flux: remaining act runners

2026-06-04 22:33:32 +00:00
parent 8e83205d09
commit 638dd73d1d
21 changed files with 106 additions and 66 deletions
@@ -46,6 +46,17 @@ kubectl create secret generic flux-sops-age \
 --namespace=limbosolutions-com-cicd \
 --from-file=age.agekey=/dev/stdin

+cat deploy/flux/.env.d/age.agekey | \
+kubectl create secret generic flux-sops-age \
+--namespace=mf-cicd \
+--from-file=age.agekey=/dev/stdin
+
+
+cat deploy/flux/.env.d/age.agekey | \
+kubectl create secret generic flux-sops-age \
+--namespace=mylimbo-com-cicd \
+--from-file=age.agekey=/dev/stdin
+
 ```

 **Encrypt secrets:**
@@ -55,6 +66,8 @@ sops -e deploy/app/helm-values.private.dec.yaml > deploy/app/helm-values.private
 sops -e deploy/backups/secrets.dec.yaml > deploy/backups/secrets.yaml
 sops -e deploy/act-runners/kb/app/secrets.dec.yaml > deploy/act-runners/kb/app/secrets.yaml
 sops -e deploy/act-runners/limbosolutions-com/app/secrets.dec.yaml > deploy/act-runners/limbosolutions-com/app/secrets.yaml
+sops -e deploy/act-runners/mf/app/secrets.dec.yaml > deploy/act-runners/mf/app/secrets.yaml
+sops -e deploy/act-runners/myLimbo/app/secrets.dec.yaml > deploy/act-runners/myLimbo/app/secrets.yaml
 ```

 ## Backups
@@ -1,13 +0,0 @@
-# mylimbo - act-runner
-
-**Deploy app:**
-
-```bash
-./ops-scripts/apply-app.sh
-```
-
-**Deploy Infra:**
-
-```bash
-./ops-scripts/apply-infra.sh
-```
@@ -1,14 +1,9 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+namespace: mf-cicd
 resources:
  - configmap.yaml
  - deployment.yaml

