diff --git a/postgres-operator/.gitattributes b/postgres-operator/.gitattributes new file mode 100644 index 0000000..0016a56 --- /dev/null +++ b/postgres-operator/.gitattributes @@ -0,0 +1 @@ +secret.*.yaml filter=age diff=age merge=age -text diff --git a/postgres-operator/kustomization.yaml b/postgres-operator/kustomization.yaml index 17fe243..7fd6c8f 100644 --- a/postgres-operator/kustomization.yaml +++ b/postgres-operator/kustomization.yaml @@ -23,7 +23,5 @@ resources: - resources/rbac/role.yaml - resources/rbac/role_binding.yaml - resources/manager.yaml - - resources/db/default-cluster.yaml - -generators: - - ./secret-generator.yaml \ No newline at end of file + - resources/db/secret.pgo-s3.yaml + - resources/db/default-cluster.yaml \ No newline at end of file diff --git a/postgres-operator/resources/db/pgo-s3-creds.enc.yaml b/postgres-operator/resources/db/pgo-s3-creds.enc.yaml deleted file mode 100644 index 79f5b0f..0000000 --- a/postgres-operator/resources/db/pgo-s3-creds.enc.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: pgo-s3-creds - namespace: postgres -type: Opaque -stringData: - s3.conf: ENC[AES256_GCM,data:nd12eOx2aXNyvUyNxZVP7v9dgh/P51f5UM+vgvP2odnBX9dzE79/2/kI5dn/hJsa/6Jibmk/3Pvexl9PTc1BmYFogVXfkVH04RhH1iaP6Jsl8oycIaG4oPdPgfwSseZlGCmSIBP+GTRoQ8mUmNDVxaSb4SwYHI9vjTalxoSyo+vnE8ABBt7h5J5QgXo=,iv:av60ntIqiRfv7gum585jjO1McCOXmMVD+voBuWfukm0=,tag:+GgMk3Z16JFyfLvsHH/m0Q==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoU3pnbVhrREF3d3ZiU040 - UjU1TUMraXhlV0k3aGprSnZvaUZncDU3Q1hFCkZtMklKS0VWS0w1SllxQ3lKYmxC - b2NFSitjSEtqMEpiZnNmeEhPb2RBa28KLS0tIFYxQ2w1aW1zaFVGY1RZekJVOEdH - UGZwVWhNTHdCS1hDMjJYcy9kVittTlEKLMWQALBbEmqMLx2gGMWr6m6CHb7vP9k3 - lIZNhA5nwpH2R7TSbbNpnzsq3yhC9ClM8smfAmr+02rUK6T4RYaZiQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RVRxb2h5WjRFc0xBdE5m - b0JrbHJvM1pCZDlFVXU4bG0wdVpnQjRRaUd3CmphMU9LbGx4NURrNUlUekJMUHN6 - ZVFncDgvcXdNeVVjSk52LzZ1N2NmSk0KLS0tIEJvQlBnNHFEQnVvZFZESDlRSHox - RHhmT1VJWHNsK2QrS1p1dEkyM2JrcTQKs4gzaEY/ofkMHkD03Yu9JIgnR12c5LWm - 2bwb+wJ056Sxz2jwC66gW2F7CcX8tIBOuWW99JqfHhFBj9oYZGoDxw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-07T18:09:57Z" - mac: ENC[AES256_GCM,data:yndsk1ZStyVRDFm8h3dTARBzsiXAgWNNvrVmQeHuzYAYO78UxDXljbuQHBIJHGpSD4jEZl569cy3VY8Wk8ulUHHJM82LSMtYeAabv3GMJIpPxMHsczngBpbqmLQEpW6Yb6EB8eY7F8gL0MtZu46r4Dw9zZJKmGW6V1cIPK6G6As=,iv:udMhvZbf966Rdyl/2I/0IQL6kOvUOY4OSQMj+bWEKvM=,tag:BQPy3GoWP9FKcH6+o4B/8g==,type:str] - pgp: [] - unencrypted_regex: ^(apiVersion|metadata|kind|type)$ - version: 3.8.1 diff --git a/postgres-operator/resources/db/secret.pgo-s3.yaml b/postgres-operator/resources/db/secret.pgo-s3.yaml new file mode 100644 index 0000000..0d1cf04 Binary files /dev/null and b/postgres-operator/resources/db/secret.pgo-s3.yaml differ diff --git a/postgres-operator/secret-generator.yaml b/postgres-operator/secret-generator.yaml deleted file mode 100644 index 5b77529..0000000 --- a/postgres-operator/secret-generator.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: viaduct.ai/v1 -kind: ksops -metadata: - name: postgres-secret-generator - annotations: - config.kubernetes.io/function: | - exec: - path: ksops -files: - - ./resources/db/pgo-s3-creds.enc.yaml \ No newline at end of file