From f80eb640c4cba13615706a3470d1f42c5ace8837 Mon Sep 17 00:00:00 2001
From: Peter Kurfer <peter@icb4dc0.de>
Date: Wed, 17 Apr 2024 21:06:59 +0200
Subject: [PATCH] feat: migrate cert-manager to git-age

---
 .agerecipients                               |   1 +
 cert-manager/.gitattributes                  |   1 +
 cert-manager/config/acme-cloudflare-dns.yaml |  36 -------------------
 cert-manager/kustomization.yaml              |   6 ++--
 cert-manager/resources/secret.yaml           | Bin 0 -> 349 bytes
 cert-manager/secret-generator.yaml           |  10 ------
 6 files changed, 4 insertions(+), 50 deletions(-)
 create mode 100644 .agerecipients
 create mode 100644 cert-manager/.gitattributes
 delete mode 100644 cert-manager/config/acme-cloudflare-dns.yaml
 create mode 100644 cert-manager/resources/secret.yaml
 delete mode 100644 cert-manager/secret-generator.yaml

diff --git a/.agerecipients b/.agerecipients
new file mode 100644
index 0000000..b29b260
--- /dev/null
+++ b/.agerecipients
@@ -0,0 +1 @@
+age17wmvafx76dechar4tne7gsv2tgpw3afsuck0jlfz03l5stnc3c9s2nww0z
diff --git a/cert-manager/.gitattributes b/cert-manager/.gitattributes
new file mode 100644
index 0000000..72303bc
--- /dev/null
+++ b/cert-manager/.gitattributes
@@ -0,0 +1 @@
+**/secret.yaml filter=age diff=age merge=age -text
diff --git a/cert-manager/config/acme-cloudflare-dns.yaml b/cert-manager/config/acme-cloudflare-dns.yaml
deleted file mode 100644
index b0b2fea..0000000
--- a/cert-manager/config/acme-cloudflare-dns.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-    name: acme-dns-cloudflare
-type: Opaque
-stringData:
-    api-token: ENC[AES256_GCM,data:9PerD+nitxWGlaVCrvwrzSq4n6OXOWdoxwuvmgNCo5dwKby5MmWzgA==,iv:+IKQIFlB0wmfAXAeqVS21zXTdQgQW1382UdsV//QNc0=,tag:ET99pjX/39bZhmHRCnAzFw==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByK25WeGYzZVdFOUluczNa
-            YXdnZklod2RxZUo5UkJvcUJNVWIvQ0pSbUhZCnpJQVF0MEUwWG51RHUvOVFFMkg3
-            QmI3T2VDQ0k5L1p6dSt4b1dlczA1TmsKLS0tIC9OMlIyQjNHQU90TjdlSm9CWkIv
-            ODQ3b05TMENqZnU1NC8xUkx2YU5vRjAKAaRgVOWFkA8qmTPAwb5zsQqpZce+QOan
-            RaJAf/52GB83bk8iajcJMjpPsQLNc8Bc1BUeXZeJ8Q1eDpj/Ez4pLg==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbjNobXZVOEM0b09CQ1p5
-            c2RpUDNWTTVIVXh0aVRBTzNyOUxuVUNwUFVFCjQ0K0pvdlhlWTNqV2Vxa0Jjclc2
-            cDI3Z3JlV3hxaXptYlZrN1RROHBwM2cKLS0tIEJCZjRuSjVMcTlIUmhiSWk5NmRz
-            LzVyWGZ0em5RKytCWndjbjh6eWhNc1kK+2g/VLNIs2B62l5kZmkj561Fq0hpnvf0
-            L5p+Dyxlh8VjFVKXct6PzJ2Bg+mx+/MDFSZ2PXw9QUI+eNdznCutZg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-13T20:21:29Z"
-    mac: ENC[AES256_GCM,data:phMqQQ+gs0q2AZrnwzM7qybxcdaErWk5Q3bjXE1chekJQ5IsHoaDj7orzG0CAb1GD+Qa+/3QV9n2ggsT9w3zZGSjiMTttes3L3CVfJjOXC6WpzjxHnIM7xFA2uZsziIOXbU6nqZ8OtFfFfjbio8lt0OZj7W6HIdAnom6zIwUAbI=,iv:ueToOo0V+IBScXDTJnHPVKvx9O3/NHeTBDs344FseQ0=,tag:JNc9tr1LZx6LRRpcqNwJOA==,type:str]
-    pgp: []
-    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
-    version: 3.8.1
diff --git a/cert-manager/kustomization.yaml b/cert-manager/kustomization.yaml
index 1cbf49f..cfae7dc 100644
--- a/cert-manager/kustomization.yaml
+++ b/cert-manager/kustomization.yaml
@@ -7,6 +7,7 @@ resources:
   - crds/cert-manager.crds.yaml
   - resources/letsencrypt-staging.yaml
   - resources/letsencrypt-production.yaml
+  - resources/secret.yaml
 
 helmCharts:
   - name: cert-manager
@@ -16,7 +17,4 @@ helmCharts:
     namespace: kube-system
     valuesFile: config/values.cert-manager.yaml
     apiVersions:
-      - "cert-manager.io/v1"
-
-generators:
-  - ./secret-generator.yaml
\ No newline at end of file
+      - "cert-manager.io/v1"
\ No newline at end of file
diff --git a/cert-manager/resources/secret.yaml b/cert-manager/resources/secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1ac4b9560efe73d5d1551d359d3ccdb8e29f2387
GIT binary patch
literal 349
zcmV-j0iyn4XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$STZ#=F*zV~ZE9&$F;#MMHdj$b
zW>k1%Yiw9mQe}E-Xk%tjcX(EMdSP^GS~4+7Gc*cgIbn2EN>*n|GEYS_aAH<%H9=N$
zPIG8hH8x9aQEEvwLRNJ!H!)&tRCfw3EiE7~NqKcsWqDyWXnHVjZZCFKL{~y-cxN_P
zWjSw2QaEpGb~iLHVK8MgS7!>=iGdl*@rZZHo;|b;8pMiNb;Y?8B-Q8D!UqP#x*QFz
zC1zKW&6-w}3i))>5X7S=zK-K^n*@BIs>l{xiz%9&$%4z7WKPR1im{|*hY1@leu+B_
z4ZS`M#N`E%E}Q<FnJ6DJzQRvN_Nt3j2$7csizpFg-{5ed!cKvE7UBUM<_)97U>y;1
v#$zj4E&m#0D@o0MRHWL^qS;kL4_t@808)!xsj}}>@zbrmwu5XzLP^41TYZgI

literal 0
HcmV?d00001

diff --git a/cert-manager/secret-generator.yaml b/cert-manager/secret-generator.yaml
deleted file mode 100644
index 84d6eba..0000000
--- a/cert-manager/secret-generator.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: viaduct.ai/v1
-kind: ksops
-metadata:
-  name: cert-manager-secret-generator
-  annotations:
-    config.kubernetes.io/function: |
-        exec:
-          path: ksops
-files:
-  - ./config/acme-cloudflare-dns.yaml
\ No newline at end of file