-generatorOptions:
-  disableNameSuffixHash: true

-secretGenerator:
-  - name: act-runner
-    envs: 
-      - .env.d/.env

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: act-runner
+type: Opaque
+data:
+    GITEA_INSTANCE_URL: ENC[AES256_GCM,data:Obz1y5FaUsux2DjItdnJMG+rfF3vuO9o4wmpeOU2xxs70ijWUIoEyg==,iv:TLqspEhTvo8lGSGirZMeN0ikKyKmvsuJZ3s2ePL/Hv4=,tag:ju8t2qk2Dgz63Cgte0Wmxw==,type:str]
+    GITEA_RUNNER_NAME: ENC[AES256_GCM,data:u9/zD8aDRx8OSXLZfRP8ww==,iv:tnO1oZGS1dCRGonL3KLaubUr1JtbJvaD7wjBcpCpL2Y=,tag:HtPlkQgSHKVE7Zndo+U2mA==,type:str]
+    GITEA_RUNNER_REGISTRATION_TOKEN: ENC[AES256_GCM,data:9qfwY9IjXnOOFb8SsIJ0HCBv4KlTt1QNy20v59hZt+fPI688mrGpAhzbZfdZwRbAI74H/Gm5Hfk=,iv:q38chmaHIo4nSsDUhpBeFpszTdtwFEFOFIjPTdfNX5A=,tag:tCndZLIBo6RQXQN4V6tbCQ==,type:str]
+sops:
+    age:
+        - enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVTk1JVDBJQURtd0VIMlc4
+            WjR4UUp6cHExWC9CVE55UzJLT1ZNU3lFY0JBCnkvK0xvSHRuWi9mUHVMMU5LN3dQ
+            Ujh3cU9pMkNKenRza1FyZjlWaW41T1EKLS0tIGx0WFlQSmtCc3VmWGhhdWNteC9S
+            YTR3S3FpN0pjM29aNTA3NG9TYVE5VW8KguSIXnaxjzcAcvsJAnsz6VdpM6QJoWos
+            5EO8pwi1KF6q/RNv9Qg8XWpenBNJJt4BUms6Lej6xcgntxIVc8Fx5A==
+            -----END AGE ENCRYPTED FILE-----
+          recipient: age1gk946fp37xtm3fv500407zdd5h89a5lvxysrufhau3f73xcq8ewqcu8l5g
+    encrypted_regex: ^(data|stringData)$
+    lastmodified: "2026-06-04T22:26:34Z"
+    mac: ENC[AES256_GCM,data:12FZB5VqHBDoFpatMhF9wHnseW5LAHRLDDxGQGkBqRbVEq1mWKzERAwBh7emeQvUNnIIAUU9OKjrVhboDPn3t2Te9/z70CIJ/UDoPql0DTxezN6ulL4EYfrhtQvs+4m3JTcAFaF5JWL8ogh46vIL9hxaibuSdi856MnR6Zpiw2Y=,iv:KbLpaU3es78wjEqgpwn1cqqIGQdRy+PDByoJhELlO0I=,tag:62rZQkGKWkgkxAglLqyjaw==,type:str]
+    version: 3.13.1
@@ -1,2 +0,0 @@
-**
-!.gitignore
@@ -1,4 +0,0 @@
-#!/bin/bash
-set -e
-NAMESPACE=mf-cicd
-kubectl kustomize deploy/app | kubectl --namespace ${NAMESPACE} apply -f - 
@@ -1,4 +0,0 @@
-#!/bin/bash
-set -e
-NAMESPACE=mf-cicd
-kubectl create namespace ${NAMESPACE} || true
@@ -1,13 +0,0 @@
-# mylimbo - act-runner
-
-**Deploy app:**
-
-```bash
-./ops-scripts/apply-app.sh
-```
-
-**Deploy Infra:**
-
-```bash
-./ops-scripts/apply-infra.sh
-```
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: mylimbo-com-cicd
+resources:
+  - configmap.yaml
+  - deployment.yaml
+
+
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: act-runner
+type: Opaque
+data:
+    GITEA_INSTANCE_URL: ENC[AES256_GCM,data:BATws1oD1oaQehXZGiAWasKVWYlGUOB2xxdRe2+OdJds5LUdzXx4SA==,iv:6ox8QZJDhUdR8IVyOyk+nPa9c/lhlAYOb/pY/l+wOy0=,tag:nJVE3shYschhfhfFkwHQpQ==,type:str]
+    GITEA_RUNNER_NAME: ENC[AES256_GCM,data:P7yDwNE/bSl34HfEqSwQNmIf9OLP4ayD,iv:kDcRIaeULPF5XckCqK6qlKpZBWw2cSyGHKaKQiGlzhk=,tag:kzynWwCu4brmVRoSCemtOA==,type:str]
+    GITEA_RUNNER_REGISTRATION_TOKEN: ENC[AES256_GCM,data:P4yLgfdOTRscbU0QBaeGU4iZjHTazAAOtPzjAtinP196CFeJ177T58qU419WNSYZeutZB96Gzgw=,iv:YIbPzLSFMT+RlDkCuIfv2AkAk5v31cfmF/KRMBAV6kE=,tag:1htUmlUDedLXecT24wSIDQ==,type:str]
+sops:
+    age:
+        - enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4cEEyZmk3dnhPN2JxUytr
+            WUtCMDlrK2pmb2xJSG8yaEVSZ3FsQkFaUWpJCk5iRjZtdFUvL1ZDdXlkUG5QWVNF
+            NXFxSkQrQjJIQ3g5dmdGNXRzUEIrNUEKLS0tIEpzdlJuR1dQV2NMc1JvdmJOUlpm
+            TVpYQlY0dDNTaTE5KzNzMUdQbXFnNnMK3uirf3+95s/D5bztGWphGOGJBl7BGGHh
+            y4kwM4DzlZioy9sLT8DpEQJi9eazkwRCJfAw89HQML2waTzc3j8kDg==
+            -----END AGE ENCRYPTED FILE-----
+          recipient: age1gk946fp37xtm3fv500407zdd5h89a5lvxysrufhau3f73xcq8ewqcu8l5g
+    encrypted_regex: ^(data|stringData)$
+    lastmodified: "2026-06-04T22:31:22Z"
+    mac: ENC[AES256_GCM,data:jJQJe1C0ebtg6n2nEQHaMgC31rGOfPRDtEeBwUaE3r7JxBqPZA9zLi91wMtO2ULTiTVzEVq4uKUo21JIozkdKFcBvO7sQUPgCcxJ9p67/2zyM499I03yq9EnruvV30qVcLm7Ts+mXOt3Hnbb4hj7MR5nYAszf2ZmHNNRNLSHGwg=,iv:yjgKkJT+HQReEks7aVn2Q9besmzvTwbiDtECriCRxwU=,tag:6hyb/r21vtUI03CfrcXo4Q==,type:str]
+    version: 3.13.1
@@ -1,2 +0,0 @@
-**
-!.gitignore
@@ -1,14 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - configmap.yaml
-  - deployment.yaml
-
-generatorOptions:
-  disableNameSuffixHash: true
-
-secretGenerator:
-  - name: act-runner
-    envs: 
-      - .env.d/.env
-
@@ -1,4 +0,0 @@
-#!/bin/bash
-set -e
-NAMESPACE=mylimbo-com-cicd
-kubectl kustomize deploy/app | kubectl --namespace ${NAMESPACE} apply -f - 
@@ -1,4 +0,0 @@
-#!/bin/bash
-set -e
-NAMESPACE=mylimbo-com-cicd
-kubectl create namespace ${NAMESPACE} || true
@@ -0,0 +1,17 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: act-runner-sync
+  namespace: mf-cicd
+spec:
+  interval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: git-limbosolutions-com
+    namespace: git-limbosolutions-com
+  path: deploy/act-runners/mf/app
+  prune: true
+  decryption:
+    provider: sops
+    secretRef:
+      name: flux-sops-age
@@ -0,0 +1,17 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: act-runner-sync
+  namespace: mylimbo-com-cicd
+spec:
+  interval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: git-limbosolutions-com
+    namespace: git-limbosolutions-com
+  path: deploy/act-runners/myLimbo/app
+  prune: true
+  decryption:
+    provider: sops
+    secretRef:
+      name: flux-sops-age
@@ -7,6 +7,8 @@ resources:
 - backups-sync.yaml
 - act-runner-kb-sync.yaml
 - act-runner-limbosolutions-com-sync.yaml
+ - act-runner-mf-sync.yaml
+ - act-runner-myLimbo-sync.yaml
 secretGenerator:
  - name: flux-repo-ssh-credentials
    namespace: git-limbosolutions-com