diff --git a/config/kustomize/base/resources/deployment.yaml b/config/kustomize/base/resources/deployment.yaml index 397b376..fad10e5 100644 --- a/config/kustomize/base/resources/deployment.yaml +++ b/config/kustomize/base/resources/deployment.yaml @@ -5,6 +5,7 @@ metadata: app: keycloak name: keycloak spec: + replicas: 1 selector: matchLabels: app: keycloak @@ -14,7 +15,6 @@ spec: app: keycloak spec: securityContext: - runAsUser: 2000 runAsNonRoot: true seccompProfile: type: RuntimeDefault diff --git a/config/kustomize/base/resources/service.yaml b/config/kustomize/base/resources/service.yaml index da1bc70..df29363 100644 --- a/config/kustomize/base/resources/service.yaml +++ b/config/kustomize/base/resources/service.yaml @@ -6,7 +6,8 @@ metadata: name: keycloak spec: ports: - - port: 8080 + - name: app-port + port: 8080 protocol: TCP targetPort: 8080 selector: diff --git a/config/kustomize/base/resources/servicemonitor.yaml b/config/kustomize/base/resources/servicemonitor.yaml index 6a47394..35f3b69 100644 --- a/config/kustomize/base/resources/servicemonitor.yaml +++ b/config/kustomize/base/resources/servicemonitor.yaml @@ -3,16 +3,16 @@ kind: ServiceMonitor metadata: labels: app: keycloak - jobLabel: keycloak release: prometheus name: keycloak - namespace: monitoring spec: endpoints: - - path: /metrics - port: http-metrics - jobLabel: jobLabel + path: /auth/realms/master/metrics + port: app-port + namespaceSelector: + matchNames: + - sma-ums selector: matchLabels: app: keycloak diff --git a/config/kustomize/dev/.sops.yaml b/config/kustomize/dev/.sops.yaml new file mode 100644 index 0000000..eb44b96 --- /dev/null +++ b/config/kustomize/dev/.sops.yaml @@ -0,0 +1,20 @@ +# A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439 | smardigo automation DEV +# 890B2EB48F343D4C6DB9DA0916826F30002D3C1D | smardigo automation QA +# E5B4FE1E0209DFFE320D2A2E47087747D89B72EC | smardigo automation PRODNSO +# D65D400040387210377B6A71DFD775644EAAC77B | Friedrich Goerz +# BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 | GPG DevOps +# 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 | Claus Paetow +creation_rules: + # list of keys for encryption in __DEV__ stage + - encrypted_regex: "^(data|stringData)$" + pgp: >- + A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439, + D65D400040387210377B6A71DFD775644EAAC77B, + BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5, + 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + - path_regex: "*file.enc.*" + pgp: >- + A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439, + D65D400040387210377B6A71DFD775644EAAC77B, + BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5, + 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 diff --git a/config/kustomize/dev/kustomization.yaml b/config/kustomize/dev/kustomization.yaml new file mode 100644 index 0000000..162192f --- /dev/null +++ b/config/kustomize/dev/kustomization.yaml @@ -0,0 +1,20 @@ +bases: +- ../base + +generatorOptions: + disableNameSuffixHash: false + +generators: +- resources/secgen-harbor-pull.yaml +- resources/secgen-keycloak-creds.yaml +- resources/secgen-keycloak-database-creds.yaml + +images: +- name: staged-harbor-01.smardigo.digital/smardigo/keycloak + newName: dev-harbor-01.smardigo.digital/smardigo/keycloak + newTag: 14.0.0.2 + +patchesStrategicMerge: +- patches/ingress.yaml + +namespace: sma-ums diff --git a/config/kustomize/dev/patches/ingress.yaml b/config/kustomize/dev/patches/ingress.yaml new file mode 100644 index 0000000..977d710 --- /dev/null +++ b/config/kustomize/dev/patches/ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak +spec: + rules: + - host: dev-kube-keycloak.smardigo.digital + http: + paths: + - backend: + service: + name: keycloak + port: + number: 8080 + path: / + pathType: Prefix + tls: + - hosts: + - dev-kube-keycloak.smardigo.digital + secretName: dev-kube-keycloak-cert diff --git a/config/kustomize/dev/resources/secgen-harbor-pull.yaml b/config/kustomize/dev/resources/secgen-harbor-pull.yaml new file mode 100644 index 0000000..492e495 --- /dev/null +++ b/config/kustomize/dev/resources/secgen-harbor-pull.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: harbor-pull +files: + - secrets/harbor-pull.enc.yaml diff --git a/config/kustomize/dev/resources/secgen-keycloak-creds.yaml b/config/kustomize/dev/resources/secgen-keycloak-creds.yaml new file mode 100644 index 0000000..325ad8c --- /dev/null +++ b/config/kustomize/dev/resources/secgen-keycloak-creds.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: keycloak-creds +files: + - secrets/keycloak-creds.enc.yaml diff --git a/config/kustomize/dev/resources/secgen-keycloak-database-creds.yaml b/config/kustomize/dev/resources/secgen-keycloak-database-creds.yaml new file mode 100644 index 0000000..97e5864 --- /dev/null +++ b/config/kustomize/dev/resources/secgen-keycloak-database-creds.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: keycloak-database-creds +files: + - secrets/keycloak-database-creds.enc.yaml diff --git a/config/kustomize/dev/secrets/harbor-pull.enc.yaml b/config/kustomize/dev/secrets/harbor-pull.enc.yaml new file mode 100644 index 0000000..58ee7b3 --- /dev/null +++ b/config/kustomize/dev/secrets/harbor-pull.enc.yaml @@ -0,0 +1,100 @@ +apiVersion: v1 +data: + .dockerconfigjson: ENC[AES256_GCM,data:BFnhjMeCZSILll28IOXA7X1Nu/aJiAN7d/A4QNycd2X386thFEAm7iOZ2YA30X60JHez9OlGV6dP/sFRtzJf3Ff+NKFpZsdBKXJ0m0IZJYaL/YCjEiIpSlwHEndtOPU3/r3a2sJSlYqZc3d9yNnPV3E3NgU5oY/EHIhEOlkgs7ZQ2ZEUYVz9kK9w7HbfYpHo0FcZrTLSV137MByRhzS6ZsZ/uh4=,iv:JsZYSSgRpykRSEZU0JkMh+Y6HC54YR5DyhE1Y4IVcv4=,tag:xFAzQOBS3soegh/ECKB9oA==,type:str] +kind: Secret +metadata: + name: harbor-pull + annotations: + kustomize.config.k8s.io/needs-hash: "true" +type: kubernetes.io/dockerconfigjson +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-08T11:24:02Z" + mac: ENC[AES256_GCM,data:nc0ecIbTXdmJOSrFvKihNgxQPAosoMRk8K3kCTa+yetEbuwXf3WuyMWOCCv32Kh6HztIn5MZOf+8vhlSNUUFYUc/u5RaZZv3QqyRgC4UdOKcuJfdwsQkbExnksPH07hEML10m8FoCeRJcdp1CWrnCJp8bANnpXjhD4yG1jlpw3o=,iv:6Xd/tGswi59No9XH0Ar2ONsOlZi6tGE8oIXRZl0dKLI=,tag:iZ4c20k3STyof3/Gdq+u4w==,type:str] + pgp: + - created_at: "2022-06-08T11:22:09Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA/3nDyRfgQqhAQ/9HJbnEslO/btw78cLzFDThqhd/dgv0cu9xSg4fENZw3n9 + VOjFZUZaVM42d1wcY8NGxOrkm3Jx3H+6twtbRMUZs90eGzUmZiMbp1UALFsFHU6J + 6HcyYQ3tiOmv0TCQhd5Hz2liVi6xrY/2pNDwHnO1H91BrexI3QtvXWj+XxKt3tyT + dMLIMlysWlxlITK758eiaaDWIAk1PU8pm6oiUZIlYeOvKMhPHX6dZrso3iYSShBf + CHm0h32gO9k22jdSZt4DIxrZO2EMzY9BpEagcz8gaR52VQ7OYAjTBAxgi3tcUObh + SmvnqTdUJywVemR66y4AD+JMyPXweeETEFInjU2MOBd1En+11uGRGfktev7fhVGX + XuN/bsN5fkONocAI1k9mzVoMD9OvYrv/Y8Jgwkeirnb8DSDEcdVr2BiLqC7t1yNY + 8ZlIzrFT0FHHKozAV6xfwoAF7jMV3ASJvcLbY+2veC2mbTIL+M5g4gSDuC4R1KdF + RzIENhuUSHHRNRtDfEB0OkcpSU2kM8uX4240pTXyWz+auYgnOX8W7RQ9V2sqKwCY + Ioxge4kWjq6SM3F6ZaaIBB163g3MgbGE50MTyYbiQyxsasa5U08sgsDXJ2TDuT9w + NnWOI+4AAlSE4iWMUp/8t0ytcmltq/xRoVKHoZaoBCjMnenh5E6mlhFaOqYbQQ/S + XgHYezaf4/yKv3QELDQ8S8fIpb4Du9l4n39MyU8FAz98z0nTb9ssuglkCh3Iv7TV + 6YynVdBpte0Z2+E9SqlX/hpRlv03cMED/oeW/3RC5Gkgtb/mQU0i8ZiZxqfdBcY= + =1FfQ + -----END PGP MESSAGE----- + fp: A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439 + - created_at: "2022-06-08T11:22:09Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7ARAAiOnM9NgX9ZXpHc/OkyW5UAqzsMpoDG4DCFbK8giVIJ5f + 5ahNkxv94RtgLTpFBGxIg4zoLJsVQ4oFyxDw0ZNmMVIrAqHnO9d6BZ67e1srRMm1 + 