From 80b26c6188e73605f2ee92166c552af27c2353b3 Mon Sep 17 00:00:00 2001 From: friedrich goerz Date: Fri, 3 Jun 2022 12:28:26 +0200 Subject: [PATCH] MOB-164: added keycloak stuff --- config/kustomize/base/kustomization.yaml | 5 + .../kustomize/base/resources/deployment.yaml | 69 ++++++++++++ config/kustomize/base/resources/ingress.yaml | 30 +++++ config/kustomize/base/resources/service.yaml | 13 +++ .../base/resources/servicemonitor.yaml | 18 +++ config/kustomize/prodwork01/.sops.yaml | 15 +++ .../kustomize/prodwork01/kustomization.yaml | 19 ++++ .../kustomize/prodwork01/patches/ingress.yaml | 20 ++++ .../resources/secgen-harbor-pull.yaml | 6 + .../resources/secgen-keycloak-creds.yaml | 6 + .../secgen-keycloak-database-creds.yaml | 6 + .../prodwork01/secrets/harbor-pull.enc.yaml | 100 +++++++++++++++++ .../secrets/keycloak-creds.enc.yaml | 101 +++++++++++++++++ .../secrets/keycloak-database-creds.enc.yaml | 105 ++++++++++++++++++ 14 files changed, 513 insertions(+) create mode 100644 config/kustomize/base/kustomization.yaml create mode 100644 config/kustomize/base/resources/deployment.yaml create mode 100644 config/kustomize/base/resources/ingress.yaml create mode 100644 config/kustomize/base/resources/service.yaml create mode 100644 config/kustomize/base/resources/servicemonitor.yaml create mode 100644 config/kustomize/prodwork01/.sops.yaml create mode 100644 config/kustomize/prodwork01/kustomization.yaml create mode 100644 config/kustomize/prodwork01/patches/ingress.yaml create mode 100644 config/kustomize/prodwork01/resources/secgen-harbor-pull.yaml create mode 100644 config/kustomize/prodwork01/resources/secgen-keycloak-creds.yaml create mode 100644 config/kustomize/prodwork01/resources/secgen-keycloak-database-creds.yaml create mode 100644 config/kustomize/prodwork01/secrets/harbor-pull.enc.yaml create mode 100644 config/kustomize/prodwork01/secrets/keycloak-creds.enc.yaml create mode 100644 config/kustomize/prodwork01/secrets/keycloak-database-creds.enc.yaml diff --git a/config/kustomize/base/kustomization.yaml b/config/kustomize/base/kustomization.yaml new file mode 100644 index 0000000..334518b --- /dev/null +++ b/config/kustomize/base/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- resources/deployment.yaml +- resources/ingress.yaml +- resources/servicemonitor.yaml +- resources/service.yaml diff --git a/config/kustomize/base/resources/deployment.yaml b/config/kustomize/base/resources/deployment.yaml new file mode 100644 index 0000000..f606ab6 --- /dev/null +++ b/config/kustomize/base/resources/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: keycloak + name: keycloak +spec: + selector: + matchLabels: + app: keycloak + template: + metadata: + labels: + app: keycloak + spec: + containers: + - + image: staged-harbor-01.smardigo.digital/smardigo/keycloak:14.0.0.