myLimbo/casa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fluxcd: teleport agent

Browse Source
This commit is contained in:
Márcio Fernandes
2026-06-07 14:30:10 +00:00
parent 837b30ff49
commit 0837efccf9
12 changed files with 98 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/teleport-agent/.sops.yaml
+11
View File
@@ -0,0 +1,11 @@
creation_rules:
# encrypt all values from file
- path_regex: \.private\.dec\.yaml$
encrypted_regex: '^(.*)$'
age:
- age1f9e4pvp5y8gzuk8mz2s5xm85dd7znxhk56tcpuxqwn78qfjwja0qekwlju
# encrypt secrets files
- path_regex: .*.yaml
encrypted_regex: ^(data|stringData)$
age:
- age1f9e4pvp5y8gzuk8mz2s5xm85dd7znxhk56tcpuxqwn78qfjwja0qekwlju
services/teleport-agent/README.md
+7 -11
View File
@@ -1,19 +1,15 @@
# Teleport-agent # Teleport-agent
## Setup and Deploy ## Setup
### Application layer Using flux for reconciliation.
- agent helm chart ``` bash
./ops-scripts/apply-flux.sh
```bash
./ops-scripts/apply-app.sh
``` ```
### Infra **Encrypt secrets:**
- namespace ``` bash
sops -e deploy/app/helm-values-secret.dec.yaml > deploy/app/helm-values-secret.yaml
```bash
./ops-scripts/apply-infra.sh
``` ```
services/teleport-agent/deploy/app/.env.d/.gitignore
-3
View File
@@ -1,3 +0,0 @@
**
!.gitignore
!**.example.**
services/teleport-agent/deploy/app/helm-repo.yaml
+7
View File
@@ -0,0 +1,7 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: teleport
spec:
interval: 40h
url: https://charts.releases.teleport.dev
services/teleport-agent/deploy/app/helm-values-secret.yaml
+28
View File
@@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: node-red-settings
namespace: default
type: Opaque
stringData:
roles: ENC[AES256_GCM,data:LnMmFa1Nw29i4CZxseiI+Gyd,iv:GEYphwL17N6MbV/cw79IQ0XvaF+os3sqLPcihFkoU/o=,tag:B7XjbSiJRBsTzRaWE7PKpQ==,type:str]
authToken: ENC[AES256_GCM,data:LnK+oJdVJV/1/Y9d4vEGTursMEOLvK5BR7alhk2ZsjE=,iv:h/Y93x8e7gx+cOzeH1GZJknNJk0ZmAUACJDvDKXeKHw=,tag:4gpZJqoLUA3AhaOrsNu6fA==,type:str]
proxyAddr: ENC[AES256_GCM,data:o5GMP1gcO7d+xBnu0TY7KCFYbyFm/CNFUF4FXa7PFA==,iv:byC/YaMiCEIoORHs5yp8hebV46pocrR2TjaFGN4SNJ8=,tag:0k9C5JqCSwMlnmcQNGKr0w==,type:str]
kubeClusterName: ENC[AES256_GCM,data:1laDtQ==,iv:oh7BITQ/E07WHraLSnMlalsmfUA3UOVT18h7Z9W4Gxs=,tag:drua4LT1kVdtd6AsvFTllg==,type:str]
labels:
teleport.internal/resource-id: ENC[AES256_GCM,data:JKPmeKERfekLvw5t1OKOvEZ2Pj3PRMFuauxHrv+tomJ0DJif,iv:50hzLHJBnT8/HECXshhnsINY1GMO5xB4zUyKDsMJLng=,tag:kKujkCp2bd2cvtPeuXnJbQ==,type:str]
sops:
age:
- enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkU01YcEZ0YUQ1UEE5djh1
L09jTitrRjFMRU1Rem9XVW1BYjlZaHl0WkhrClhwenU1eFpMaTRMYm5NUmFrbUN5
MVFacnM2ak1OTU9qMWlJUlZGQTdEeUEKLS0tIForTTFReTZMWGt1cDV5ZUx0UXNB
WEczQjBad3Z4WVFhZTdBOENBZmMyOWsKIxJmYshgSE+TAPXOVMgibmhgBxk6cZMo
GGfau043oYzsTclKRiZ4Nqvm4xPoK6ROrOtLlwqD3cT5+n024bv/ZQ==
-----END AGE ENCRYPTED FILE-----
recipient: age1f9e4pvp5y8gzuk8mz2s5xm85dd7znxhk56tcpuxqwn78qfjwja0qekwlju
encrypted_regex: ^(data|stringData)$
lastmodified: "2026-06-07T14:23:19Z"
mac: ENC[AES256_GCM,data:MhTqEKu1mLpcsIzN9UY7ltXPUsqsyb+/oWgi3bwcp6VScERP4tIYeqZyCAzQFw+oOvsR2Ii/PCDPRY536MrkPCQeacrsnneuemYn/FIZfwezZQMPBSGjInncs6IvoUDi8y/0TtL92voYqGqlVv0WuOvcNol83Baj/tKUa7QT8tA=,iv:IZxuNcDOlm+7F1SPILqXtQA8+wQBPv5/C6CWRSn2sxs=,tag:CxveRc4Vp71IXeCk8zJNMw==,type:str]
version: 3.13.1
services/teleport-agent/deploy/app/helm-values.yaml
-6
View File
@@ -1,6 +0,0 @@
roles: kube,app,discovery
authToken: ""
proxyAddr: ""
kubeClusterName: casa
labels:
teleport.internal/resource-id: ""
services/teleport-agent/deploy/app/kustomization.yaml
+12
View File
@@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: teleport-agent
resources:
- helm-repo.yaml
# - helm-release.yaml
secretGenerator:
- name: teleport-agent-helm-install-values
files:
- values.yaml=helm-values.yaml
generatorOptions:
disableNameSuffixHash: true
services/teleport-agent/deploy/flux/.env.d/.gitignore
+2
View File
@@ -0,0 +1,2 @@
**
!.gitignore
services/teleport-agent/deploy/flux/app-sync.yaml
+16
View File
@@ -0,0 +1,16 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: teleport-agent
spec:
interval: 1m
sourceRef:
kind: GitRepository
name: casa
namespace: casa-limbosolutions-com
path: services/teleport-agent/deploy/app
prune: true
decryption:
provider: sops
secretRef:
name: flux-sops-age
services/teleport-agent/deploy/flux/kustomization.yaml
+11
View File
@@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: teleport-agent
resources:
- app-sync.yaml
secretGenerator:
- name: flux-sops-age
files:
- "age.agekey=./.env.d/age.agekey"
generatorOptions:
disableNameSuffixHash: true
services/teleport-agent/ops-scripts/apply-flux.sh
Executable
+4
View File
@@ -0,0 +1,4 @@
#!/bin/bash
set -e
kubectl kustomize deploy/flux | kubectl apply -f -
services/teleport-agent/ops-scripts/apply-infra.sh
-3
View File
@@ -1,3 +0,0 @@
#!/bin/bash
set -e
kubectl create namespace teleport-agent || true