2B5d3rqf9xh6s6Ev0uhD6ZlWHoFZxY4eck+rZPFtRjsTEi3paF5iO5I1ps8f6EOj + e/9fm6i1YVURNIxhYbaO+TPU64rjiTWD6wbTSIBOWDvdYs0Ufk04DmNnMn8qPuPg + espLFwtIEM1E2S7ufZDKps45MP/Lu0QEivrX3wfQHQAbC6c/7BLXW/LEkN+eYSEo + kVi6iBcYF0bG56UnRXjxpd86pXL9S6T8ZpIPoyxarE/Lw73mzZZ1aHYRUOqGWJvT + PsjPQRIMxD/5tHbQ8RwuJFN1HXtgftsPMfi+p8LAbKopjFEIfhDB8dm4p82tfnyq + QPWrFDLTke+xyVKUjhr5ZVTjOj0CJWYndlLonnUptkRU6BCjto0roj2WH99dPWbw + Ng1sJyon4L7cbTvtGYxToz3NsNoeAENYglG7/2N0mj+Pr5/QBLFHrN5Q7sxDXjFq + IyP8ji98fTQYlr4058aLcLRqNKukeyj7gfYTlSWRTHF7cHU4TbHBOitDwstJIBwD + pzXuj4NStRzCFxSy9VU24yZWjnkNbNGDXd5CNhxiC+T3KUoHpYEMnpr1mQ/SM2XS + XgHcTfzC+NTyakWAhVdowTzjqjZ2PssYgEIQFfH7/HfGemhBvgV0TyMwL5lxcorc + ocNroPADR/gbhXDGv6mO13J3ZqgSjtlenkj3rxnvxNWt23O0ynAq63+Z81BIUp0= + =n26N + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-06-08T11:22:09Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bARAAt/w0WZS88GMzcZjpi5oFApdKc10iAsbeh8TGbTg7OrPH + GsD3uUknQ6+SjqIdnglZrH96jtwgdWIAWAy9bsvvrvIyicxjuamehByZjAr6p5CH + jAplZhOu7G4GlC3/no6oJqEh9x9Bvh+gJ+FUk5dOvfFqibxLITNjY8x1jKUoBdfc + ZLEGsTurQClamJyx9jehexppKWva9BOnZ5h0SQZbNfmSwvagHpvu5SIvSLfxcfQz + jCp77/UYVrtvq+yg+cCwrbmfoy5FdZ3TIGqZkn7k8A+4RZcWrV4OJMiMKd2getHZ + NP0R4wL2wmauqEmbiwPsoN3QODGzBV16wfMIEx0+gCM4ZbjmY7LwIdcPuHFG+X5/ + Fj65SIHIWT5K/5g3/0MNFLdeaBehvz34XbG4QrzilSy6l2QochGyllKIIQdGgWce + xMu84Xekm4wAnxZWxmWR1+aQbCQ1yJAf/Th9UcR9I0JgsaKyZjXTnv2Xmndhil+/ + aqETK8ouEYyEYSw3/Jci7/36WNEvvcpMwBTkShSna2hD5xOi1t/ydpq2UVgrGFkQ + tnkY6biwl40kz7GLSy6ouAe75gcmGU1jib8RIESwaIKzncjVbqxugZv3bvuOvKC0 + FikiXPCFvNxqlGcecFTavZnxntRKpcLo9+3Uq93EiJzApSh0qb/CSYTcy7KrYuTS + XgFc56z9PR/o/6WJ5hpisf2q89lZhSe+K/8r0fj6KZdTK95Q5639v3C4t4EWMy4u + cIrJnMN7C0P+dxOQYLmhb7tcAkKZ8lsdKT870R5lBorZjy6SjdvWlyIA+NkXYMY= + =ehEK + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-06-08T11:22:09Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWAQ//dqTToqSoWUvWTn8ilcEyEvTvJOkaKaDvt7iiNhe1TlJN + y/4FYkmBSlNYIweORAtYP7EAxVNNGwOlItd8Kk/0m5pMFpJsCi1coAt5hOFaazud + mxJMrl5G9/gnPJOFl4GNgiDJ9wUHtOLezBuyGl+botFDaNNo73qEh/zMwK5GZr5i + wfMpMPSwR2gkt7b9iLKZeTQiEVZPZN2X5FWA/I9X5PKgdPPPHpGYE9D5JleSNUX7 + 9JYuF52M3PbC2vEtrIYa8QzORRqPNXfZKE3r/sjBFOKN+nkDTOsr7a94kQhSlfrJ + lY1yEQyaX1xO8QY6EnpAjxv0FrihhbYz9eEAIOmrff+lk0iQDWvEZY8kCkop41jC + rwG75MmwpiUHm19XPE2TaCT14eqm7XKcUsKs8bMvBJ0cmt8zxsP/LwhOF+mxx/OU + r15yRurQ4dnLK+GoQAkIV/7Q7+MC1R2IDy/YfMTJD2J4WdehNZ+4SUgLK6z99yUU + 338ebd7QGyfoVTadTebG8yit32VQ361hHUfVTOtEGmwoK19XLnT/GXgE2xafpaM5 + YbcHu8CZJN/1fXYFt7T1JxDZGx+hG8mF9jdz3jrrHbZ+MwI/pNEFuon24t/XGVFb + NFHHKuOTX0ctNxHjsXi82BDCNJOMwhFTOTZqKHE4jgqrRMWezzBA3TFFGeYOb5DS + XgHDLJRTx2z3ROnOTTGM/84n8Z2hmHqDrXyaSTWurRrnWdByGuSoMFtE9TL++nCW + 8oaQQO8DR2NXAUjs5SiGWWCkhEWJ62f2k8GcfgASR2T0LDps+Z60n09P/62hKsg= + =2ubO + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1 diff --git a/config/kustomize/dev/secrets/keycloak-creds.enc.yaml b/config/kustomize/dev/secrets/keycloak-creds.enc.yaml new file mode 100644 index 0000000..4fb0cc9 --- /dev/null +++ b/config/kustomize/dev/secrets/keycloak-creds.enc.yaml @@ -0,0 +1,101 @@ +apiVersion: v1 +stringData: + password: ENC[AES256_GCM,data:5Ds4DMCoeoxLpIGmPKo=,iv:qzDek0FQCfQcMjJOulRHPge3eUBThMP8XNXMQUbIPXQ=,tag:8pWWmspX05X5MPMRZsG7Kg==,type:str] + username: ENC[AES256_GCM,data:CSXAXerQuxkOKGVhzbg=,iv:oE30r9wBj5QAu8JP4l5ot0xPyGlncEwAreFjPJAkaow=,tag:Kc7MSNJsyB+yLkYIKnRnqQ==,type:str] +kind: Secret +metadata: + name: keycloak-creds + annotations: + kustomize.config.k8s.io/needs-hash: "true" +type: Opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-08T11:24:24Z" + mac: ENC[AES256_GCM,data:wZUc9YDe++Qr/T+OY3k+EWPBYS5QnDFuTO+kvvyICB5XAi42B+o32TKupDQ3z2TNxLgDnYy/gBENax7NEJEyYHiWV+cQYHELJpDa3VlGBI4MzENp3FJiyLPNeRcyzbufPSHHhcBCS0VjfCyoiAsN7iQ4SN5JdvAN1SxZD7foWc0=,iv:2D92/zAjAAy0o/ax1HZDohmydaZBrnyTHjaZ1pPGy+M=,tag:Z1DWy93wmVHem0uuJDgjdA==,type:str] + pgp: + - created_at: "2022-06-08T11:22:16Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA/3nDyRfgQqhARAAtXi7P17Fg1VVU7JXX4S3OiqYxV4rWFKFwTinsmW36WUQ + zUbqdzy+MvGa3sq9tKZReou04CRb80q9NSpQPcQny9PEyXicBZuQkjk+/wGuHH8w + Ld6C+zcfie++/bwPS52FfdOb8W1XAnoiMZ0N76OI0vCbJr/aVT7WNR/RPi0mgvUp + ssri50dgwcvNy2HUMzsyRwPlI6Z49F9jxIZw0pBpDJjYyDWQHKQdZzttsMtXaor2 + lpGoEeVb5VoqYufVdVwWa7VawumKHVXigXAZWvYkQlsWcHM6amXohCtagT8BVH5h + 6keTpaVpvptYc9Pwnqh8FP63iert3tX49U02qDfp2MLb+vsJsELucvnRnsaj70La + lh632Jkg/1fAPN+nMh0J37W62REF5Nf1wTVfpnBF/ycq4Ul9vo0sd9f7QsrVDsKs + 5FGNPhE0xesxQSa4mI7EKRNQ7AxSlyTwQxhYo8WLZyoQQ5uJWJ01dmwqw9VISfx2 + UWw/+dkzx8FJhg3odUbsGsBDVjIDxBWIDY3MiVKnNkL7KhgPQlvX1EqGSAYqUxRY + 8rM3q/TRJNpZCcF6bYzwRJw8Mmu4lAegixwO7IO4ogWjk1Rv1nX2JPTMXu6BJB19 + HeIjyYjLw/t2hrNEdiMoB1mzWlqHL59UfO0kIRVRddfiOpnXRH7wiIBVRKgCGjnS + XAGZSamijUl/nZIYpGTdFRJEqtpWDrtBpLisFfRJh6c03Oh4EjgSnQ4h/VCrycV7 + cdgfMON3bLjbmOUJ9S8GNOQPqlIOk6Rkt6BBsHzhnD+rzr2Y5uOLPKMKkj2y + =R8VX + -----END PGP MESSAGE----- + fp: A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439 + - created_at: "2022-06-08T11:22:16Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7ARAAhZW6PNscLNScJnSNsUcWHocZCRunwpA43JcuX7mmiYle + zkmaUOnjIWfzOrgrwgRNDZ+sxwUeYOsAx7RJE4u/M++xWs92BBYfKdMda4NOXSSS + zUfR3wPazzL3hGnp7/qN4cbKJg5krAlgajyOFsnG8ikX21zfYDSxHfheWDQnbnzV + C13QX/O3SSleJ7OPsUGKHo/KwCBaxVoFLfiZsgEZ29f7MZCd+nbICsEpWrT74U0V + SIQHI/e5UXDxRbksAd0S5vWrOSfKIq6TqJeu0r+ZbkBUKiNoMdaWZ0nDeezNMfG4 + MkKfWwvwjVazkVhUFKKNlAc2i0+rJXwdSioDAMEe01OY365tpTYjl8A82ROrNoP3 + NfaO+HMnDPYm3+gDMq7hWJsRXlcbN/qCHQqj7mACzPxRjtpsovwDPxyPxmwuBty1 + qx7wl/AVwcBaipOX+TSyzFsDjhulTt1Es0pkg1RPXsHi0EkqISeY8+5R1fJjcM+X + z+a/xOFIa4/J4NW6AjLDz8F6+bqGU5WJ/+Xtq1mQOnMtT2l5k87A4PsinvexREg0 + Ljc7pVIIpEYOQbEuwvPJPE63O2DghCpFe+vDcfsvpy3jkbvmuIe+XqZEGGcK9KqT + HBtaxGhM0pSc/I4RGFygHiVPHepl32/t5bVXZCF5gfDq78ZwEv4AE/b1N5eDbtHS + XAEGgoF2ZFMDZv/0NUv+SFHq1jtC3a29InCdTYvdmmFC66JG72bKl5fkIVIWUSFl + ygXYc3DMlsKd48UUoaSxR4HjtzpmC7LMkrOvfIEODT+H7pqGfPQ2squgAtga + =+mmx + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-06-08T11:22:16Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bAQ//WVG+ughuQI+YCCx4PItT+ynR4okWiqyGa01I2LF7alxj + VwcpJvrLaF5P3e0ivY+oLCSbHOHU5VlBSmW2sQKngJ613/lC5ULZyDdaFPMm+KVv + yOBeCdmS0Dl4IbQbxpJTOhipo+ybuYVWX+QNuRFTmlrAKABvmxJIONwjKU7ZYx0I + PjqBLC6fq8HMtE4jvXCeqG7ddhfrDbrscjtFisaHEhJ9tqefJuAdqakX9Y4LUxPs + mjVy1xYGKdEwKoFfslAfDpxZ57uRlx4MFG1olNkmGusAVOdNVSEY1xjRXe7qhfPs + EyaQd8+mknu8QgKI7LtnoqZx8eY+wMVOL+ai4v8geIqbHOlq0zCn//bfaqdbhx26 + c0b4ur3Dxjjjh656lBmu0JEFh6QfjkdL3mGy52RVNAr87knOuR+YTaLCRFYr72nK + APc4HNufx63fjldHNhCAOjqNEOO+aTJVXgasjRDFfwz5JxmRyAikWMlNkfAMGCmo + 2zW4XfrIXAzXiG0y7fKyWl/OS8YK1br8ImIVjU4vghI0MWSHVTBNHhapfS7EIM79 + MVVosXdZ4ZwLUwO4Vjc9PEgEFOvu+1hc7rVO9D96FaSbjMpb5PdxI7PYktnb2q0q + 2xgPKjQHLBaTvrAEN0nFKwQB6vWwAMg7zoHqCOYmomDmnbWuDnBsuc33tskHHvnS + XAFXQjf/BDQW45szygMUR1+9Zm+ohYS16oyWURdAd7BI3qOkSLI3zyYGiUEuoeYA + FYuGQWff4hnWU4/iibGvOSL+v4uRH7oyCezs+tWWNAOClX10Z1beWWOS06wU + =lzMR + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-06-08T11:22:16Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWARAAwYOiOIYtAiyyCFbVS2zvcXIQtdpE8pyMm1QnZvkcSlPG + fS8mgBxKXKS2QYsV7A3x/dpLUPXD7nhc99eePMIFfgv3nfzp6BuxEBChr9VY6BZN + xzjXLEA/PfzkSKAlqB6oVSyaNtYGv0xnTvxdSGkiTOR7O12+vunsDONtp0Qs4P70 + nU2bBn02fI74S0QCbb0NKCg0DIpKeKWYnD7wn2Ze+52NkEbdK0HsTi/yoMygzDhp + wHeNs4B7wOZD0t8IuZrJBoKLgnD1qK9m4F7tw7Qjc1sVf1Abttq66/x53dvFSLgw + xhaWp+SQl+lI3vjq1As1H/5ZIEUkha7O8YJNH7AHhdwQjxk5TQy7ApgHhDs4mtMO + uzMkaBwahGiuPQqdVbI/LtV8tf9nmV86WpAseWZdVsfexMU1zYlvodkXdK9x2GX2 + cWd3R3w7n7r4cRCHmHb6AFgJ5jdEQvplk3d0IZEud9Is/+8c6rAyR2F0tMFnThwo + 3HP/S56AXOUVxkkICG43raIF1ia2iSKr9cFEfC3a7eczxvRpn1qvRZk15XLHj45C + Xudl8k34x8K6l7PiKHxPUBLpbrt0qtGZ8mNzyPBKcaSywSO4BjyheOtvEO/RQgvP + Isb5cZOcs7+HG577ymSgZ5AyOBMb3GjAgKy1Ps3+B0LsQmKjXPgDiV2/lJg6AhPS + XAFgXnv/z2FoZju8cgi0tqjGs0kheRf2prPVO1bz2ymYu39wuG+LmuyCNGaN+/j+ + t+WzuAJG5UmPTLjIqVJGhJAwOE8pmC93dW2W1aH42jxdJdK/3nREtydE9USC + =NLcz + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1 diff --git a/config/kustomize/dev/secrets/keycloak-database-creds.enc.yaml b/config/kustomize/dev/secrets/keycloak-database-creds.enc.yaml new file mode 100644 index 0000000..aaec6a3 --- /dev/null +++ b/config/kustomize/dev/secrets/keycloak-database-creds.enc.yaml @@ -0,0 +1,105 @@ +apiVersion: v1 +stringData: + database_vendor: ENC[AES256_GCM,data:1Bw0QUhdunY=,iv:JUzYBKl+BrVJMqL/XGh0ATEA6B9tQlFg6MmB+64MGMg=,tag:HSuJhGkMZ+UgT0TjoaQ3bw==,type:str] + database_name: ENC[AES256_GCM,data:2ARi2Q5MfiOKrnNN,iv:uh2LqPTNQ7Ag57opeBiBJDUKiTs5gHdvN/O4EWed0tE=,tag:U7wYn4IDacE5BrawQJRgDA==,type:str] + username: ENC[AES256_GCM,data:9TDHakj71FRconlm,iv:65lWLGMUrfX8XsPEQjO62yEfSyfXgOpFtKAlG607xCs=,tag:CSEYn/cUWC/5Hd9jqCliuQ==,type:str] + password: ENC[AES256_GCM,data:grldUFI7OGMmwVz0YwKmoReTWu0D/Dc=,iv:5SD88t6BvPzaXR5pYwiYBAUJZZ+a1B3QL4rSvK0YZOo=,tag:k+R27DPO291y1W23KX1eEg==,type:str] + #ENC[AES256_GCM,data:iPQ/a+dVNAxrT6h8hEuANHWnEAO3mldesrEIl/t/uvc=,iv:medkqMx1QVLE7c/P4B1vjp8Ek58z3P1rDUFti47roos=,tag:86TIltdSxbW4I53kiLIYDg==,type:comment] + database_host: ENC[AES256_GCM,data:D2qnjjOX1IDH,iv:jaBNfCnCzhOrN4H7P5qzRy6sctXaoU0ELST3KJDhQrs=,tag:BO0kQQfs0rVs5cFTN2wnIQ==,type:str] +kind: Secret +metadata: + name: keycloak-database-creds + annotations: + kustomize.config.k8s.io/needs-hash: "true" +type: Opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-08T11:28:14Z" + mac: ENC[AES256_GCM,data:Ab8qBElANtVfp6X8g0aQCk2fe0RTmAe+Y6vKfpgky5ApktKgOY3vnebMSSoXqRzBZd5oX3GXS6V/zV7CH9o3rZ1iev6t4WPPXkoyolcLPEIntru86e5hj9+OSlOT/DdftSlpyDRJBjgXRKHavKwKNDfWbq3bCKrvqpNPRAydAIo=,iv:9C4ja5NQoNjMnQ+qOPTltkdTZKHUoL65OZa6oreRKN4=,tag:F02vklVNgiO1FqVynDA5pg==,type:str] + pgp: + - created_at: "2022-06-08T11:22:23Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA/3nDyRfgQqhARAApUv9bMGfcmR+NdivBbgibln1abkitM+BsPGmgm9bY4e7 + edM+x/rgLSHKvKR9QpUVgOgapz5+TBrhqc9sR8eh0+WLAypfGuR+QQgWfELDvabG + xZrZjOGds5W3T4jfItDMJwrsGxP5qyMIkUq2gge4um+wBoWUvshU87vpqivgDgaE + jGV98R6CZDFieElTwJdU85W0YK1qwc/wMUmUIH8gOMekqDU9t2HfnZgYF3umGmnW + QOfX/DO53J5guKn6/hRtyK7kDvGs6mACzsQ5ddut8pkdRdg8wIAmFWvERWRB2ypA + JOjN7lhqaZGvXXGdRradBvbW3Zk+0AyTDJywfFazGbtWLv1dV8f/evSFKtJlXeig + ORoTCblEQ7Z9IWc8J2KTOtUBd9cmld+6GZUW0r7qsa55KzFR5S0LGmSUHWMZ3kGs + 1l0KNm8xwOhLGlLIJrFdfVmhBPV/af9Fm0Fx+jTcvH7VkPowwEpTbRm6dmw+Q6NA + wFkoc57R7syGKx29oAcGHfYbr0QbwcMBwBIj0mYYEbNYsAyl9T4fWgarUpE6oxoL + Jl5haSf5Hg7j4z5P+mjsch+BqESS15mcTBmuap3dwjMywCAvVB1bCs9WtDhlhMOX + ZddwKDGH9qtfHOX8kZGOnwNFoq4N28TpNORcfNaG+S7XtSLYYp6br4mo3OHJUhDS + XgER2IaiD4eEvQqYIQqK/PJ2v/Sk74qt3/fW96pPZe1nbzqgl6PB4zXFZzV8+xYe + GKnhcCyKpIo9CR+oVlLg3yxwZfqpPLeJbu7NPyU7wBK+x6dw+X+ce6iBaM+fGnE= + =i0Xl + -----END PGP MESSAGE----- + fp: A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439 + - created_at: "2022-06-08T11:22:23Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7ARAAk0DcNrbvfyOqvwtlRAh55hN3QqdOVWFT6BPscpTPcmZ5 + AL1p5exYQ83TzjaWYca5dxFQnO1MtM6nhPgYqr4cEAdHyeFSrTgGfQkXKI3f3VRs + G3I8pYw2a1c+dA3Oq2ETEYPYG8E2VIOnthraZBc4y6PfMmuLG2b17ypKqlQIWCEg + eSstIYEGFoR8L9OKNFfMwC6IGTrpB9e6imB5bUwn7e+iFig7zfhXx/VvmzEq1lfI + BW0X5uK9wNMiTHAMN5EV4Ac7O4qTxfynh0zixaDP01Rmc4vbillbzSidx1CZIcNO + Bp7qHAk5GKkYTXEIUQzkNjnSVbnar8nDh81M9sLdpVtbQzkJhU7Sl4MZXrNUT0tD + 5HMSnQVH3m2IBSY2PdZ0SuHCPqm2sRHrkpUNg6/cjaHhfPOyPdzL+BD4tLYvPwBX + 5NiWVi7RBjathRM4FMz92sfxjeaXGT984brn+Tee0Ooo8mfN1hnCo7HiFAlEkSCH + qv0TC6MsKG5af7D7hiT1yvxiXPf8hSX2rCGKFaCZM0G2xBEryGwFqPjle6E0ZgXk + M1iUTZszZui1obqaItxcdcLP5/0999Kotem/Yk4+iMycBOP++cGTNdqbfAot0yjt + YTmgtlpufzhd8RSfXWgWKkKSwsAX0FeGdNxY2VCkiUqVMpmeli2Dm0RYxTP8r/bS + XgH2XIytg3MHYdQrSt7ohfZIekGZApTdnifxhqQu6k4ZCtEWT2wc32q3DreRW3dy + jXCcRgmC+HzPIYF4Zws5Xjw2fjUFhW3ChGgYwYhS6TKDnOgwT2Bja/1d1mZ7qmg= + =eogm + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-06-08T11:22:23Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bAQ//WUyaFA1suy3zIITWAd9JKh9Rh6RE6rVEazGrSHMvx0n+ + +EJ7xJ4m/hO5DJDy1H0lnUUJDkcVVy4rplOXms/LElSE6okcZFnWdU2acdHot4ZM + 1v+BoMmuUyNIK6H/DyCZwf7kVj6V1xdTS3BNtG99uA5U5Cy+hqJM1l4rnu+vvhXf + MYdUOn+7sTCSVSGjveXiJ05VgXv73IdL6Ha8nkTfedygsSsqrJZRiFSc8v7pPHWs + mIV3I2stcrG0thUk6N1y4+q1StkZTh1qGGMLfLi81cNfhc0CJ/vDoCFfLyRS0yLm + BByCyzIXbtnma4szItKTmCTiUsxHCw5A6+1mMz0ETEgetVeweHWaHz1i1cl78kao + fAmfDGU13IjRK7pUMdqX4gaS2J0O6IBgvKEQfJu1bhXzKQITF2o0txomDeI8KR6y + gpdq9Beoo+8Q5NnUmZICL+AbMdX5jRySqzAz+sh2TFsTM7zL+ppz6CNgueIqJ6Az + CdoHdRUwZAk1LOLoJS55PoUSiqwb/w/y2Hik9/SEL4F6Pbef1CYBr7JyqxlFJvAb + UB8XKr1P6ZZLs+lgc6xUUZBUi169xjJeoKRDbPHLWSSgDgCszMSvPMw6VwhcDJtW + zk4hnZMsV0Gll+0Zb1Byq/ys9an5IazlDd9Wo2uRwl4799/z40T4xkb7SktR/l/S + XgE5KB0497pRuTFdNlHgfNzeVRIOBVG9BHehLh6KhaCvDa1Zm9rkbsauBFhWmdhI + VHEHBOSMNVdpNWGWHr3M8PpJzE82kFP2CThfB1G6bsFkbCcvutMekfe384Ezrj0= + =6jFz + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-06-08T11:22:23Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWAQ/+OrS/9FcSL0afTeImNlgvbBIoaL04S2rPBHigqCGGKLL3 + 89k0tt0zJ8jAqCvk5W5M74XARP917JrutsB8eWfuLgSldaLxODqbycbLbb8EoeZX + P4gASwlmSdnSFhM2oAOh7aqfkbHsuuryO53D/uEAZxs+HIlKl6pkIn3Xq7ptDwF9 + MsMpbm44khvcxOOTwRu/l1o4NgmigocGN7ffabZb9wgvJIxCHb1rAf1RmqjHe7jo + tVIg4w95on6PEdSAm+C40l8IEGHZAd/Ql8hvhKk4VKSp+4oaqzb0EOXAh9QkPgHp + 3LO8v1UVbJXaOrblTxcrNpACfAT2aCbyo2BLr+1fxWoaJEPC1M9rciS3QUkMjiPc + /BtfMMewhftG6l4f8lUWaxynu6ZyDrC4qkvZ9yTxqELCseOWoNemBmFq2rVMgj+G + dy9iR4ZZCSCmbGPn3GRH0y/pQn68kn3tKLHskK1AcBt/GQczVRJLEKJGzq1btZXi + JovHXqi07J46KFSRJGxOi5MTlZ1roQnkiManYtRfXK5/ttS6rVtSL/FGnrMUUCE0 + 0sDnTvTmdvryV5x6ghNzGM3ynY9S2DSj5OWU4sq/hwZdv5s4tTuJJtZDXrahRpRa + 0/6Hiud8dDSkcKYcF3UMcjK5o9De9RVn8JAPA+8yMOEoD8M3zf78MXIveDWohaDS + XgFKLYw44HGb6cDHoGNksr+Fdpivbkhi5Tm91LOkbkZS0yedsKZobXX6wtCYGZ1H + PKzxurMZf6bSK+BqyrTHFhV8bh7tEoTNKLT+AJ1hztJ69bF4d9JL5WWywWchCbI= + =jnxM + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1 diff --git a/config/kustomize/prodnso/.sops.yaml b/config/kustomize/prodnso/.sops.yaml new file mode 100644 index 0000000..30d6e1c --- /dev/null +++ b/config/kustomize/prodnso/.sops.yaml @@ -0,0 +1,15 @@ +# Fingerprint | User ID +# A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439 | smardigo automation DEV +# 890B2EB48F343D4C6DB9DA0916826F30002D3C1D | smardigo automation QA +# E5B4FE1E0209DFFE320D2A2E47087747D89B72EC | smardigo automation PRODNSO +# D65D400040387210377B6A71DFD775644EAAC77B | Friedrich Goerz +# BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 | GPG DevOps +# 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 | Claus Paetow +creation_rules: + # list of keys for encryption in __DEV__ stage + - encrypted_regex: "^(data|stringData)$" + pgp: >- + E5B4FE1E0209DFFE320D2A2E47087747D89B72EC, + D65D400040387210377B6A71DFD775644EAAC77B, + BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5, + 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 diff --git a/config/kustomize/prodnso/kustomization.yaml b/config/kustomize/prodnso/kustomization.yaml new file mode 100644 index 0000000..6f604fa --- /dev/null +++ b/config/kustomize/prodnso/kustomization.yaml @@ -0,0 +1,19 @@ +bases: +- ../base + +generatorOptions: + disableNameSuffixHash: false + +generators: +- resources/secgen-harbor-pull.yaml +- resources/secgen-keycloak-creds.yaml +- resources/secgen-keycloak-database-creds.yaml + +images: +- name: staged-harbor-01.smardigo.digital/smardigo/keycloak + newName: prodnso-harbor-01.smardigo.digital/smardigo/keycloak + +patchesStrategicMerge: +- patches/ingress.yaml + +namespace: sma-ums diff --git a/config/kustomize/prodnso/patches/ingress.yaml b/config/kustomize/prodnso/patches/ingress.yaml new file mode 100644 index 0000000..2c4d9cb --- /dev/null +++ b/config/kustomize/prodnso/patches/ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak +spec: + rules: + - host: prodnso-kube-keycloak.smardigo.digital + http: + paths: + - backend: + service: + name: keycloak + port: + number: 8080 + path: / + pathType: Prefix + tls: + - hosts: + - prodnso-kube-keycloak.smardigo.digital + secretName: prodnso-kube-keycloak-cert diff --git a/config/kustomize/prodnso/resources/secgen-harbor-pull.yaml b/config/kustomize/prodnso/resources/secgen-harbor-pull.yaml new file mode 100644 index 0000000..492e495 --- /dev/null +++ b/config/kustomize/prodnso/resources/secgen-harbor-pull.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: harbor-pull +files: + - secrets/harbor-pull.enc.yaml diff --git a/config/kustomize/prodnso/resources/secgen-keycloak-creds.yaml b/config/kustomize/prodnso/resources/secgen-keycloak-creds.yaml new file mode 100644 index 0000000..325ad8c --- /dev/null +++ b/config/kustomize/prodnso/resources/secgen-keycloak-creds.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: keycloak-creds +files: + - secrets/keycloak-creds.enc.yaml diff --git a/config/kustomize/prodnso/resources/secgen-keycloak-database-creds.yaml b/config/kustomize/prodnso/resources/secgen-keycloak-database-creds.yaml new file mode 100644 index 0000000..97e5864 --- /dev/null +++ b/config/kustomize/prodnso/resources/secgen-keycloak-database-creds.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: keycloak-database-creds +files: + - secrets/keycloak-database-creds.enc.yaml diff --git a/config/kustomize/prodnso/secrets/harbor-pull.enc.yaml b/config/kustomize/prodnso/secrets/harbor-pull.enc.yaml new file mode 100644 index 0000000..6bd2395 --- /dev/null +++ b/config/kustomize/prodnso/secrets/harbor-pull.enc.yaml @@ -0,0 +1,100 @@ +apiVersion: v1 +data: + .dockerconfigjson: ENC[AES256_GCM,data:CwvF4Es+apunqzK4kC5PTux16rkRyWR3Gqpzzhuctc1H1WqbDFdXt6oYG4+MrA24UVskhqr/nPYzfMRAnllA0A95qGsP/JbXPjFhEukhGRED0V5BeFNN4+snIMTCLciAJS0eIb83IkJu7gD8tq4IZVVsyGWqFObyTnak1V+ScQE9cOY4Jcxen1n5+QzthFj1E47WRnDLfIBJMHgjgdk7sN2QbcqO6gkt+29q0Z4Sd9gCUPt0,iv:txTiXX8OQnhQW4njDbEpPW2aGygGl8qTybm815+J63Q=,tag:iH5d5/qb0KAQ5j0kV8HXsw==,type:str] +kind: Secret +metadata: + name: harbor-pull + annotations: + kustomize.config.k8s.io/needs-hash: "true" +type: kubernetes.io/dockerconfigjson +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-08T11:33:30Z" + mac: ENC[AES256_GCM,data:dyMvyjne4500uUQY/pBDS8SGIm41gUVr2e05Uu+Y2QlqhxyajyrBWGGLqamLuBGqyh960+Eh55Q2Hlv47CLOJ/ivREDdIF/UrJsRPDzLn81R3tk7Rw6FZd30l5wngYguBtOC8pTjUg0W8L2vA3S5hxeD6B2B1VKWoBr8GnTdzVc=,iv:yX6P9va0UtBL4YIr/lBd/akakK0ASxleOSfZXfkUbSY=,tag:RWQz70tUDd+Dhjl69Q/Ouw==,type:str] + pgp: + - created_at: "2022-06-08T11:33:30Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA911WKxzIy2nAQ/+JX3oJKyRE04n2RWBVQdsYXtgREOs5BQVvYjOSkkQ5PbW + mlg/DYdFdOU9LbU2nsUyblcs5itPOAr3ORz8hSEAe3pIYmkcutFGSMrQxkf5nFWP + uP5Bv0VqrWCV7NO+UKtHBowNBd8NPhkVMgisROF/aentpxaiL8kwI3hONC9mljNy + /+j0jPvgNoCF9AQm6/ZG81QZJ0VyY/V9wkLUqwktjU3hxdrm1ZMuKL/Bnx7Ob2PF + PiGOZqDgeDIEwm8ZwXq+tvhgZ4UyQcwUhGNsSmawxD5wS4fB4Z0oMPJMJWvlvb6l + Xlh6xAxBV0AkSqnWKCWTvvYgOszEg0JqJHq8rZMLhBxwTHZ0rWeaeRC8ebCB3AqK + WWuHYhO9w7aXEdqoFvjl8mwi3fFeCW+2quO6C9s5nRSOgn9v9iRLnqcyUoxVy0XF + rRKoQIaB+GWdhom76TncrRC0STHz+rKev47t2MHlixGzkcDQ1AVxhgLQGNDSm0Vg + 8sJCywsu0GGyphWi57T6jy5XzTkPlFdCjNj0ZtpFruHxiOIYnjdT5zwwcb+0eQYw + EHG5RjRYsd2+gqCapAtrgtWCAbnSxgSYb8tRGP0WWP8F1YruZrKXhSDDZt2QcLtq + 3nhJOx8dnQy4ogIQDSmQ+9aEHHHHCYCLe7hRlNw6mO1R/wklXOmIvsrYxQTFiyPS + XAEn7RbU6ciR7OFdJlH6ak9kZozW9rVi4XeegjHeQPxueS4LFQWqHUoqErrp9+ZB + dwfAkACredguxCDgLA2ffMR4uVQN2EODpMjmrkWtsBUbB82m7ZGoG6pg3kVH + =21v3 + -----END PGP MESSAGE----- + fp: E5B4FE1E0209DFFE320D2A2E47087747D89B72EC + - created_at: "2022-06-08T11:33:30Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7ARAAl/Pr99sV+lgCRGNhku2gYHV43c7Xh5RTn5OzQYrL/n0i + gLECiik8k9WbATxhOSAADzzs2dXklw0QhcxspmsljEEbrIrrmRkvmdePZGMHu3OH + SROT8YiS3cmK2mLmFbqsgHx3I+T8NrfU29FoiZuTqwrGEbNPU0oJbfmU0NmVomvc + X1/VAVgKn01cxiteglOi4JVa0EnyIivdbff3l0JNufwVMJ6EwVKf7hR75E/uiTqq + DWZ+QTfu/iTGaAdGK6sgBUI0S9KHlo8YHCrasGSJX2pwPS0ihiW9UaRrGDSGCaCu + SjoCCBbYUQMKEvUbsO0kPLuMxlG7zzLjM0RJ2Ll1ajTSIW6qOn1gPkbjhapddXRl + 2bGOu5yHQkE2S4v2nkR2QEH0PHcFCG1lu/fO1viX614WC5hSBSABUFgr4mGXgvMu + /NbK5/6PEXNcaQIPS6QGatLNihkQ3ajyGUOPIZNR7ZhuytLHl0opuLjTP5ZqSya7 + fR0ST34vtJGGKBgwcXb2Pffcly6w0Ta3RDHZ31dMFQ31ihaRJxp1wsrEIEdFUZh/ + eCtBuGl+0kRQ0pI2Y92xJvK3E77IRyV6aXniJKglcegnfJQtTgoubk189J3Jsvjb + 3DxHmu46NWmY61lDKj0p9q/bE+R9zp1XIJTqOLIVMYdhDrER8WjGL4AA3q2BkW/S + XAFBxvHtu6MAiNGOmIgoC1xV8CLI8Wh8t/DVlq9yEMmpNhx375Dw1OdC/SBJZ/V1 + P62g5oDf+w+ll3f3z1YyKjW6FVqJzzoXnyGAO0yM1QMa/weo7hTIN2Q8EzYg + =EE2P + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-06-08T11:33:30Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bAQ//aZsDekHAl66WunJRP96cUXfGxAsU2NUqXPIrigxkVZpM + dEhcCqbfOQKRJJDf5PJ/WfTarqnlJpcS5qnJAtnjRlHxyf9ir89owVCcHrXvcDOc + QSD6iCvZWRaxdOG2HZVxbiWbdSI9QFBtTsM4OY3N3hsCdQde/h8VmzsEAaEyQ7oH + E+BhSwkPek+bjddKUwx+m5zMSXNsNBStnsPuF88u/xjj7o2BKTc6ICJApPigkcEf + Itw3l6v9QPeGonSMYDwa7NP0wyhYNzOVvILOahPYpxuW5EcJ4MfkALhku7dbiUxE + NalEE2OVi4U/wcNhAAKTMb8nUpE756nNPPlSX6LaHj+bq5ZyDr08XrjQghCriGw+ + wNUOVWNJLut+PmQmcDPTST6MNeUKvZXsufjDxqoClwF5NOvvpUGe/yYXvFX8iwiu + zuYry2WJxQRCe4rwkzrofFEeYwvtRCvm1cDyyZVE9O4U8B1CSZwXKrp4MGPIGQIS + gFkUtQYOTfTMCgbd4xUf8D+Y7X3yeYBzy3fqRR+jzj1Eufh6Pfbk+5KQnJCn5xpU + QLroZUGOT0d1smGCRkOFuWws/U4eBT8HPk2l4RghsA/VnPipUQBEBG+oW8hSisT9 + sXVIaxNFENTWx3RVYpKLFeQBQd/rPXCFAPTbIabAXjLLZfCzrZ91U7pxMgT0TjnS + XAGz8TstCloA7C+tBFxyvc0Ey3H1vHEpxilJvd5EvyDQFbYZWc44NXEZ2Jlfm7Ce + dU2Z5P1tJyA8sTXd49XARlNgGuSZxvBxIordaOQZuuvoQ9GwqfHiJp1jUSgX + =wcdk + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-06-08T11:33:30Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWAQ/+OpfZj2rENP0PRwhnWJ+xd/kMhbexRUKrQxAkLlX8lsOz + Z2OD1lrvtXrScEpn8Ld4LGMXwmPSvVsta8QM1r/0ZAmZXT27qBJOZv0vjh6yYtSy + 6aL8zP/uDppd4URSqlS6fZWVlsLrQEw9FcihHw5zV+brZrn3z18RlfXSPjFgtg8R + nC/S1BYERs+r2fpwj+WfH7MlF2M5uuYm4RjUON0EUJ42KM0yUHCA8UPR9QHOzhvy + 9606yYpgq1ZM3EBfInehBX7WhEG8HAXnYgxBE0hzMGBMXexi1GpitwMN3C/n6GlB + 6Oq3NpGebxAHr16Rn66+RS3CpBiUPg3TFcYDqw1q/KUzDYGtCEqTQ7/AE+hWd9X2 + Qkr2jw6nUw24uWpyHx+qp+cZBeUinrWDe8AVLNGZYRbp/4yp+vK54rCKIF2IpN0x + 8JJQryxknAurqYjjMc0822XbmYMfiQ4cXtzjdLMzl3dOUaoaG8j82NcY00/UXPDs + Q7PGSTtfbTDu/qREnMDdD/N3B9Pcp87S1o3vcvblCtxld3bNZrfz7y7/eNmPDTvR + UQ4h3KITPnGCcR2YFDB+2DUEqo9EGgN754D+dOpl2kuAjpxK18C5nnlQ8YA4ebIe + 9fFOqzgcIxQLGv++ul/qc903sfWi+lcOCCco5JLslBKP/ouLKwgLdIcJz46XF+HS + XAGXHJAdmQ4eWJRdIr5lMwJxfqp9IGtT0cHgfb3vX24ACOJHuENQyT25/VQ4f6wK + 0YtTE3oaWnigXxznvCwWS/zHCYvr7lMUByITPivrA8RrkTK/7H5yWGXcQayp + =hTpR + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1 diff --git a/config/kustomize/prodnso/secrets/keycloak-creds.enc.yaml b/config/kustomize/prodnso/secrets/keycloak-creds.enc.yaml new file mode 100644 index 0000000..041d346 --- /dev/null +++ b/config/kustomize/prodnso/secrets/keycloak-creds.enc.yaml @@ -0,0 +1,101 @@ +apiVersion: v1 +stringData: + password: ENC[AES256_GCM,data:evJx8y4ubwTztsLS0lLWpw7TURE=,iv:XnqU+9EWJctWrmiBzPkP0fVb6QpB22W5CShPEVcLyQk=,tag:qB6gCLSq9tOOLBDpED7z/g==,type:str] + username: ENC[AES256_GCM,data:a6Pxc+MmoBSpxx0CcgU=,iv:kBGBfxt0NGmREVc1xtZnRz7Pv3Eg5CABL3n/1/qxgEQ=,tag:jwQcu6oIlA27lveVrlj5gQ==,type:str] +kind: Secret +metadata: + name: keycloak-creds + annotations: + kustomize.config.k8s.io/needs-hash: "true" +type: Opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-08T11:33:27Z" + mac: ENC[AES256_GCM,data:nxG5eldOr2AAuItOl5zn7fMgGmbml08dsnhM/tJW4mPE8DlIpWGsBH0H5h1drlkBmUlQAc6krIa85bun7OgVbS9uoQJtN4GTOw7CfoG67Z4KJR9PYPdom3MWNFxU9pFgu4rTN2RdQ/VA9Wn1UHWlyjNJRWsuqe+N+f5CDRU+1EA=,iv:iHqpvzWo6mGnkwKMrTTlcQNdSWVjjZ3eQd2jnwXPQxA=,tag:1VYe76RKYVjRewnehTJBrw==,type:str] + pgp: + - created_at: "2022-06-08T11:33:26Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA911WKxzIy2nAQ//WvvstPxGP8bNB0QqcpEUILrhbVG417JSnTSu75civVuG + gdNLnPgeZycpH4C5PI1MtK3jMyPTDdXjad3aURxi5jUu6W5164Cy4muLNO5baIdl + 0668GxN9cS7RrrrUCoyuICI1RuQKTExAejjPnxEEh1Qyxuu70hgFO/VucUkBc21J + L0TDKgl7+5cwZw54O6mjFYAxpyWGXybE5zwkFwtiwv0Ye3Yd4pKL62cPJ6v70iD/ + 0jF5i/hxzlHF+H/K0q2A7RejLfmlRO/+eQknirsy8cq8RwHeb6YzH+dce5wIgY20 + rPv6l9frNG6cXZQ3W5mlq42ruGFIxph2QVwXY/0gixiWNC4K7lrpa2G5WY+9+5gs + H3TYCzXzu4XveExozcH6HjRz6Ten38taLOTzlApmHx5r9dq30ZbECCvvbGc43w9n + rDrdCWXVL4/XQHANKF2H+iu0lTx52TWEvd0HJlPKwhRwPXylCZVbxMdTkwXK2d9y + 4obR85PNDSj8YrzS+NcFIVcM0HVVpi7M7ZINtlMwAbWGwQpIbkdq9o/aHqChDY0A + ++4vZiEeLWsh6/aPKDKvlLPm1MCV0zBfEq3+Eb3WsoWBAKxu0JGF4p/5JbEL16d5 + jtVFOe7p3aT2UY3hyxocQsYVmYq2foC7WPbK38dcUH8wTfwsnGL9iCW9+IOTaRvS + XgF1sOP2PN/WhxCS2dvUQ0X6jH1mnTDKwgborIE36fevhKnIIPleiUvN5ieHsbnt + v8WJpUsf9KDkWqCdPeUckeMOWHLrPpiLHROFtvs3Wx2D5ZcafZphK94qM0D4i0A= + =3dQ3 + -----END PGP MESSAGE----- + fp: E5B4FE1E0209DFFE320D2A2E47087747D89B72EC + - created_at: "2022-06-08T11:33:26Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7AQ//adrPEqmPQ+hILxB3zBx7Y16nTlxfEJesdcsYXU+levHN + vFTqR83p0jiZ/+hUyp3FvxwjWbONFECUqKqbhkO9u2rSCqEBQ2jrBLQnuQYPX9Fh + qt+fvX4fbbBLJfM5uGFhPspUYh7/d0hqsSWwEQYrqUikyQD+LCc5rYOgvMRbpPfk + rnKB2VzgxusWCI3KLfupMlZtLfvsRdiPsFF2NIvX5pNUevq1nkX9jofIU0OwM3O2 + 24YvumfIWVXsi9epcW2RznLkYmX7IDDv9bqXua1KSPOfxY3fFg8eElQh1aNJGgTv + 2xZlJ6FcRzskAEicmDFm7WYJKYfJxQkaWU7qeV0cIznz7mx+8+qahNbnJxpu4SDq + GV+7aFP0ufE96Xy9lQqllJI4yxJnpExq1myheWVcpt8WqTZkjMjEKJgIzeooGEXV + CpuPDklQjof/8IuLzpdpCObvdEY10TNtuuxCyaIjY7uN2g+0bgs8ltUDeJiYVpTQ + Kne18VKM44OMYc0hJ5sC9vttxkLKTdnswsiof43oB1qEhlWqBcIQPRRKOqR3ksW9 + o72HId+KaTpE5csAd9SSAj9gLVwfAQ9/WC3Lv6nNSNNakST0gVJuQvcFFxQU364G + 9FdAG9ls10dUa45T9BOLyGvsyCoe7Meo0JPAk81qKXMZnU/b9H2DgwYBiM1LUKjS + XgEJv3LnU+rSrVaMtkEn/127fxI4zkqd8JkssqJCphnW14WB2akbRTdRJqCa7I8V + hzxbWNGlCQcT+WoxT6hQiOm0XRZDZheuuTRLOCsQGn/aZb84+WyOVtMsjsEq9xU= + =mhfN + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-06-08T11:33:26Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bARAA2GiPo3thHXk6wRFctyrM/NVKyPBdXs8JFfCTuWMrUNFV + pmZ7HOeGcNSrtxR/O9lV0G1Jx8qA0IADtshr8vuce4mITDcrf0cR6phEk0ZnxYks + 9PXGhhGKTi8pKTUIxA9wOEFsPGxkhDeiG/kJENI2kCLKZ2GzHhrjItBFRdGvBBAc + LgRcs3KcUaW3Th0beHEiLkC/+PdI/HjQQJskZGEytcjh3w73CfVBZCAtQtO7JOTX + X3En8MTfScJW0ojiibwet7bav/51L1LPGdEmj1horW1U+xNyt5DwdkAaHgw9XqGP + Jgu2hcMoS7wwPB1t5coyX7qWVN50g/raGKGhImxTEjUqIwM/dvpoDTswLr3Ng1xc + Ft5Ug/0imt9gjd+TdP+DVqUseuB7+GRGYH1OOPk3za76lAiBGEWCEP/vjnupKkMU + xZXeUHK1L5dJHCkMxxhDg/85AT/sHObMAjmZtrmQFAIEBWTrVlc+g27IRJBxz1WW + ESKceOSXNJnlosaUFRnNjgWud7LpkpowhIQgnAOadaVO2t0x5qLmqAbmCd+sr6pC + 68hnTX8sWh3QoGQr90TQGzDx3lN6cqZQl8DWE8s4wfb85XVW1RXoJAjX1pfgANh3 + bO6FWFNrZ7OHueY+vl9eN4VspsGBsvxBUS5NGv+0zwZxJjIMNo6kxCV16Gg3IkrS + XgF0usIe0ZopBai7bRrKlYVU/Rbe0piRmUJnm+BXPu4yYlIku07c/fId9ABPW8yH + y9hvRREEsiIVQNt27OtxcaCuog9OxzDKkVxmClnrUpFn2OzGF5GFR9uZNvAFqcI= + =Jaqb + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-06-08T11:33:26Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWARAAoIDUK+qU5f6axgwnffdlF2YEOXHXKNiWVPiR0S8/Ooqy + sOJe2tL/Q120/55N6lBLMuIpfCRN34UC5gtWF2d2KFzC7d1/FNA3t3qD7s6A2zEi + NXIJNDSLlFnb3bZtaCz04Goa7+sjPlDBqf+/me1qlwPvXVdLH8TtQMyvxZmjFQNj + DicsOCEapyKh6q0GZk+7DYKz/HTbhXTpKEBYZO0+C7qGHflqzEislv5dmRW8H0ZW + Qms2V5ZG97R45ZawGGcuQxSnto2tuXZAIcMdiE382eYSN6c1Fe0w7fPOCJHKSwzB + yfdwK8D1fXD/x+OzNrMpOll3QPojaxCkCuu6IjNOSfWyqijAKwvn19Pr4lDiOlOt + HF+xeWxpeQOpbSbAx3fPYpe6XgooYUk+3ZSgw1TGGMZCYUNA+6iPYBJDjgNm/und + 4sajTXIxAA3meOjtAmbx7S7m1ts/KRjtvIK8wue7jNTkn97TNYybdq3Bt9vBsIR4 + aj3JANGiVoEeMAvxLyDX+sDScCYkARSNfbcwx9enxaBZ0qlLWaZe5QYjB2VKkfMo + XPY1XnzDpSfZ/3dRaz5wR5jqIlirb10WIiD9OauZfrSipGaXfmzvzJNageChEqu8 + bXvvtdqmZgC+N1flccZmbDAj2UKg5dR8jhw/EQpLs8sL0h5MX5xPIqfhmgsReG3S + XgHHc5eLxDJG1KRc1pyGkZIUrNkDnz9J09VQMlYzOgf6559LP1T8mCXb4i2ajUIa + P7hoNMcmWK8YCaMzBne0/recL6p25y9b9S8gulseqq5+IP2ZEZFPfFOBg9PdgSI= + =AqWO + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1 diff --git a/config/kustomize/prodnso/secrets/keycloak-database-creds.enc.yaml b/config/kustomize/prodnso/secrets/keycloak-database-creds.enc.yaml new file mode 100644 index 0000000..9c96fdb --- /dev/null +++ b/config/kustomize/prodnso/secrets/keycloak-database-creds.enc.yaml @@ -0,0 +1,105 @@ +apiVersion: v1 +stringData: + database_vendor: ENC[AES256_GCM,data:Uh0p7uAG+u4=,iv:lThw51/DuyKf0cZkKyWfxD8YHGaQIi9z/KmjjuR3xp4=,tag:1Tl/i6UMfiS0kYuY0f99MA==,type:str] + database_name: ENC[AES256_GCM,data:UWugbxm5KPEoPc3zmQ74MA==,iv:rIhZsr8zJ9c9O//kY70ZKWqVeUKVvDAbCLbFTbIpUWc=,tag:KBVTQbQkjdTFCxeRVOOCIA==,type:str] + username: ENC[AES256_GCM,data:LHaOsOKA/0MpGpfuX+Y7dw==,iv:wxDEFv4KFKsbOeK2neW1OzBNwN7BtO7JYZCxlW1CVMo=,tag:rvJbvgSgucaUjHcSWUZiag==,type:str] + password: ENC[AES256_GCM,data:7znhlITNMGi/OHwfdPRNjX2DkuiBU2w=,iv:Qa0dGgFwj1dV3UqRuq4d38mQBEItd2K0rXTS/TW5bqc=,tag:KqVgQFYKjB6x2gyZZoSwUg==,type:str] + #ENC[AES256_GCM,data:hJ//t4Yu/LR1sPUCWLADohqRIWckCpLLtXrrcQLzFPgM64XQ,iv:Cl7MjD/DtvCqayO4C34o729n4zNjF/XMrKtFN9qg6bw=,tag:4nyfSxRyOFtlCfULI01+ZQ==,type:comment] + database_host: ENC[AES256_GCM,data:i9i1pgZmMVHE,iv:ovDgemVgiS3KWz6dgoaHdSyU4lO9TpuomJJlSNyfm8I=,tag:9Cv28cwruLSVwJVRpK8NOA==,type:str] +kind: Secret +metadata: + name: keycloak-database-creds + annotations: + kustomize.config.k8s.io/needs-hash: "true" +type: Opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-08T11:35:42Z" + mac: ENC[AES256_GCM,data:pRg0YaFs3y86pq8eguzPvDyBbnjcbGQcRDpWB+J70rGRi5zRQ9rb+nk6/1YDfxJyRLdI3UEslFSEjja+b2Cgt267GEOEoxHtSXJkabO6gC4KH0tQ3sEKWgBEu1VAhDSVBhXxIjbQOkRItUDeTYHFVW/54GWnrlBPgvRM7A3vUbU=,iv:xPtQWNN8qqFV2mWxz97UKS/g9yVKxYcBlAYV7xinimQ=,tag:VkLtM1UAOni026SfXvp5Gg==,type:str] + pgp: + - created_at: "2022-06-08T11:33:23Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA911WKxzIy2nAQ//TxvilN6i3tUV9GRYO+w1rj0KyqfQ1X41Uk6anH7jS+rL + t5q/Yj6G/eHSd9QW9sSDsHVTXnnEqhVpoPT01rfXhK/wTGeYlMlfr3zR+nlw+nVC + bThMX8XrIjtvs8lzTUlTgTqoReoCeqLJKl0XOCyGEv3xvY8IuoaXoqDW7Z0f29AT + PAo+LyLbM6FL+AthJdEokn6s2gFZj5RcYnoYg6yQ1KIyrXr7Jovk8y656883S0JB + 14vadTX7DL+tISTm0PIAQiNIfPJAY+lDy+GKWYbAe/fmcysJOMX4jYgoP7AI6Fqi + lVo5gUl6k0PaBaGNCotaFZWIAm/VY4OgQl8wa6oa1gokwUcaH609dINQKvAbv3du + SBQeVPBEOo2A0/XInIaNQgKuJZv6RODMmj3FLJUIfzPAvqrzFKqShM6d8b6UaViQ + NxocFmeQgxeOdzk0SdLmhrNbQz9qRz3dUtC1u71e9bHbRq2IUskUvdhVnX94rtQ/ + O5uRKuww3rynjAkRG1DJtZGr60yAmRN/cFWHozeBgtBPuGK45bFsKeqTqxy5uo6o + OfsUQbXRXq3EI8Eha3DTA5cOKI13W9RsJjtxZlFpnBBTWTtI5Yfs3xIEQC4dV/Re + sBRdLzSvD/W3maezMH1FhrBjA3NlEH3ZFCo9jXq4ubGatU5hA6cIiwYDPXnR3hjS + XgH201hJ9Cya+VbGbvi3eaJex+VY77xle+80aBk5BdPYX+PHihdDgdyMZ+0MRgC9 + dxaCvxfsXNKJQa1k7jD5dGHtFP+DltwkcAa6mFUeKQ6lA5wT+r1L4fOjAeaU8YE= + =iZVj + -----END PGP MESSAGE----- + fp: E5B4FE1E0209DFFE320D2A2E47087747D89B72EC + - created_at: "2022-06-08T11:33:23Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7AQ//b690Y9DbDVgBiR4NO9ztaPyZuvOG/EAkaRpDFcUBHbPl + mKnV16ZjmYa/whwQQeauQfG4BYDf3ReFf/AX81JZ7ldQDh7fKmuAAezR8AuNmami + zarWxYXpiaqnX6jXAntz3ZBwF1zsGtrDHFIgubQvYL7UclhcfamrMaxLyXG9APNF + Hc9I5IUcfWZQxsyxhVGcKENVxBook6TTNLPuMxiHclovxCDdMGWFgKbLVsU7pASS + 5xOLVeuq81OBz28AvnoVqWmX8izdVgvPXkx48CYAUBH98fylyUWt2Zg+qKaf4Np5 + RXi7B2acJWeWUIVhuw29kBBNY+QBWLDh5U/0+oAkl+n4A0zvF2y72V39rcY/olzT + YcHDbIT+mVK9jCDg+kqqZ1NP4q0I7caVvRoPPYjvfuNHH0HOhE/BEw0/J772Zgl1 + rcceAQ9Eit/uRt2MSFXvXNIOKkbOoreV7aNg1qw/ezVPpewxxMAGlAQEQNjtKSbW + z9/lhQedvKAFscZOGHEhxDgCgvfDN623cXU/5jO2siiJZh23kYKjn04AIkTB8qH3 + kdLVVYtMgXDfbwtB9ztlQGQJEjwEkqmNDHaV2BvTYUBeZRSWu6/B2GIzm49ZDA4P + Ino1o80NYhAhEa8ZzpRmkhsyFdXv4NEYKVa4az9JmVOC2K3tnYgaWrq0Vw8KEg3S + XgGSQ04Dm1Viz9IPvr+GHDUimRvARWhqQOQfRI+hURz+5PP78tRexZs8GDLx/9Jf + YLSH4A+Y1aQDlwXtpCSX+CswUlY58L+leN0qr/nN6b64YysboBO4ZdoE1DsIkT8= + =xKZW + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-06-08T11:33:23Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bARAA9IAenbKsIF66+0yDoJbhSnB6s93sXI5HMmwVpHDADTHd + VpoRBzsq2YLPbjnuHZ6oaC2oV8h8BZ2zgRwW+D0cxm0+7CK5ShLW6xQn34I1unyw + 7DGt4BMBPlBCDzK1UN6XbgUQ8MYqZH5yOsBiOGtzPYMzHvCbhoDrljRiejIVGwhy + Ja3av2Jhgo54VuzDnS16kANqKkwtl0GLEjNrZuJYq76ugwqP+uilsiKVBrPZ+O2/ + 59WoWoxdjid104BwPTdmHFO19xK8h8bCXw8OCcFaIWUtCCp2IkIQUoikXbOVYs45 + mhoSEk3uC8E3CVIZEtoSMmtcnpPpA9Y5B1XYu/dhdu9Lu8jwM0Zl44piV4t63TBy + ew2I4b1WEl2GuYfPcFlyFmu1D35oJVRRqE7rmdkuww6Zn6InkVPQUNVvvp0qGsHc + 7KhKY9CabcSG3CF0OGZIFW+xZYsOvappxxUc+tlLNL+WzTveRkDYtQOBv5bhUQcq + e8ldLeux3IQt6XtgEI35OV8MvKzScONuAAnfW2CNV1kxsf/+jrk2qK8uO6Pjy0zv + a5wTPxmAviIRoKNe2qNIvb9Qc0aAzcmbMxMyjH2yjGmCae5HmuNwGFa20oX+t/n8 + 2gF+ni+NpKcRySk15HrpYdFanAC1lueYenJIcrOt6SRC65dut9Ukx5RvLyrCpevS + XgF5nPhZoEsSuBkWecMBfv/nqgDmHVOSFPo0ScEmUwPkNVL72KiZvYYQzt8kezKr + lQnD4XjcJ7rPN/8VsKcMsrq5D2I9HpK0Ah1mBWKGtGjdCGHkVoF/SrCq4nB0Q7A= + =z7aS + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-06-08T11:33:23Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWAQ//V4reKSMkds1Meyp9I/uH2hS0VXc+lfgGxnV3ED7tRtUs + tpmDfcI7dp7yfMA4aMm+T2Bi3pmoRtLmY4mRcoEABiKkhYqmyJZo3uXP9NjqBVWd + p5oVCVJGfOvGEYMLXSQcoSQVqCTwGO4swGwP0igkTXpe0O2Rwg5h+ZPXnysOC/kt + +26pcAKuYuJpktpSGQuc8AS88u/tGIQgCAxjJrfxrl69zflljP/kYE2AU1XR8gh3 + Fdz96r82rCabkyEREbMfak9G2kgIZtXBohWtUWy/ZSa/CwMoGAAWPUp/jw6gJdyG + fUDo6Zdq0/iJgCgPQGrlaDzw38uQv6g4Wi0hKcIdWSPZMw88LNiAMt6odg7a9MAd + 3SyIizu/TPsIWmml37DyyNooG6RbQsyyOuURzDKixrZbVGZOmOCDmZOPhshEL6f+ + qXbcTQ3XulX9W0Abx6crgXV6xJ2OB6bLSXTeb8ahL/hhSqxaUy+j3KAhp4+APexw + NVR7ssHOfdqMj+0EggDDj1mTQR11YM6aKoSifNU/01ZVb7Xlvm2EMIGOco+Zei67 + Iuw/fdsA5FJqR8+BuzVAN13E9M26oIUw8UM87LxgN6KHTpwQcNRb/D+pJvbiHRKG + R/rxdyYisbluNlPL16Q8JKsBAlOBM/+sHsUAZ/C8b4wMQohZJ3gpW3RK8jX6zELS + XgFbnOy+xAU6XAOJcJDm2THKBH+ykZCufrr9cmQqxSS1lzczfEhtQ/z+guPOmKF+ + ZB0q8e8deyWDa0euleb/hnr4ZIXKSzqdxv9XdKljuTPYuvCvnWdxkprR7P4p9Qg= + =92UW + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1 diff --git a/config/kustomize/qa/.sops.yaml b/config/kustomize/qa/.sops.yaml new file mode 100644 index 0000000..cfe4759 --- /dev/null +++ b/config/kustomize/qa/.sops.yaml @@ -0,0 +1,15 @@ +# Fingerprint | User ID +# A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439 | smardigo automation DEV +# 890B2EB48F343D4C6DB9DA0916826F30002D3C1D | smardigo automation QA +# E5B4FE1E0209DFFE320D2A2E47087747D89B72EC | smardigo automation PRODNSO +# D65D400040387210377B6A71DFD775644EAAC77B | Friedrich Goerz +# BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 | GPG DevOps +# 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 | Claus Paetow +creation_rules: + # list of keys for encryption in __DEV__ stage + - encrypted_regex: "^(data|stringData)$" + pgp: >- + 890B2EB48F343D4C6DB9DA0916826F30002D3C1D, + D65D400040387210377B6A71DFD775644EAAC77B, + BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5, + 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 diff --git a/config/kustomize/qa/kustomization.yaml b/config/kustomize/qa/kustomization.yaml new file mode 100644 index 0000000..8c08d00 --- /dev/null +++ b/config/kustomize/qa/kustomization.yaml @@ -0,0 +1,19 @@ +bases: +- ../base + +generatorOptions: + disableNameSuffixHash: false + +generators: +- resources/secgen-harbor-pull.yaml +- resources/secgen-keycloak-creds.yaml +- resources/secgen-keycloak-database-creds.yaml + +images: +- name: staged-harbor-01.smardigo.digital/smardigo/keycloak + newName: qa-harbor-01.smardigo.digital/smardigo/keycloak + +patchesStrategicMerge: +- patches/ingress.yaml + +namespace: sma-ums diff --git a/config/kustomize/qa/patches/ingress.yaml b/config/kustomize/qa/patches/ingress.yaml new file mode 100644 index 0000000..c5f4569 --- /dev/null +++ b/config/kustomize/qa/patches/ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak +spec: + rules: + - host: qa-kube-keycloak.smardigo.digital + http: + paths: + - backend: + service: + name: keycloak + port: + number: 8080 + path: / + pathType: Prefix + tls: + - hosts: + - qa-kube-keycloak.smardigo.digital + secretName: qa-kube-keycloak-cert diff --git a/config/kustomize/qa/resources/secgen-harbor-pull.yaml b/config/kustomize/qa/resources/secgen-harbor-pull.yaml new file mode 100644 index 0000000..492e495 --- /dev/null +++ b/config/kustomize/qa/resources/secgen-harbor-pull.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: harbor-pull +files: + - secrets/harbor-pull.enc.yaml diff --git a/config/kustomize/qa/resources/secgen-keycloak-creds.yaml b/config/kustomize/qa/resources/secgen-keycloak-creds.yaml new file mode 100644 index 0000000..325ad8c --- /dev/null +++ b/config/kustomize/qa/resources/secgen-keycloak-creds.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: keycloak-creds +files: + - secrets/keycloak-creds.enc.yaml diff --git a/config/kustomize/qa/resources/secgen-keycloak-database-creds.yaml b/config/kustomize/qa/resources/secgen-keycloak-database-creds.yaml new file mode 100644 index 0000000..97e5864 --- /dev/null +++ b/config/kustomize/qa/resources/secgen-keycloak-database-creds.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: keycloak-database-creds +files: + - secrets/keycloak-database-creds.enc.yaml diff --git a/config/kustomize/qa/secrets/harbor-pull.enc.yaml b/config/kustomize/qa/secrets/harbor-pull.enc.yaml new file mode 100644 index 0000000..b4793f5 --- /dev/null +++ b/config/kustomize/qa/secrets/harbor-pull.enc.yaml @@ -0,0 +1,100 @@ +apiVersion: v1 +data: + .dockerconfigjson: ENC[AES256_GCM,data:6A+cCCBD2uGs1baG1+GRmmMZyxcvF7fLvzb/UxrTh/KFEKJfwBTkKll/a+bG9qTP04/41jIF/goQ9BZwyXJcnK7INdtaTvOrTV6S4pDWLFCMG0UnjsPxYysOAltx88LrwVLdP2KpJq5NpKbZ89vgZZwB49dEAEnt9dgAMs9dEfdED1/5CzWATPTQv0LEH2VUbsfQPn/W7nJN4l7XWZwlfXXvfjo=,iv:hZIr01dPh6G8HBLqT6HRtRzc6hg2HJ1kfNS0q4ViX5E=,tag:VacLktcXtVWbQzbwyHyEUQ==,type:str] +kind: Secret +metadata: + name: harbor-pull + annotations: + kustomize.config.k8s.io/needs-hash: "true" +type: kubernetes.io/dockerconfigjson +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-08T11:30:45Z" + mac: ENC[AES256_GCM,data:xNgc8sUfRCgs2wU8/0tIpdaAP6UunoJ5U4jpO6DRcWxftGiJCkCVLg/UfUUUkbmHtALiiIgNb+71l51s4AxMzGpCyUiJo6sbrOzjNuJvH3LJm06buwQXKTu9LIkyVvYKPUPkwTpyDhLKdkzMBrt3ecCg8NLjY2BmlW2cwL40RH8=,iv:nMYfeexvy+OFcsTe3LXdt+7QvJpUs227Gqu1b1jXln4=,tag:hrZV4cJsS/0/bcxghGkfiA==,type:str] + pgp: + - created_at: "2022-06-08T11:28:50Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA2Cr/drkb+8JARAAlDCQBJ3izcAHSs5uekTWNuWg0+fG++RzpJIM311fwj6z + 7cfeb6zyarE/hM1Ymsfa9XrnzTmHFaR0TIpMgDncuiXhBrjOmX7BdZPQk//XwYeP + Widb/QWCoc2T1U0YZEXLUp55RoONiQG9ZCg2IVruaBEFBx5zFlNTRIw3GNPMvVmC + O+1QV+QY+PxhRwsEJrkwFdrRtjuHcshVKEbmEMNWeh4VLgcgJCrsoMxxa6kI+nLA + AQ5lYMJRshM4JNHt9+7m7ehMjO8R1JA/zRC58gGa+PHhE8tlSDcrxlYZPk5Qdp2k + jCTQXty6MUuIAb+JNNLV4VYJ8aHKAGLqzbkeCXi0iLogWbZ6SLe2Sq1L7puODlQj + 2QooVJdgHZ6KIgy46B3+7WWpyBBXypmlznRZPqrwwRqBO9BqmRaKP963uHrFeBbo + oDVnwsGxkfJF/yEGMc2NrVsqHnrqW7z6cKQoeRbOXZ/0cnyzgGuC3Vi3rdSgls7k + 2Z3xewCWMegGO3qvNOlLSfpJffisiSKZNRTP3HKNvf/aiaxpx1Ghu2/CmvMS+PHy + 2RUcAMrdY3krFbKx5RXJ4HWQWgaaw/+17NUqr6eK/6adt88I0aPE31oiCgvEmw87 + q2lgbp1+SAuC3O/tlTPbo3/ZreMszqZejGuNGspI4xdiMtPxTUsAxAbya/SMoHzS + XgHXCH6NHx/PxFAZm7En5mpQnXurV86DPKG5bEalzR9yyHuBSsfcYaOu8rIlwm6K + wL48JOVB0AFHffs9aaZYuwQNbNx9bYoVhhBqCjEDLG66ejUWIffzcC+Fe24Xp/c= + =fJI6 + -----END PGP MESSAGE----- + fp: 890B2EB48F343D4C6DB9DA0916826F30002D3C1D + - created_at: "2022-06-08T11:28:50Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7AQ//S0DoBRv8yxGbhtF+6vo/RdNoiNFBEuPSuo9CpgJIcojB + OwzpI4SlZf5xj37ezVtxjO0b/uIDEygZ8zNukPsD7Sn9u2Uw5YUmbGRd1aek3QVR + AHQg5d7dEjjmEUhMl2I4h3NPshb7uSrawilI0kiLQ4eWGOzslSKBegHDpnKEov4j + 3kS4rgwS7Div/y5OgO8qfmciwYpnm8aiQFZHb8HBvxSUyr9pHZjCs+AGEDhFo3fk + zuSeR9frdaCedtHp6CEj+zKF9GpzY3i6aLkOojpwfv3PXpAtQLr3Qnp5vnZPIrpT + 5RNsosqYyfZWuL4PX3CQSDrc6/JsH+3dUI9Xxg6VzubaJLqloDHC4eKSxp6ZHwlP + 7+wahMxWRZgeuKMaDtUWtx+qy+QYHW8ePwpmhge2kJkIr3PQiH1XglPg8zenOD9t + mFU8f3qqFlxB4TnszyXJwnv4d1fNuM1Csvj208s4uSFWA+4O6VB+Pwrnb2g30LV8 + Xixfk+Vha8Qhn2Q4KqbpvncpUxxCCpwj4HuODSb3zOqxp0G80GtCPaFm4X0gT0Ge + OK34NjrFJ1QpGHnO4CbKB8m0TFCDdDJnaqLPxh/AAPNnhWZVpIyrm/8tun+3Eutv + o7l4U3AmqpMPFNkpd46f3xb0cFfUCTyH5LiFOStse8W7Ur5ovfSHkxCFytZzpTjS + XgEbi+zRTnqyS7yLHFd/motqz2pnkElzz0vUBPtnu0sSxbnfED/Y6uimsvFDjfYQ + uxg7YXv6YgSYowCUHxGmOJ0lisXuEjyiF/vIO2TRF1JXiKoE8aMNKWxtMtsHcx4= + =+3YK + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-06-08T11:28:50Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bAQ//dfnWvk39saHp7/iU2hodr7+n9Koff2rTmmtlImcgLhWQ + VSLOJ9/Ae0I2J97vcBOf2G5NU42X9uw7pEkzIxWwNmjipPWPxUIcfCsVzD5XF/lR + m35vYfx+5PZOtYgAaFq4GenfvQRUYCWGKZch30VrC7zKcESUQVVCIfxf1PtIe+be + NidtS9bzH5Sa45mwnYx0ofrfx1Yrp4sYCqKzByLGRehdp9h/QaTkTAGA0sIn9pxR + XvWThxN9H6XwicWbJV26GP80bX4FKKKXzC90Fq1a5pK6Ib54RqdUJP1N4KRHdzHT + FXpbKSiuSKYicEerXIVL8yx3HXNrHBEu9Ri4QGz/OyUSYxrxGL4yP2tQSrERqKiB + A8ZhenYKv6kAQLLJ5we8g8rVeIVPL9QZdwRGY/MwBlm3alOgp4xjmBGtlzUFZZ1T + hUJ7Hlw+aywbeh+LJA5yTibO8A4A99BP0TupzHr70ivJyt4tv8zJVjC1byy6QbOj + ycJxfJgxyv6x6uuDsxdP0P0b40prOFXVzSL2oI7hUZB0AsMPv6FVj4oiolhmrZZ6 + X5s3qdKYKySLYwsSV4+vkrG6Kyszai7Z110Yn1W++b8FQz3Trtp5rW260+0quNcM + 97C3cpvI0tolZ/TU3CtZgy3GjVlaIvR13dQZsR4CDQeaDHnG0WtD1MEOkhNFlhvS + XgFh3etWfxmHXW7AZsX09WsAVd9IgJyb61WU2zGDODFarJv5Gg2/dw7GKvQ99T4a + 5NKr/CZVpH75TgSZoR/Ny/JNt0s6gjHvE2X6LFydCc1+C3d6TH/M4pXI3lei5r8= + =hWMG + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-06-08T11:28:50Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWAQ/7BtCemT1M+8uzS2v2KzIp+hE0YVxrqoRhctngWu9G41NY + V16gMsCs2kFsopcmRQOZT1pUViP+CReU4neTqRpqdHb/6YkoXdMfdcZCTaEfq2zV + TcjJmf3IPCpDLj+itT43lOmBZb/4/7FQdKmdej70LEOl2nVaNTASe8IH/e0DF81O + 5Gf7BVIyDD7o7nARcmdimtKmGN9qKRii5KJQNRdXXR4kBlD7h5dzkFV8WQs3sSxf + PEC+QR2CHQLefFyNIPkVIdmdQcBOPOEnqHCrUV3P5+ON61hqpLrzJshi+/gneF76 + 1HgMxjvPO2JE6jFNiiSQWHtJugaBYU9Ay0dx0xjVCHY1Z7hyliYY7le/Tv0H6+tr + 0TYWjVaqFDWD4UlvlSF4N0r97yYZIBqoVwsILu6bDUmUzthvlv3SMkq5mPyVCYhB + IWblYaVCz1Y8zhWHd3pOCcZsynkpoYjP4pYfwMgjzCrrDVVEQ7sdT8Nsis4kbEC4 + spPF/LJDy8GvEJdt5+QrGK8UySXPNyQ0gYerXPrQD8g0HVLnwIglGllpnPUAGLx+ + 57YVNLef8EyNbyzyWPRsWI6Ya4uY+LQu3dEvISvID3kTP5ewXPOOaFshMqZEZNVq + hjqjxWcjwjeO1AiNauIf8dswDOSozErxYgRYyI9AKb2A9uEX8pJmk1FXvmzV1vnS + XgEWm3zVGDlV/n3wa0w3JOLgI+VRocOj/2Sz03idylGh6h5PJQT391pE00ASIcld + u2VU56r/9v4KifaQ5ZGH1pTdodOsF1ax6ziHs6Wufb3OhrOEegrUkt50bB/jmlo= + =PpkB + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1 diff --git a/config/kustomize/qa/secrets/keycloak-creds.enc.yaml b/config/kustomize/qa/secrets/keycloak-creds.enc.yaml new file mode 100644 index 0000000..19b6cd4 --- /dev/null +++ b/config/kustomize/qa/secrets/keycloak-creds.enc.yaml @@ -0,0 +1,101 @@ +apiVersion: v1 +stringData: + password: ENC[AES256_GCM,data:1DFGNhWSuQ4=,iv:2ySaTq4khAkvCqNOkyPzTkRsDKO+lXdQOCyicKsTlBo=,tag:Ho0TVmd/G/gKUuUEI8GCpg==,type:str] + username: ENC[AES256_GCM,data:Fdd9WfzZ3/UVHqSLA0Y=,iv:J7PUmSCKtxsOnnYMQP6TxDOA3rfQ4eU/oS57oqQWO8k=,tag:A+WQGiu8ewzO7oh0Skqeww==,type:str] +kind: Secret +metadata: + name: keycloak-creds + annotations: + kustomize.config.k8s.io/needs-hash: "true" +type: Opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-08T11:31:42Z" + mac: ENC[AES256_GCM,data:LOlBkYz5azbSnmqgdzx8J3SNr59XYwMRSpWctJOmwwnRXbmsYTrw72/ZqXW4V3EnFwt9tvM1AjJiuJGx4mnVFgO7rTK5oVGI5+vk2jEOLNPiu2UFl0h+k8JGQaW9KALv4SQhfqvRp1hc+bifxycTE6k8jB6cC0xwvTpr39egZcI=,iv:S7qWgn89seCnF1+6hSlWsKiGEJ0cHdfbQ6s4wXdGI+Y=,tag:yGz4/pezWQLhcyC9m4DXLQ==,type:str] + pgp: + - created_at: "2022-06-08T11:28:56Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA2Cr/drkb+8JAQ/+NrvkTvLh2N2EX8rFdXuB0IBv5hZqXWfWXAr5Ol/4toxx + 3mX/jMiwIEHGC3cFGnJBhilIR/47+bzysWKuxcfEjnsm7YYyVWOCQkNI0jJfUBAj + Z8TT3dnW0fEz2zM8BmMUSy/oyYab1Zn/2ozb2AGxmZN2tORtGcnMCIyTrjWOa7kR + +GUCRoDeSk3QIY9gMCS/YSiK5Rmx7+lQ3TNBcyuroeH96vbbT61SpZeq5PpkQoEu + Qt5JRce0Za1FxzusdooZGD/JtlEBr20uIomeuMeir34y/6iIft19wWwFtnEAq+Wh + LRx+25V09NoyCH3EFNC3dqhLbhOuJfgIDOfm0V5drt2fVjiMr3omqRDBcbH8Ktr+ + P9dteSP7raMX3Aw3L3cJJNTXh8/QO2B30KBEhi1BiJe6Ga8CJ06AdwfUiTz0122U + wApeR8Hl4/cyvEcU7w6mqTv2DqAcsiThC7jz1o5S5A8F18qk8/TVgsc6If3CZ8E5 + eRW4n+Oof2WYquk1hxhkc26pAJFXbkUMTvl64uwbl+pAQkVgvHXB1H87LbAMuwho + I4qhTsDFXQ4r85WJZeR2k0AnFQ5PGASGiJa9oRXjySWQUIkv4lz1wJtnaMGas241 + 4avyWEARtAW4+20qInmVZiewGNO7+87ssJFCFHDJSx0q72rZu6h4LpM+N8LJQcPS + XgHLpu5M3v829H4kHssTxdhGWxvznhRnmRa8n7PpSxeXfeFob5ilx8U0Kki8lOIt + XEHTihv8ZYjXUXN86UWV4A4yve5vMLScN9cahiE5i2oqRHz555ueKwA7mX3zVW8= + =GYL5 + -----END PGP MESSAGE----- + fp: 890B2EB48F343D4C6DB9DA0916826F30002D3C1D + - created_at: "2022-06-08T11:28:56Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7AQ/+OsPqN+PkIsBwOZj+ZFv+iTT4cMkIxzRkDho3xop0I1cF + zbcYvA2k4PAAuJK12K6wUzcfVLqbPhBEKvGJTrKLG2on4l0BuAzHubt0NmB/iMko + gLUEHwbDymOSQHNnmB11aNcpAxYzaaNYRSGzm7pU5xHbOQiezYBq4sVMqOJUIyCx + ixmG0rP+yDWWpN2Flx4LR2HnqoDYKzOenvht3VmEyE6iw2WQgF48W/B2PiRJfOfp + Br68luSskKEsHWnr2GpepXP62TuFmJrWhKKwziuKDPueUX31EY3dh/gqB19s3kcZ + cAnvwSzbLXAQXe11UFjD/oT2Idr2KLa847pyU5Mg5zM2AKRpo4UtALHl/N8siRFi + XwblifiY+wVPYD0BmLp9QYqV0NV2u8ptI5JLiCkPAw56E2vROIyj9d9e0HW4eAhX + CRHlWkZGruUx0CfnWd9MiNvT7e6PY4FeHKQ4ryyzM8o1ushTsMLxd4ldn3cZZ0yG + zlV4HZrL9ZjAvHqkxqrFmnUui4CB0LIubfu+6vPsdSkouD2CdbVMBksrlEUgd+lc + PdT6//STLfhMtEaTvyIM9ZJOOtY5lfO+/wBsopN/rC/Mv9+11sTEToGKd5GANDvV + JRvChc8n+XIGf40fHhc5XFQbuNfT0XuBDozMsuQOJ7ZF/BOVzNAHfABzfRcLu8fS + XgHJGJsJZyk5QC96PH5z2pKk5B7Xur4UIqI9pd+/VnMPY+9gp5bvn2MBy7X1VSCj + ETw4KOvRbm/sUpd6BkckvQWisNlx5RyhELBnUBdCqRKJvRSZZtfV72d49NYOYK0= + =FVz6 + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-06-08T11:28:56Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bAQ//UFKZtJDlpGeQECRD9ck4XmZ0r71u0wSa2muP5Z7O4leo + fSXGHdYH5h6WGKYGvIYa7CgfrvSkU7m4vnYZKyh4NaSCSY2rCMcjeF0M3kFd7Bz7 + 7qAITQ4xF/7kNUAUQsratu6pt/hj+NjFabYWNlR2AP8lr9egCItK3oJqz7sU/obH + lHpAyg+S2td9EsqC9X1Mdt7qibo4vZBZ+e7Q1VRcbJh8yltciIfSCOFoKW4JgNYM + +IqSQBjgXDxHYtxzozM7/0yCQRgfcTnV9UYsVDUgC70G2TOURIDvDZaRD/0/ZHnT + Zy1TIiw8WBrkXPA/ihg+wdYHD2dQ3ke9KyrmsJYgEGWHfuR8y02M+xB5j6WgcStX + cHWUtJRV63Ij5apuarSQSjD00zV0FiBvv+lwP3kHWjMJoTT1t8wlsB5rO2fbFNLV + hn40iGFEgYAGt++qvTYkpcg/y1hPD2kAPLsl2rRhqUP/8XnkX4l+HYLZB6Xmk/mF + /AWtPxoU36Ae8FAPyCbOZuA26uyFmRrHgYzSj82cUuO85Jia+nFUgtiQvXSa+Vo6 + HujNdgXXss+kMrl9v5v4YiFtpuHhM7oafrlwCm+vAxEqRWmtYiMp3RDlCMO08Sjv + WSg/g6fT3ejPo5uBfEw3jNeOANpFoocbrGf36LUNBymCPZEFfm94LEbVyVJ2gLbS + XgFHwUwrJnusiy9cr5EU8H460HfBbavFItFL/jwkbJWrjLEoArtQMZUIquUffVJg + wWRaNXA5lTIu39Hax8zYlDuQ58Gks8uzBSWTln0gl7KGq4g1gXQZRc5SrOE2Uk0= + =wqqh + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-06-08T11:28:56Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWAQ//TOrfvrnyeTlfZ8iK08jfiknQiO2mX5ltXRjSZ71UtGVc + uIDtp3vkZb56lB3sw4T/DqVqQX+Sn1FQLeitsKAv3XLJAHz6yNBrhTj+JAEb4HQO + Nx3MSqJhNcygqkgduKvDMECc2V2ed6JHoGOquiBip2zNBOYDPyI4m/Re4Tq6iRKn + dS2aYnhX329FYVMJOLxzg+9xZqnPnVlN2gGJK4R+YKr+ollILRbadYJZapTRnlxW + /8hthV4Cj5VVL5k6eYQBl+Kal1mGMbVQ57gCrPfl5Y1amOa9lUA8do5btnUevNk9 + yRMx/LWMCoaVzh/6oVshwtlCD92CKZgughtfmhSleRotBhhc9DAc8rV+pIxZrjYu + UwRZlGhoGUFfOTN3BkwSBkPQpcawvCD4WJM+0kxayxSwNSzHPqQSlG82r8vYM+vV + L35QcAJlx/DrLvu26Tgk1yhOe+7leLnz7xtummmXEcBMMeGE5cXrrp4NEA4J2lJS + 5v/pISmybOglwG2GlpjL1KANuvoWYZto5iwb4sKTww2P+NOVbaWzxDIHZBMyuWi9 + 1hWPJMpxmIgHEZRdQ83XJFsTRWhbY7cegUYwkBKfIHbfbZHMpjsQW0BOxpP8R05X + L6NaFE3IkPqqO4tm8MwaRO2l2SYygko2lhihGYlmJpQJj7Wgcv+LI6wYH6pfFt3S + XgF5+TJ4n4ayaAao2XLoEdDzhWNbBXupZyvoK7Fa9bzrJEXgmJ9kndvQ8wcoS2eY + gNhaWqRhS2+18YngWld328SHyReLU76k7K2EkeOH7QBH28JjDrUIFvD0y3lidcA= + =HWiO + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1 diff --git a/config/kustomize/qa/secrets/keycloak-database-creds.enc.yaml b/config/kustomize/qa/secrets/keycloak-database-creds.enc.yaml new file mode 100644 index 0000000..86de01d --- /dev/null +++ b/config/kustomize/qa/secrets/keycloak-database-creds.enc.yaml @@ -0,0 +1,105 @@ +apiVersion: v1 +stringData: + database_vendor: ENC[AES256_GCM,data:vU0nmRO1SF4=,iv:KwkN2GYBGOMI8i3zf1VlDXaMT6jM71XOwxGRFj7y+M8=,tag:USnwlBL0q/JLZAI8womqUg==,type:str] + database_name: ENC[AES256_GCM,data:871wXb3AAb71Gps=,iv:pxf4O47qRDIjVNbZM+fpp7oqPM1CeN2wj6tp0rPSqFY=,tag:fPg0bDrmP6kZShqZs00S2Q==,type:str] + username: ENC[AES256_GCM,data:WCc+FH/fj0tidks=,iv:VgbhMDbwsMhSH5SsJ4iX+2b7Y4LONvGLycvwf+1CI0A=,tag:jc7Li0JIoISC7mR1XZkrDw==,type:str] + password: ENC[AES256_GCM,data:L3SbK2TP2JhLn4o3dhpDS4ElzPKXPwM=,iv:OO2r4uB82zva1L8XpUrnQ7fJXFTjZWYN5ELb2y1DaaI=,tag:XrFoleHk1AGKHf27KaPXIQ==,type:str] + #ENC[AES256_GCM,data:e5vQGWJTAClgzlWAOCo21Pb5dLHydXc7VQ6Y4g1qLA==,iv:DHAAfYKtdB3ATFXiAzzKIGLRwH7T14k8mmtUDtENNQM=,tag:N80Cl2loqA8OZLrizofY5w==,type:comment] + database_host: ENC[AES256_GCM,data:doD/cI7GmgoA,iv:7e7ffL2cOfPe5x/dUydboQRCgU5Pifij5g29/TyrwLE=,tag:pnlY4yRtS2dtlAZ+qeQc5A==,type:str] +kind: Secret +metadata: + name: keycloak-database-creds + annotations: + kustomize.config.k8s.io/needs-hash: "true" +type: Opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-08T11:32:42Z" + mac: ENC[AES256_GCM,data:cHvo8k2GJYQv/A4F/z6DHxtK+jhbiAjPU7flGpPBg7ClnSnC4oJwSzCxepGL3uxbJ8XO8qE6FAxuS+ab6o/HDdEi6sdpv2hr4LIkCDFpqalHkxu5t6MQsmhxzcMK/K74zZsP+KZeGsQiORVIXZ7SZi/naBxKjY5A58mxpEDNWtA=,iv:G8KsVist22PdqDQEGtKbBgYTePzjNq7G+rEXKB3v6dc=,tag:eFWa0E/M+SP+Grzn0edcxQ==,type:str] + pgp: + - created_at: "2022-06-08T11:29:00Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA2Cr/drkb+8JAQ//W76E+1W7PJImCTkR4tD8tGfltcLvOJ7eBpQxYNeGAm4O + E6rgsaLU5Sl6J6QMBtpuGix0mjp0YYYbeYO9r49DcoxXP4jzPIMFcCYkTIitLEY7 + Ke0x1NFL705Ecd7Dpj00qdxgtNV7fABDkS3n4gQgRj2xNaY233dOHEJe1BweVHRh + GM7q+8nk1n4NOYdcpsENcBDomkfnhcGlIEQDGQk4ds0CeNp4JujvsJPHGaD6oj4v + GsWmiOk687IqN+rPMFJ10XnfG6iW0rQAMGWltn7nkYy38ydtKDtjEItNrhxkuPd/ + Xkn4ST7fFJVXTCln/ExOLO8qaXsS3g21DCDgXaF/Qho00obkydUibiC68sQH4kG1 + /6vXeWB1zZqWHTBQofJKcmnrIOaUO4OjP6K+q60Oqkeytw4FKTUEVKkBUY0q9nSF + JabvTdjnzsb2u1/TNgdfDi4iXEUwTmpGRIrxs9OsLMHpK6cQCGY2Vu8WNRpS0RQ/ + 0SM6ir570YCYSV4VkIHxf1z2YDpc46HTrP8plCvopxKboCXjqWog51k8aVY5fydM + 4V9A5tiyLlHnQ+2gPEaGaYQOemGCwHnRxa4/kBTHjGvH/HDX4lOYto0vtIxdzad+ + W5xAD1GFQIDiAkId+RIJTWcRiP7PsDdezc7VE6dAmJNRRJ1fXvGZmV74VGoxLBzS + XgHWhzE5DdniLtwALPwRCFvVtZeuSHjM/mjF6vDoOoJivl+YByGo71V6WfnDygBC + +3BccWPJX2mf1hMNI1vGlLVVbTCLHjyz5fTiQbyOJPPhNtRxtxvdfydHPobwSiw= + =LuPI + -----END PGP MESSAGE----- + fp: 890B2EB48F343D4C6DB9DA0916826F30002D3C1D + - created_at: "2022-06-08T11:29:00Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7AQ//QoJc49ozVB4wZaUuWcrXt3I5MRi295fpXXhZwOvD+a1D + 7PXu9YcTALpHnOXcZIkZi70ImEWGU+fIhg7VxZuYJo0wIlXoyfeEzZzM3teaKc8p + FDxO6G4dDh5jgyyRrHcvhzbvLX9xY0ecWqBHBkuBxYwxF3zXBNdCyyV5E7hiiGXl + XagOmkL76QtaqEi3iQh7niM/UX7PWn9rmzRmle79aFzdqtkpGIsDP4e3FO1S32Qv + IWt8NfU6m0UBHJt9VcsIXUndRXfey6K+6Bd2em0ZdDyKdkAb5F8F5BbrKFx153rk + ZKTMgj86hBBskDJV7kvDNCwhFp6NhzBAaCX/u3vS7OL93RAiubPF1xGBN9y1Ef60 + x8cVWYLnMjFG8SqzA6ExGaczHwGfTJy0EkIiqAcHwdMWz4G3xIwumKhR1Va4oqGs + 2ulpwRseHY1nKCmVN0W9oX+iGOX9kSrRAODb9+P6Ua0NFYAk9Z9/jwxwnOwZSa+q + VhXu14RttTAiiCLSlCM4RUiPGDWC0tGkqvtcuNnrMV8bbBdDEgEDYaXiIaf4fQnp + jC8Pat/MZZy88Eoh5+xvSnLlla43Uo/iSpl2htNHL8ArhmnGzu7DCgfx823JmiFk + QjVBWK6pb/VmON/94klL3PuE2ckL+1drLUDYJVtBS5FpNkuCmoP8nclYxw3iDVbS + XgHF1iq1H/CL6xi59sQnBPwKaVosTo/jNRoDPkGYnB/r0OH4O5BInDJYxTJAu8rX + fsnBLxOjDEAIfxsWRB7yKE/z2sBTr5HabzbyGPexkWrawSqyErkjX4ZnRqT1zck= + =UGWb + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-06-08T11:29:00Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bAQ//ev8BHn7+wJsL/hmPxxMsCFUR0jMwxhCYqpzVy03K47m9 + 54NiREtetK78BqWug5kBCvw0v/6sR7wc71owVtxSggdQN+3nOvMCytfjQycGGFPf + BJIc3cO9cPB8NE+HrMDQF2xM/wMEEWBz3HAojuIfco+kalWKREHMQVXYgaFcM/d9 + o/5itktdbOF7KGvABbrkJE3v0sOf4xs6YF+7Nr6imLKyvugCAJgX0gp8HkQ7w9mz + N7siB0sqKLMrpMEILxGfKWCIoil/ehJhWiwQC3AnCVLBLXhj4cMo2ih2qW6qywgz + 573cvaHuGcvYwvu72m5saogysH++O2eOv3OLJtDsIqZguTNk3ukfXBDzxySa23DA + 8NKsikgrw6e9L1FYKHO1jgjXmbx/QyrEm91Q4RiOC3A5e7gSPvaoWKzOCivtnFot + M8ydlxFn0npfx4Xk7tnztq72XIkStGPVGZW2XLTG8ro4x8ErdllNh0Gd6imUVL2X + b+EJOGoYSWfpKWlRXk+Y8t2I1pkayLFrWJqTKqOw1hGdc/Q39dcYDS+Sjl5D/kyn + j+5ck86r9B0leLVgPtvFMXLyqwbB+w7Jb2efZj2ivkYNbXQ5670mmCmtHk5NCoxU + b4KhWcqSgnt0m8wZLkNP/NMzAeVtBMGbvBlK9o5+edtBXvGdAZT1LmWtWR8GW+7S + XgFzmepMvv0XnN3o/dxrnlF+RIE+pA+4YPBX6bW5AOKyFv9QJvOf4aPqsfortJPw + xJUK+53CDi47AwZ/oSXSix6waHJax1uLbBmb64X925yq3/i3LrH4TxkshsvKC2U= + =2qeT + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-06-08T11:29:00Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWAQ//aMwkzrgzJGmmVr9Wu6kyq/WFATUBCR/POmRMnHLA49VQ + 858ntclZjXzsIGyDGU76Zpvqi8iC3lT2E0mz2qPNIOHKpcF3hSSEqCK07kPsNzP3 + NDcVs5KuGpEWHwHzD92V4iiT+Nvv7lUaKMIhgEW0gp48OjV8Te3dOWb6mbBaF1Me + 0PoCjbIrLOC6ubclzQIZdqUU10Q91JA4NSt+iclQceUAhmyBsNNiTQBx8jNn1NgJ + 27DvacZ6EftaTlOfg6xVK9lnSFjPuJ+eGhGwSilS/LAFHpN0NwEMJPDsEJMMN6yC + i8jP5cGXrbXjbnuJjUW5DxXjpWJEyMjLnucq7qoMP9y+nL49ntVwa3N/jCR02Id/ + AKfXrubDca7egMBzpMQum2iz6YfArYWnRJX7T4Hieqm+izeys1YqulBxSY3EcFeP + zMFa8W+YT4pEC35HG+bVURtSoDlXR/MT3t5b0B8Zk/Oit8BaoOopGw1MV8e+LjQK + 8SsM3XCj+dpxbUBoZQzMBc42rcz3Hl2GXvxgXvdLjvl6gaU348zytUFu0MVSPFYS + +1WKm5tCK2xUKsJw57DtSP/IPWsqLL6vAvzYVZHg3JWJ+mCKiW9sqWJFYmcHFVfR + vqvMHGo4yAIozbCUTXQcut1d1KTJdV3NjCaXRpEJW9ohW+ahXSgMZDxB2Ttx4VTS + XgFzpClZU+M7FrAYl3rNFxowfs8uisHMd+o9ro4XBjROAqkonyWgA4jXge2Aw8Ub + mkTXZfyibTRFPxVVGEyPRNA6WZvhzbAv9gbuT+BnZAmTjV1JioIgecIH0KHVw08= + =8L4o + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1