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 60 + name: keycloak + env: + - name: KEYCLOAK_USER + valueFrom: + secretKeyRef: + key: username + name: keycloak-creds + - name: KEYCLOAK_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: keycloak-creds + - name: DB_VENDOR + valueFrom: + secretKeyRef: + key: database_vendor + name: keycloak-database-creds + - name: DB_DATABASE + valueFrom: + secretKeyRef: + key: database_name + name: keycloak-database-creds + - name: DB_USER + valueFrom: + secretKeyRef: + key: username + name: keycloak-database-creds + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: keycloak-database-creds + - name: DB_ADDR + valueFrom: + secretKeyRef: + key: database_host + name: keycloak-database-creds + - name: PROXY_ADDRESS_FORWARDING + value: "true" + - name: JDBC_PARAMS + value: 'sslmode=require' + - name: JAVA_OPTS_APPEND + value: '-Dkeycloak.profile.feature.docker=enabled' + imagePullSecrets: + - name: harbor-pull diff --git a/config/kustomize/base/resources/ingress.yaml b/config/kustomize/base/resources/ingress.yaml new file mode 100644 index 0000000..5e306b6 --- /dev/null +++ b/config/kustomize/base/resources/ingress.yaml @@ -0,0 +1,30 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + cert-manager.io/issue-temporary-certificate: "true" + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/force-ssl-redirect: "false" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + labels: + app.kubernetes.io/instance: keycloak + app.kubernetes.io/name: keycloak + name: keycloak +spec: + rules: + - host: staged-kube-keycloak.smardigo.digital + http: + paths: + - backend: + service: + name: keycloak + port: + number: 8080 + path: / + pathType: Prefix + tls: + - hosts: + - staged-kube-keycloak.smardigo.digital + secretName: staged-kube-keycloak-cert diff --git a/config/kustomize/base/resources/service.yaml b/config/kustomize/base/resources/service.yaml new file mode 100644 index 0000000..da1bc70 --- /dev/null +++ b/config/kustomize/base/resources/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: keycloak + name: keycloak +spec: + ports: + - port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: keycloak diff --git a/config/kustomize/base/resources/servicemonitor.yaml b/config/kustomize/base/resources/servicemonitor.yaml new file mode 100644 index 0000000..6a47394 --- /dev/null +++ b/config/kustomize/base/resources/servicemonitor.yaml @@ -0,0 +1,18 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app: keycloak + jobLabel: keycloak + release: prometheus + name: keycloak + namespace: monitoring +spec: + endpoints: + - + path: /metrics + port: http-metrics + jobLabel: jobLabel + selector: + matchLabels: + app: keycloak diff --git a/config/kustomize/prodwork01/.sops.yaml b/config/kustomize/prodwork01/.sops.yaml new file mode 100644 index 0000000..30d6e1c --- /dev/null +++ b/config/kustomize/prodwork01/.sops.yaml @@ -0,0 +1,15 @@ +# Fingerprint | User ID +# A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439 | smardigo automation DEV +# 890B2EB48F343D4C6DB9DA0916826F30002D3C1D | smardigo automation QA +# E5B4FE1E0209DFFE320D2A2E47087747D89B72EC | smardigo automation PRODNSO +# D65D400040387210377B6A71DFD775644EAAC77B | Friedrich Goerz +# BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 | GPG DevOps +# 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 | Claus Paetow +creation_rules: + # list of keys for encryption in __DEV__ stage + - encrypted_regex: "^(data|stringData)$" + pgp: >- + E5B4FE1E0209DFFE320D2A2E47087747D89B72EC, + D65D400040387210377B6A71DFD775644EAAC77B, + BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5, + 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 diff --git a/config/kustomize/prodwork01/kustomization.yaml b/config/kustomize/prodwork01/kustomization.yaml new file mode 100644 index 0000000..85c982b --- /dev/null +++ b/config/kustomize/prodwork01/kustomization.yaml @@ -0,0 +1,19 @@ +bases: +- ../base + +namespace: sma-ums + +generatorOptions: + disableNameSuffixHash: false + +generators: +- resources/secgen-harbor-pull.yaml +- resources/secgen-keycloak-creds.yaml +- resources/secgen-keycloak-database-creds.yaml + +images: +- name: staged-harbor-01.smardigo.digital/smardigo/keycloak:14.0.0.1 + newName: prodnso-harbor-01.smardigo.digital/smardigo/keycloak:14.0.0.1 + +patchesStrategicMerge: +- patches/ingress.yaml diff --git a/config/kustomize/prodwork01/patches/ingress.yaml b/config/kustomize/prodwork01/patches/ingress.yaml new file mode 100644 index 0000000..61dc50b --- /dev/null +++ b/config/kustomize/prodwork01/patches/ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak +spec: + rules: + - host: