diff --git a/README.md b/README.md index e678b9a..34cf804 100644 --- a/README.md +++ b/README.md @@ -35,11 +35,17 @@ cat deploy/flux/.env.d/age.agekey | \ kubectl create secret generic flux-sops-age \ --namespace=git-limbosolutions-com \ --from-file=age.agekey=/dev/stdin + cat deploy/flux/.env.d/age.agekey | \ kubectl create secret generic flux-sops-age \ --namespace=kb-cicd \ --from-file=age.agekey=/dev/stdin +cat deploy/flux/.env.d/age.agekey | \ +kubectl create secret generic flux-sops-age \ +--namespace=limbosolutions-com-cicd \ +--from-file=age.agekey=/dev/stdin + ``` **Encrypt secrets:** @@ -47,7 +53,8 @@ kubectl create secret generic flux-sops-age \ ``` bash sops -e deploy/app/helm-values.private.dec.yaml > deploy/app/helm-values.private.yaml sops -e deploy/backups/secrets.dec.yaml > deploy/backups/secrets.yaml -sops -e deploy/act-runners/kb/deploy/app/secrets.dec.yaml > deploy/act-runners/kb/deploy/app/secrets.yaml +sops -e deploy/act-runners/kb/app/secrets.dec.yaml > deploy/act-runners/kb/app/secrets.yaml +sops -e deploy/act-runners/limbosolutions-com/app/secrets.dec.yaml > deploy/act-runners/limbosolutions-com/app/secrets.yaml ``` ## Backups diff --git a/deploy/act-runners/kb/app/secrets.yaml b/deploy/act-runners/kb/app/secrets.yaml index bd6204c..ce87423 100644 --- a/deploy/act-runners/kb/app/secrets.yaml +++ b/deploy/act-runners/kb/app/secrets.yaml @@ -4,21 +4,21 @@ metadata: name: act-runner type: Opaque data: - GITEA_INSTANCE_URL: ENC[AES256_GCM,data:4TKctXyD4X9E8gJJHt9WI30w7bDxEzDMncRX/Ddr,iv:MeTSf+Nbfr0ERJg2RmIzTdXG/0yrCGKtMCEUTIGNlo4=,tag:zViPlFCXecj9dYX8i0duxA==,type:str] - GITEA_RUNNER_NAME: ENC[AES256_GCM,data:0GvSAV4w4Z4DF2qr,iv:3bRGeouS0j8FH4qBJXawzkcT34wUJwH+kfQOH18Xr+8=,tag:7IEf+iR7cgKvgAuwh+ttGQ==,type:str] - GITEA_RUNNER_REGISTRATION_TOKEN: ENC[AES256_GCM,data:/pRPj8K35WTIUDSyswwOCFN+iZN4itBJkQYCvyxiJZqW6c/1PBc8/w==,iv:i0l/qDoQYIomRhQqBkvsUfhaS5ao3HlxxHGe0sU9Fkc=,tag:SLlv7SG1J6OdJ5/HINBX9w==,type:str] + GITEA_INSTANCE_URL: ENC[AES256_GCM,data:AJeOt1WH4k13AYCX8G2gNysDq30hp4edKLB2WA5h,iv:oUoUKhyJHIK9JypIUIzWEEhGdPakxbbofcbn7n2mv1g=,tag:uzpOdJ/ZPo5pzG5em0EC3w==,type:str] + GITEA_RUNNER_NAME: ENC[AES256_GCM,data:CmDVTTgKYdt8gU05,iv:QESuJGBvJiS8ogC+Vg2TiB1jqmGANgLOxhtNVGLE2VQ=,tag:xIBN9H0qoa6SfVRudELm/g==,type:str] + GITEA_RUNNER_REGISTRATION_TOKEN: ENC[AES256_GCM,data:AcB64QIRmzoJv44+tHk9jCpYTxa1oAZLBpqO4CmlOZwYc2c+J0L2Jw==,iv:uwzg2FNAvbXSfAuX0YDcnS0HsWHWevXcXVY2nC/Ps+4=,tag:o46u1nDT1poH+hshs881Iw==,type:str] sops: age: - enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMzMzWE9OVDZqRjhtemhM - NHNCWFkrQm1kMmRwSlhhM3k0MEZyVzJudEJBCkZWaVpnbHBQaXhnT1dSWktubnox - NkY5cHBCK2liM0xIbGVIK09JOG5IcUkKLS0tIGVLQnBSZnBQU1Jreld6ZExnS3Zz - Mi9YTWM0b1dpVGJwcEwrSlJRYTRFbnMKWScrnjaOYx32yxDEapYITrAaPHq8ghFE - Q+xdv6szmhkWYYN3TZC1MvySFD2BR8VMlK31VQ/RZ+YrKjm8SF/8oQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsV3YvR2xQMGhtbkZ2Rmlo + RmM1eDk0clZ1SVNXd3RPeFFaUUExZ1JMWDFzCjFLazc3UjdkWmNsUlBqQ2JHUEZt + b05EaWRKN0tOVW9VWnRxVStSbUgrVUkKLS0tIE1KN3l6aVV6NU9RREwyaTAwcCtj + UDQ5djdWWXdrOWQxU1hieEM4YmJKNVkKV/IBqH8zehlOvm2xvmNn7xehrW2axBt/ + g8khMMeSkqAbbbU3ql5G+6RCqvOH4XGK7qjmhj871N2VLkdqnf6Zrg== -----END AGE ENCRYPTED FILE----- recipient: age1gk946fp37xtm3fv500407zdd5h89a5lvxysrufhau3f73xcq8ewqcu8l5g encrypted_regex: ^(data|stringData)$ - lastmodified: "2026-06-04T20:38:18Z" - mac: ENC[AES256_GCM,data:StxGbN+6B3YKLbG1ptfnpTV9aHiUA7N7VyKdvbUOkVXCs4u/1IKVuqbq0zeliM6bjHh4ZhNcCjKFMNvqlIGsxJVNp+BdjMuVkw8Zc3g9z9SfvbpEbR+k+HLdHhOR/rZ8TS2m/bAlwmp/qVFi05rEjrC0lFO6klXO4gdFYpSMbY0=,iv:ghRsTJiXV6L7coLUKS+0LH4RRhdDycOBReAX77Jqews=,tag:73oWt9QNZEaLYwnBRO6PhA==,type:str] + lastmodified: "2026-06-04T22:12:05Z" + mac: ENC[AES256_GCM,data:QX4KRhJAmHgsyBlC4LMo05/u/8Urhc9nBOS0iZ2uthtbcKKhq5I11a6xpt+1Qh+ojLABvzysLPr32orbcT6xs6/N/MXQIYl2itWZf+lT6eoSPiX8zjOwvnjomKSGUNxe4LrxLugimf/YFr9ASn+4GnOU7kvHZ2K4caVIGijhPhI=,iv:M6u2JG52TmJMjv51GyHITRBrDmIFACMh2czdGBZZIJs=,tag:Sl9I0EXf+U4DE5Q5GRLhNA==,type:str] version: 3.13.1 diff --git a/deploy/act-runners/limbosolutions-com/README.md b/deploy/act-runners/limbosolutions-com/README.md deleted file mode 100644 index 2999540..0000000 --- a/deploy/act-runners/limbosolutions-com/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# limbosolutions.com - act-runner - -**Deploy app:** - -```bash -./ops-scripts/apply-app.sh -``` - -**Deploy Infra:** - -```bash -./ops-scripts/apply-infra.sh -``` diff --git a/deploy/act-runners/limbosolutions-com/deploy/app/configmap.yaml b/deploy/act-runners/limbosolutions-com/app/configmap.yaml similarity index 100% rename from deploy/act-runners/limbosolutions-com/deploy/app/configmap.yaml rename to deploy/act-runners/limbosolutions-com/app/configmap.yaml diff --git a/deploy/act-runners/limbosolutions-com/deploy/app/deployment.yaml b/deploy/act-runners/limbosolutions-com/app/deployment.yaml similarity index 100% rename from deploy/act-runners/limbosolutions-com/deploy/app/deployment.yaml rename to deploy/act-runners/limbosolutions-com/app/deployment.yaml diff --git a/deploy/act-runners/limbosolutions-com/app/kustomization.yaml b/deploy/act-runners/limbosolutions-com/app/kustomization.yaml new file mode 100644 index 0000000..fa36794 --- /dev/null +++ b/deploy/act-runners/limbosolutions-com/app/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - configmap.yaml + - deployment.yaml + - secrets.yaml + diff --git a/deploy/act-runners/limbosolutions-com/app/secrets.yaml b/deploy/act-runners/limbosolutions-com/app/secrets.yaml new file mode 100644 index 0000000..e2ba249 --- /dev/null +++ b/deploy/act-runners/limbosolutions-com/app/secrets.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Secret +metadata: + name: act-runner +type: Opaque +data: + GITEA_INSTANCE_URL: ENC[AES256_GCM,data:HhBxavSkLF19cY73+gvbLuRe6KI82v/KtXuXv9rm,iv:6gyx6Zs8JiLucSqQybgs9Dz1FQR2WQ1PbELacZaCAxQ=,tag:sNRoLsxGbfV25BQqRhAK0A==,type:str] + GITEA_RUNNER_NAME: ENC[AES256_GCM,data:akEL5H5T8Z9W/Uq/zhz5gyvXENC7vVVM/IFIVQ==,iv:R0yF4pIWuxPwO1isCVGieZKY5kUYfizctXwe4pQOjwI=,tag:DM4jNkudnVdgUXPJQ34bkw==,type:str] + GITEA_RUNNER_REGISTRATION_TOKEN: ENC[AES256_GCM,data:VDucrH/tca0UUV3hLrmJZKlpTWlycnyoaIm0JzvfCpCkqgFgVwqZEw==,iv:6nEcMihavJ2iHswz4CSjkD/Yb+I42LgxGby5H9a+or8=,tag:2ZkW6wlmKOMeg9QeyEjOZw==,type:str] +sops: + age: + - enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1cFFkVUNZVFdOcjF3akxY + bTBYUEJwbEJxckdqQXVxc2tEdU1vakxuN0RjCkFqOGJCRk1jcnJXWVp1RjYzUU9a + bElsekp3V2RxSFN3akZ1QkY3aU0zTDgKLS0tIDhWd2YxUGxDTmtyci9rUjhUbVYz + VXNCa1ZhSW56RlJkbW5KanJlbkU3aEEK+/dQJtiy6Wsntg3F/fMdGx9Aqo/xiYZ7 + gM7aoYOhQoA3nDYe/0cSLM4vExyLcqQMUcDZGKYlRaND9uq729rAaw== + -----END AGE ENCRYPTED FILE----- + recipient: age1gk946fp37xtm3fv500407zdd5h89a5lvxysrufhau3f73xcq8ewqcu8l5g + encrypted_regex: ^(data|stringData)$ + lastmodified: "2026-06-04T22:12:24Z" + mac: ENC[AES256_GCM,data:L2nIeJ5YaXNSBntxGcgNvJz0LQfUVvB0OtbUy+TRFO7DxRlWz4QnRuJBMcnw44+4cuHsJgXMg9Gxe9moD4R9pqa9a3uufX1hULAR5fx+DZWICj2Yopl/FQU30h0helCReklgqP+47xSlFZhZIDRZbyfiTudSU1tBIAW7OZZpC6A=,iv:uHEMG04FvDfNABX0MFuw47PpakfLXMLFo8L1u73xwsY=,tag:JQ0VO4LT1gqpTOzMQAOnkw==,type:str] + version: 3.13.1 diff --git a/deploy/act-runners/limbosolutions-com/deploy/app/.env.d/.gitignore b/deploy/act-runners/limbosolutions-com/deploy/app/.env.d/.gitignore deleted file mode 100644 index 1287e9b..0000000 --- a/deploy/act-runners/limbosolutions-com/deploy/app/.env.d/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -** -!.gitignore diff --git a/deploy/act-runners/limbosolutions-com/deploy/app/kustomization.yaml b/deploy/act-runners/limbosolutions-com/deploy/app/kustomization.yaml deleted file mode 100644 index efcdc70..0000000 --- a/deploy/act-runners/limbosolutions-com/deploy/app/kustomization.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - configmap.yaml - - deployment.yaml - -generatorOptions: - disableNameSuffixHash: true - -secretGenerator: - - name: act-runner - envs: - - .env.d/.env - diff --git a/deploy/act-runners/limbosolutions-com/ops-scripts/apply-app.sh b/deploy/act-runners/limbosolutions-com/ops-scripts/apply-app.sh deleted file mode 100755 index e0a8c14..0000000 --- a/deploy/act-runners/limbosolutions-com/ops-scripts/apply-app.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -e -NAMESPACE=limbosolutions-com-cicd -kubectl kustomize deploy/app | kubectl --namespace ${NAMESPACE} apply -f - \ No newline at end of file diff --git a/deploy/act-runners/limbosolutions-com/ops-scripts/apply-infra.sh b/deploy/act-runners/limbosolutions-com/ops-scripts/apply-infra.sh deleted file mode 100755 index ffd55a4..0000000 --- a/deploy/act-runners/limbosolutions-com/ops-scripts/apply-infra.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -e -NAMESPACE=limbosolutions-com-cicd -kubectl create namespace ${NAMESPACE} || true diff --git a/deploy/flux/act-runner-limbosolutions-com-sync.yaml b/deploy/flux/act-runner-limbosolutions-com-sync.yaml new file mode 100644 index 0000000..84810f9 --- /dev/null +++ b/deploy/flux/act-runner-limbosolutions-com-sync.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: act-runner-sync + namespace: limbosolutions-com-cicd +spec: + interval: 1m + sourceRef: + kind: GitRepository + name: git-limbosolutions-com + namespace: git-limbosolutions-com + path: deploy/act-runners/limbosolutions-com/app + prune: true + decryption: + provider: sops + secretRef: + name: flux-sops-age