io/function: |
      exec:
        # if the binary is in your PATH, you can do
        path: ksops
        # otherwise, path should be relative to manifest files, like
        # path: ../../../ksops
 files:
  - ./secret.enc.yaml
--- a/apps/portfolio/overlays/staging-sites/secret.enc.yaml
+++ b/apps/portfolio/overlays/staging-sites/secret.enc.yaml
@ -0,0 +1,27 @@
 apiVersion: v1
 data:
    .dockerconfigjson: ENC[AES256_GCM,data:RIimNUrojlf4Zpni6l0TICs9z02YbzCCgYZDPy6xOXtI3PTGWUYvE86pKTZCHAkqX6uLOr7fSIYlbjqfCPcVSGse94899ogREzYeg9T0Zp+WgDiZ6PekYbf3Z/rFElD5cFisbF/KR6Rjj1dcOOLQwdmJUBW9zAkub7f4cK9RvSuXIpLObpEW9E5Xn0W6clltsIW0FpZehpF/IHFb9j+IWvplStvP0j8TgqKgQw6CFBlINQpFHSFfcM5bveo=,iv:+XJZfDKZtmDcSBkB5xdm1LCy+Y1xh2decMBde68l1Ig=,tag:exTR3cIab5O3c01Y8XERiA==,type:str]
 kind: Secret
 metadata:
    name: registry-credentials
 type: kubernetes.io/dockerconfigjson
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1y26vr5qt6th3wu92rnsgkqcpxxah3pqkqa4khcjjycm3kg40aqyqjgfzx9
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArNGRXSFo1dWVZM01Pbmwr
            TXdPOFJkRFpXc1M3enJZN1pLM2pKVEpYRzNVCjY3bTBIUE1zYkFnZnF1cDFiVHo3
            LzFJWUF1Uit4b0lnNjlaM1JKemhaalEKLS0tIGZwQVhBQTlwdWp3OHlNUzkxZTBa
            TUZpMW5oUzZFNmVGS3JFQmtpVlduOUEKuFEpnT+4k3RyECGvNFQJnmTUdaHvKCdt
            iJ0H9Ssjot7MeZZQoljwbyQiDeU1UH0iAIdVV7ldjErx34MKJRu79A==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-10-19T16:19:04Z"
    mac: ENC[AES256_GCM,data:wqC8cswdI0vBcFtkUpkIIv9ywuxiU4uTdMUTstDDeqWnsvQumdhLmO5wffpOfqumekGDgqnJQJVj9c7XvDm3iyJmJ0rQ6zS8Rpgexn0X1C8X+D8yzapFAeScHL+5dbUgHgUlxhOAP4xBecGWCkauWf7vml4X1OjRt7QA13Bg214=,iv:4425rHJIP43zWTmBHmJlhOyk0ja1mb4b5P7dEs6Q9/w=,tag:oTSlNqYPFJt7wZ+uxWvLGA==,type:str]
    pgp: []
    encrypted_regex: ^(data|stringData)$
    version: 3.9.1