From eb8036898d38bc14fa3ad47bd64d6f34bc128cb0 Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Sat, 27 Apr 2024 18:09:44 +0200 Subject: [PATCH] chore(s3-csi): switch to git-age --- s3-csi/.gitattributes | 1 + s3-csi/config/s3-csi-config.enc.yaml | 38 ---------------------------- s3-csi/config/values.csi-s3.yaml | 6 ++--- s3-csi/kustomization.yaml | 19 +++++++++++--- s3-csi/resources/secret.s3.yaml | 8 ++++++ vikunja/secret-generator.yaml | 10 -------- 6 files changed, 27 insertions(+), 55 deletions(-) create mode 100644 s3-csi/.gitattributes delete mode 100644 s3-csi/config/s3-csi-config.enc.yaml create mode 100644 s3-csi/resources/secret.s3.yaml delete mode 100644 vikunja/secret-generator.yaml diff --git a/s3-csi/.gitattributes b/s3-csi/.gitattributes new file mode 100644 index 0000000..0016a56 --- /dev/null +++ b/s3-csi/.gitattributes @@ -0,0 +1 @@ +secret.*.yaml filter=age diff=age merge=age -text diff --git a/s3-csi/config/s3-csi-config.enc.yaml b/s3-csi/config/s3-csi-config.enc.yaml deleted file mode 100644 index 6ce746d..0000000 --- a/s3-csi/config/s3-csi-config.enc.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: csi-s3-secret -type: Opaque -stringData: - accessKeyID: ENC[AES256_GCM,data:xXtMVs8lcYBuaii8oYdVt91NzkwOkWavznEEZF8l07c=,iv:s8CWIw0Oz5yoF/SycISaoypeD9j+IWn67KK49unUjSo=,tag:7z/2XEtcoMEU+aBR8c0nDA==,type:str] - secretAccessKey: ENC[AES256_GCM,data:NeruTGq0aF5gsKas2ORCHB9R4ierD+f+8ccfmLzotL01Hpu8vWBtJF3uZoIPshPbbNOxYqGcEvr3EGj3f8+3Pg==,iv:Ml0i1Ocp2QOjhjw5/hfv4NMzulYXBZHv8KDdvEH22X4=,tag:yEdx4u4ErGIafG6JVOAADQ==,type:str] - endpoint: ENC[AES256_GCM,data:H8qcNELbxrl1y7jTDUusGxhHnXbanExwNEwT16XUB/BnCb3upAjzAhXmxcrVKUVk5IfsAlCmX+I/Tg+mOFAgUcg=,iv:AafzfoVDdtuw2iIMl5/obp0QWIoFN6Kmk5D1X/20Sig=,tag:NtX31/hzS/+ACTsNbC8rIg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEK0dvNXlwVElnekNuK2VV - R2U3cDRUQWVudmNQT1BqbGpTNysrR3RtVWg4CnljSldwM1o4OGJGQ2JiVUJEN0Jv - K3NJVHU3c2NCbEordkdVeG13NDQ2MGMKLS0tIEVPQXhOUUttZVZka3FFOUoxM05n - ODdkb2ErNFlsWXliZVZSYlZldmtUTzQKJLVrS1v4EhnoObtEpezdAz7Osm65ej1D - ygohQ1nMl5gQJsHpC7jTQUgAD6VHFter1PDCInL6TBK/ZIu9SQZYWw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMVDFndXN5cnRHZ1NQY09k - UnkyK2hMbjZ5amtMSjVNOTJWYmgvWmJKUGhBCjZhbElNRVFFdWl6SlcyNnk3TDU0 - ZURHZ1hQcGlvZjFCalJaNmRLaWV3RDgKLS0tIGFpUTB6RHdCdnlVOVRPdEh1bzRk - N1BoeU5MY1hFMy9VVkhEeUFrK3JVOUUKunVPI8E7F8BOoaPd4LidbITubBsbPzn5 - L3vShqSiwVJW7Nq8i4k0MA3geCHTk0zEj+Tj8Ncbkj37UjAhdawi4A== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-19T13:40:05Z" - mac: ENC[AES256_GCM,data:JZa+bnqgii3JxeiImFyZhojQqpPOb3R6dzcc+XaNMA1tEa5E5Q8apqFpipUbfWYNawKw/iR8a4GvsfriLnIXLcTaKmz8FrdoXeLUZyzWWVjHFApWqKndmB63bp3mNupwsfauhNjvNOMVEAXGMQ8iCMIhdYx43PTnktSRkDPmKd4=,iv:NZxfwRwzy7S9vkc6rfZVTBzy8YAgyCUzMzmRP2B5xSk=,tag:Yg1rteLHY735pnPxPSpe6g==,type:str] - pgp: [] - unencrypted_regex: ^(apiVersion|metadata|kind|type)$ - version: 3.8.1 diff --git a/s3-csi/config/values.csi-s3.yaml b/s3-csi/config/values.csi-s3.yaml index ec5add5..1fa0eda 100644 --- a/s3-csi/config/values.csi-s3.yaml +++ b/s3-csi/config/values.csi-s3.yaml @@ -1,7 +1,7 @@ images: - registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 - provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 - csi: code.icb4dc0.de/infrastructure/csi-s3:0.38.3 + registrar: registrar + provisioner: provisioner + csi: csi storageClass: create: true diff --git a/s3-csi/kustomization.yaml b/s3-csi/kustomization.yaml index 6450c4e..220a127 100644 --- a/s3-csi/kustomization.yaml +++ b/s3-csi/kustomization.yaml @@ -3,13 +3,24 @@ kind: Kustomization namespace: kube-system +resources: + - resources/secret.s3.yaml + +images: + - name: registrar + newName: registry.k8s.io/sig-storage/csi-node-driver-registrar + newTag: v2.9.1 + - name: provisioner + newName: registry.k8s.io/sig-storage/csi-provisioner + newTag: v3.6.2 + - name: csi + newName: code.icb4dc0.de/infrastructure/csi-s3 + newTag: 0.38.3 + helmCharts: - name: csi-s3 repo: https://yandex-cloud.github.io/k8s-csi-s3/charts/ releaseName: csi-s3 namespace: kube-system version: "0.38.3" - valuesFile: config/values.csi-s3.yaml - -generators: - - ./secret-generator.yaml \ No newline at end of file + valuesFile: config/values.csi-s3.yaml \ No newline at end of file diff --git a/s3-csi/resources/secret.s3.yaml b/s3-csi/resources/secret.s3.yaml new file mode 100644 index 0000000..fd7744d --- /dev/null +++ b/s3-csi/resources/secret.s3.yaml @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> X25519 yxTOU/kOTO6uAPaUvbBbM5hyraTLyNuWGUB7Y6ADen4 +2PA3eHxEF5ywm1YEtZebAMsv8wdFol3rdoe0HI+M9Pk +-> X25519 IBtaBQHvk2aryL8wvAW5GcD6gYmdw9nNBzd25m1ICy8 +f+XnEwXTPgZyCnXU5X00rpMsSyXV50WJznvQQbFH+sw +--- qvk+5h4FlxUX01/mB35HYS8tPxNhwA66N0mMWKyn2sk +’›ð•ðU¹|ADAH·S!NµÃA¥$iÎÛV‡SŒ<úoÓÜ°ó”_›=þ­2ñ‰Ê kdßšÈûyÞ§ºôu[Cs)ŒXXo‡G‰l ‡æe€J‰žZ.Ë¿Z, _Y"!»P“ÀI©dH¥ò±\»ÁºÊ&šë!vðµêeX«