prodwork01-kube-keycloak.smardigo.digital + http: + paths: + - backend: + service: + name: keycloak + port: + number: 8080 + path: / + pathType: Prefix + tls: + - hosts: + - prodwork01-kube-keycloak.smardigo.digital + secretName: prodwork01-kube-keycloak-cert diff --git a/config/kustomize/prodwork01/resources/secgen-harbor-pull.yaml b/config/kustomize/prodwork01/resources/secgen-harbor-pull.yaml new file mode 100644 index 0000000..492e495 --- /dev/null +++ b/config/kustomize/prodwork01/resources/secgen-harbor-pull.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: harbor-pull +files: + - secrets/harbor-pull.enc.yaml diff --git a/config/kustomize/prodwork01/resources/secgen-keycloak-creds.yaml b/config/kustomize/prodwork01/resources/secgen-keycloak-creds.yaml new file mode 100644 index 0000000..325ad8c --- /dev/null +++ b/config/kustomize/prodwork01/resources/secgen-keycloak-creds.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: keycloak-creds +files: + - secrets/keycloak-creds.enc.yaml diff --git a/config/kustomize/prodwork01/resources/secgen-keycloak-database-creds.yaml b/config/kustomize/prodwork01/resources/secgen-keycloak-database-creds.yaml new file mode 100644 index 0000000..97e5864 --- /dev/null +++ b/config/kustomize/prodwork01/resources/secgen-keycloak-database-creds.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: keycloak-database-creds +files: + - secrets/keycloak-database-creds.enc.yaml diff --git a/config/kustomize/prodwork01/secrets/harbor-pull.enc.yaml b/config/kustomize/prodwork01/secrets/harbor-pull.enc.yaml new file mode 100644 index 0000000..f98ad43 --- /dev/null +++ b/config/kustomize/prodwork01/secrets/harbor-pull.enc.yaml @@ -0,0 +1,100 @@ +apiVersion: v1 +data: + .dockerconfigjson: ENC[AES256_GCM,data:k3P1WHeXnyKlzL2F0Uu0ratcggXWwQZgRzpluf1DLZo7bnhkNwJdexQXVCeRIHwZtoHtFtYNGxMkk9bqfqANVHLBviy0Dt9HVDzjZM3TC5Mfqm55AFY/BFllornjb2lm9Y7DtNOTVySBmpMqVkE9eA4khiZSrjh7abE5NRiF+OqTfM4s+esWrGv1+5nVSW4veVDHDCw50HtcDFCzMQFuquqM9fNuFeYiYE7ysepjvC6MovmB,iv:UNwKTyvr618ICMB+jojsD8TLs466gwelhnzeRufgQvo=,tag:EueSsJIWx4ry5HMucxSXMg==,type:str] +kind: Secret +metadata: + name: harbor-pull + annotations: + kustomize.config.k8s.io/needs-hash: "true" +type: kubernetes.io/dockerconfigjson +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-03T09:58:28Z" + mac: ENC[AES256_GCM,data:1VYrrwTw+4hhP9TftBlWFA+Lsp82x2T7PNrNvi3sf3Fj79LdRvRZLHW2oeY2urS6ClBwt9K3JvuhnmHXAdp6XGmSUi1WwGmMf28YT+9WWHhqkfsUFUbMooHx0CgRAhbrFYDVh/7izZxj3ZNFnnB+L8trU5e4EWl/v7wuPoSUbig=,iv:NZn53KdKY4HsK0aE6YHWswhGv7E2di8wg+nUlIoT6aI=,tag:GTDT1NLV1GKivRa6F9tLfQ==,type:str] + pgp: + - created_at: "2022-06-03T09:50:00Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA911WKxzIy2nAQ/+LogW+hjiRLeFjOe+bS/Z1I7gGcS7pgW8FS0CLOXwhlsK + 0mqXG4sA4bH37rlPYOHXwrgoeXsV5YqPKdv+bHFBuS8SlKeJ6m8wO46ReAUvvzhm + N0yUAgMT1AgBRkrnIA+/lw0MRVqGfW/IUd6lOHkj4sJ+Ft6FhnCIO04qI5cdHLkQ + r5/L8LRoQugNErpvVlHcoXV8frNotQZZngyFYVeuAUJLTTg/b4YpjTrtt/Aj6l3C + ugi9NXEbXAa6RaUQOnWGMVKSuohmEDRdSnCbvnmBwHnzQGArbzLHXh6mWFHilgb+ + usUVV9oBxJpseJ5P2xtaLl/zjdJGdQMkJ8qVU2lWACk/vDiaLSLl2Y6d2knxKvEu + 200SEan3Nx8g9EfgpdcQhSJpERlExjEmZWfpIi8vZy8Yxp989hNgYGmuw+9M6p7G + EEacF7uCbBb2XlShx9+Y0jalAVLDT3dOIx1wAVCo0Q3VjLiLbiQy0pbdtaffm05p + 4mhJL9Foxo9ALVShScC8fIZzevPP0pWJFW5URRY+YOaXjdn3/2HFQZ9jBSQLSdue + n1hGHJiw0WgXJPL10H1wyUJiG/EbDU2FsA3hQ87MmmD3cQXuXycV4VnyelTnomi0 + E5Nxumfqe75dXB7jFugselmkndvIQgJv6S7UHbqj0qKxFkQHShJJ8S69fAIWUrfS + XgGxZ/A7/D+SZbVl44bJ7GrS9oaFLHw6T07+XZGmE0Qu43DQenT3k95dEFxEHGqE + PJtW1DnlrNFxGYCBvqVO/TUMEfWvaV/zkNLhYiGPm2UcEosOeI9T3DtTfWFV3nc= + =Ytb3 + -----END PGP MESSAGE----- + fp: E5B4FE1E0209DFFE320D2A2E47087747D89B72EC + - created_at: "2022-06-03T09:50:00Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7AQ//QRqL1ieILAi/nGv51tdW87pTch7sj6lv43162Qa/+uoh + noGJii8Xh+/VGxYaPcHNgEVcL1YSUFqh5sW8dXBTOWOSVYKciI7XAZTz/Wn05LV5 + FTrdOr5fvW3bDmJutwWjkNX0TsQ8AAn8/fJXNJJC6LLxyAE+XNlgfcADpkjt88Dd + n4jin4tzhfzT20lUoHCcCBwyMFBUiS8D5mczn3klp4jOrbSl0GFbeDRStdcYMdRK + HSI30/hrcuzhK6VbLY9iwpytk4bqL62XJCcyDmL+bg8MBr3gPXkZA14etYLfUcSM + z7Nd07Osn0pu8Qn9Vxw81Vlw998Gli65xoH6Lw9WMgc/ARRFuyUPNNG+6amlW0Ut + biOvKUKxqQIFjgU2ZPEoo+qpIMmQifktvYNWsdrSa9RgLKUJAV+FerbS+YT7IOUz + S9UaTlS8pIhsT46j/II7/4pG5mfWHDfNWzhSw+GdEpdH9+HuJpuFKGhK4AnOQVWU + tgoYyhJIObxVV5/eE7LZJNxlc5lT+knIauY4d6bk9EQIg4M0gaRZFN+OgBtmiox5 + 5ytOP57G69n6qsRmAl51K7szUzvA/2tYXpS0mHZXfzx35kw5FoKGLGyymx8YDbxw + H4m2AuEaAR3sN3oZLsR47kfqrY2s8Njg6LQJ14WnCokTat8yN93VCLMjfu7TpKXS + XgHhEkJf0NLubNBcDKHCp9loVBSJMTnU9yYi/xf3BbXzM50ZHcGdqaqpyzhd2hy2 + HPSbtTCKG6PhVOzHGttdjO0fcROfHV4U3g6A3Wahf4fPPcl87bKYdWyfyjFRGoE= + =gbMV + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-06-03T09:50:00Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bARAAx47vr+vdh9R7veeXtPjVt42lm8Z0eOF02Y/DYUoatmif + q70oguZ/ZlGmh9BuIgw0wMbwB9Q+2T1RahOt0F0PbUb1+moTp1/vocLj3xMLEMKi + CdmIG9343lX2kD1uwqlGti0QT6NU0G/sUeLFFmupLJ62uwck/bJEU0eW09o7yWjF + RBEXi2xm+FdwxN/U35KrNgAA+4366kdQJ12Ji80QURuWXijUr1ECI+6Sgj9qRGjT + 5fCxF7IB0llf5P58x7wIOn9TNoDVMuUNHWOWlJ1gJ/jQCRlvIFAHeZUfSI/VHPkE + CKOjbtRaHMfGWd2NzqodDc14lsnzyaXOL+hTALr0yu/6N+OdHSxw7Bkc6zEvXpa+ + cmMWMCfo+Id9fJAKxXIEXt/bw7Ou2Ab5rn9qoZCJW3h/CDPjIJS2O2ondL27ExwO + kD8cMVA36Fc72Tq9U5BPCm4tSFLkcCiRj5UufcN18nRUiG3aVy114xgGhaYSDcqM + ncMRSljRgfEOb7Umxmx2hEGQbjHQ/hPpSu3whY4/6fxaiLqPEeq5Dx00bvVH0sVA + UsFa0pxRuLfIMNMUzfR/72wXxK9UL2cFogQsPKqrx1zvh4vnozSqq0blQsOxPAgl + fgte+YYvVKmP+4+KcO7T78NMUwSL4g0TyQzHB++C2O1bIVfC6o42VQ//U1wd+v/S + XgF8TYtwKT2ELmdcxmRK/WUHWzdqYZzXdLtbr7krREyJGkcb5fVu96Wcc1DxowuC + c9k4/sMputEWJEqX1obJ0LZ5cJxIaxofw8D6XBcyC1uvFM92y3xRTu8r3Zw4XN0= + =D+y1 + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-06-03T09:50:00Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWARAAgBP4INh9CtaqRsC75htdtLWtwVh0o+VH1hfTdePwVhCv + DnhOSbe/4l3LXFoZ/ycvTT/JL/fLqdSTlMCO/FPHM0tmbhg7cgibt+ZZK7fy3xaX + OkoG53FAuZ+W/0dFLaGwMhw1kH/bRhVScYCER22DtY45rerpR4OoYD/EkLflIF0V + 8QxZ6CgNSvWVAROpWAvxWiv45mv03uOscF+uArtdVM1msM4bU/74IMh4swg4RVcR + YMl1PQiyV4hGHcEhWKiRPcTBjwCYmAxN5gVKVK+zScrKZgiKRNCS6GeTJcuE3VP9 + 7DqXQNSt8Ar2Hm5JeG1GV8Q/I5tcBLeeURTf8Fw12dyNRso28crEAWjSjq715SMd + dHrop20y/GoPmUmdEBtw8wJ+sMvvqQNW+cw+4A/MepZ49QjQWu39KYVecrnIDL25 + c8+LnfUfhzkzKcCfFSVE5rns0h3ep1uEsFJtDyYCeRKPqbpq40SeKeqQ5SwNhTcK + 0yTiLgA95vGC/iySqEgBOLV3i8rotQk9Ptgs3Oq2Il+Nz+gUCEAtBgz/5rVaB4ix + oW/Oyqk5JejUCmdDGwemalzi2oV8O8nBKYBeOk5cpCLwTmeDLB9Kih4gIEJfZ4u7 + G03pYv9uavvt9kJLpi3iA5HpNZudxRwdHOr0uqsBZO9/TFhjyjUE/gpjjI2PEpTS + XgHTpBTqLXn/YAJzhaM5AgneKNGBGXw4YO8tpiXB6hMymFWu03wkcsYNG/mIX1xh + 4dyx2PAdhblvy5wyazMdidEsBXYvgPNbCN+TQGKiSsUPGgb/RJLH6DNNxkoBsXE= + =Q9Ty + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1 diff --git a/config/kustomize/prodwork01/secrets/keycloak-creds.enc.yaml b/config/kustomize/prodwork01/secrets/keycloak-creds.enc.yaml new file mode 100644 index 0000000..1c45a3a --- /dev/null +++ b/config/kustomize/prodwork01/secrets/keycloak-creds.enc.yaml @@ -0,0 +1,101 @@ +apiVersion: v1 +stringData: + password: ENC[AES256_GCM,data:ywMXFI4c5FsaSHdqD183A8Z03Xk=,iv:t6v2ccCBFCItJtvMhUZPXppes0YjEBjaV4fHrVZ7+z8=,tag:4RyRblFw7uoSpj9e2+gEFQ==,type:str] + username: ENC[AES256_GCM,data:utROku2xKybzIcsTuJ4=,iv:mVIEwmRKxX804R5ySc0nhXYNPASkSUbD4t4RjuuiPLY=,tag:98nJ0hNuCqwwDXG4pzdhDg==,type:str] +kind: Secret +metadata: + name: keycloak-creds + annotations: + kustomize.config.k8s.io/needs-hash: "true" +type: Opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-03T09:58:18Z" + mac: ENC[AES256_GCM,data:9w6hWpxxL2toGmHlND0D5qV2wuTkOIPu7NYJYrkqgVLu9j6nwKrl2LdX5XDBo7ra8/3rX2VB945Eb4F1tsp9oy7ncudOfsqfY1hm1pkLKfvH8qTrR0Kq/Ir8lZ+ocj0GEVUSuywj+P+d8GCtrnzI4c3H5/4dyw5X3Su0l7aNvRY=,iv:DuAflsIyQPX+yCmA+/RFpqQyHQEMvtdfLVOfCwxzZEE=,tag:1bm9kJYWggCCK1NtN60F1w==,type:str] + pgp: + - created_at: "2022-06-03T09:51:36Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA911WKxzIy2nAQ//YIk+MPrxai3SDDhm+f4XJM6/wbIuCAuNB5dT789M1Ket + mIDbXmBuOO1pGoyZ1FNqSZZ+6pvuJdg67Dag3gWKESA/Qtz1/X/f9cl/u9XAlmHT + LyFmZ2CPsEgchcIT4RM2rcOC5w6AwYEEuhkS/wt+UaUU5wQqWqMJqjj3N8SrcUMm + Td5SKge+dahzdqlo2uQexw5/yW5CmSIwaxWBpRxowTRDfk8OytlLIabp5hH6kHkW + rJcOWgdbmkNIdokxMbcfC6wa5amhXrOtTPG+9WjBbE2Tjp48rk+UaQIppSz9RXwO + RhtYbpDOAt0B5o6zbL3Cecfe/ARV4VZtu5KAmknSqfUcVVeZskF73LZbBkN6i2Q6 + pvnvkRhujbkvb/tZip9uATZF88YemY6RBse8it4SJg3D3K8yk1QP8I/suFKtdBMP + eGQJQCjWGAsufrYKCFEXzzs4sDJc2fymksLUzjoShJpoKVtB3YCbIAHrMZe6BDHS + 9HYNPXtG9Ey3IRKjEgaJGIfqL8gxp0/rcHPffDAxmb6GSKGFCWgzkgy9TqMcgoE7 + QyI0hoxE2BB2Q2fNoOmAsWBaTbwn4/9wvyZy7Qyp7gJQnWGdBvlXxRZ7sBQFuhMx + BN4LtdzXmiHxV1Sg3kfKSToieQEvwGkWc3O5FTWkQ6mV/fDF+cIuUrW/gkT13lbS + XgGcY2WQpigAAwmsLTDIedk7LcR7PjFzFvTpSnhijK7Dk9/Rppc5A+G1kbrheh8N + /sLOqh3sb8GR3ZkmXepIr8rP2Lb6yKZ3zuesTyOrO09OmxXLQK9CZMnpRu9agrk= + =9VND + -----END PGP MESSAGE----- + fp: E5B4FE1E0209DFFE320D2A2E47087747D89B72EC + - created_at: "2022-06-03T09:51:36Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7AQ/+NMkKoHTweH3uB2PIjAd2MxAYkW94UCu4NpPVWmU9dCfs + /GB6C/wOLB77/9jiX+QZ0uKWi+fgH3nxg5il0ZKAgRjXwkG7AV2u7IpvTfmkNiwQ + Kjvgty74xWhQP66PL0BE7CivdzCQT5H/xeQZRyhvUTKyjv5oO5MNC2YPbJ3FB2qE + +CY5pvZe+J9RYmwfr7llL8Z9G2uRE806vaPftJBbyDrMCa+0hpDjNFDovHSyFh67 + p6WpQRTXZ3/v2o0U9WkboxbnmalJONPkmcipQypO3cMdzAemNEGkpvxJnqBNY2Lo + gGygBZLUpFBG1PKkbrv2BFoGE1k+2oaQbfZjoH8SJYAye+9bnJ1JERQZ2o875G8M + gYJoh4x5fvVgWIl043ylpu7nWQFbv1LZF6QPz0qyEhvQHrG+nOrQoQ25GCXhQGgR + 79pXEcxdWULT2SYiqJyg71e6uEGBAT8tyKaUKrvhYzPv+lcUxKMNi1eRoqOEfukJ + /LOQcLu10OucMwbuP+Odg7Rtks5nOsYURPMstHgFVLNs3KqgSv2EYUsdA4ThTcGl + TaDsjrv6xwTUuYHf3WpImNt/BEiTS9UCtg5re1O+Tye8/3/Utcur8xS/AHEkQXFK + kMRtg94wE0JNJZ6DxYisAqZnZWOqVDkm/VMQ8NqJHPIJO1DXByDjD02ZME4zUJzS + XgEi9yGp9Kti6QV1iYZSe5CD4X7TWUBo+6trDLUOpKNPyr2cR6zowXt2YDyJSSm3 + e280prMw9RL19puliswGKDIfNsksywWubL51NJKKpP2/QyeNYpAvZ61q4RLgks0= + =gvVV + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-06-03T09:51:36Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bAQ//TUBF1IiQkxKZq7hs1sMe0qMJxbqAvx8NCjehJ+PYTDFP + JsZPoYZjwsReuNIQaadI/6Do+maJ2FK27s4LPZ5+9cU0xTjX8xB/jJZqFrph4S8J + zMJeJQxtuMreSm3QmdyU/5xNoUBhUoYmyFsJPuODR77fZqChQ80xTSH1XjIsebDG + wc4NAgM5VJcXjDgmvgdXvmRbfwXvkI0k98nQMnWn8eKWTAVZHNR583md9Vx4+Yoy + ma5ySu9bS5gd/ZV9dB9j8O4Pjz1H+6FLIlldnAV6y9S+zHSj5NjNoDI5iY3zcW1c + 8U+H3MF2KQ6d1CqtZ8QYCbZdmng5pRiTokIUiFUPL/Qxb0+Jsmcnl/lPGBi1u/ar + 3th2Ms4+Y4S25h9zc3ld4fCYjtPkHLAurMdIybetKvak14/f7AUgt/WUwYQUCItk + EPts2hAjJWGkIDoFrisFgvRNiJ62S4PekGYsfydwRyQKp8BCxkKt3vkW8T8qBzjN + pOliS2tAgCV/r1tEa1qIn7BBpqFo8Y0jdEbjrwx5PMGD5gr3/CYPirpXB+wHZFX5 + FocoR3QIZj76jppllSXqfyORiECpaLTiuxXBS41X6ZQsfOU/aZm2miqGZvM7t5RJ + JSBUEzMuLw4H4y94hZ8kn2mM91ItmXfM5wlbq0+jrhrCrB4fhO0ecmW0+MYFp2TS + XgFl26zTDD+8wEYurfSDXpe1v4ilvXx7BiIfYmtm3GV3sQnEhgpcpcdEL2Nf1dg3 + neGbqW+YhKNtKldsGXxqyAQzGpDCK7dtMq/ljnxTTMjciO+1v19pfvSE2VnA9wM= + =Blxz + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-06-03T09:51:36Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWAQ/+NNb1zGb/BmkbbQkcfyj4EE5o5uGjQM841ObafkUceJyO + HauXCm71qxvtX3RnIZFWrYd6jED9J6DlUcFXnFQSb54MA5kxLku8MKJR49umoCuE + pQtowMJgnZ1B1Gxcm8Y/s2yAb//MGgqC5iIPMOcyiHIO5TGTcJ6sXf9jvKMsIAlY + 7tek1SOgv8/oXkvg3HZDJ74wrawtCE4Ws/HdxmXUbpHDxfx5MPiJNmd8TO7Sy6Vc + /KYzBhEW6StvM2NSTLS945bCyDdr6g+5WByo6cEUE/dFYZn6z9haXW3/SsbbnfrQ + Yfry+7zMfhGWwbT3ZMZm3wruakoY+Sb5rgQ7eUZb4KqwBA38S4Rghz7cSG2RlMiX + GT7pfZr6Tu29JU4olyJVKWW0/YgtDdssdc2SKbmHZneSfxIB01F+kLVHXUbK+mgb + Y/27ZIb1F5Ul1LiYXD6+OUfEn/HQybfdQeeN/bVX9dAtGnp3Zwhfq8rqdhr6r/AG + /jHJAMXAasHZG9tAqNnKtqsdQmlxXCT01fCzdGzTNlNEs/TV7tm2rL2Sjm0sLmeF + zQBz5znOwEooazO58gHFN0TNAMQc0INJYh+4IuDw0nHen9A2P3cZh1x3Nl30krGB + cT+gfLNZdrmXcJHN7BHXAUcPI54/bD83j893z8zpHAqCSB0v74ImmWV3Hhp/wRbS + XgElQUTzON2KkYn2HNd/GlpidQMcxFXKNLSLkn2nnAwu75e88YSumXDMgf0F7zyf + AQmcMW5uXtNodeYHFC4kqXGg+PgAzo4lC1FZtmgUdCMcLink8Mm5+yHNr8EitTQ= + =ItVl + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1 diff --git a/config/kustomize/prodwork01/secrets/keycloak-database-creds.enc.yaml b/config/kustomize/prodwork01/secrets/keycloak-database-creds.enc.yaml new file mode 100644 index 0000000..c65126b --- /dev/null +++ b/config/kustomize/prodwork01/secrets/keycloak-database-creds.enc.yaml @@ -0,0 +1,105 @@ +apiVersion: v1 +stringData: + database_vendor: ENC[AES256_GCM,data:WfF/RJ82oCY=,iv:ym/o52kT/o9dNlSWArUPLmOixH+HwUKATOzPqmCFj8s=,tag:8bKCFciJeZdIrP1zHdpgMA==,type:str] + database_name: ENC[AES256_GCM,data:RH2+u9kxz88dU8Y/M/hDoQ==,iv:bUD2RuzrEWyh8FDgtfH2w30gqX7AiIRfHKAd3Rwsu68=,tag:duWtgHUFdfpNaBXUPK92jw==,type:str] + username: ENC[AES256_GCM,data:UQKkNbbpt89/0T6g1J21Uw==,iv:DaX7eBunJ5RaHXGCGboDNwdw00jxkADcFXXE3gwXkW0=,tag:4zfNYffzNyUIdx3njnBejw==,type:str] + password: ENC[AES256_GCM,data:c6U2rR39AAUcE4U11BaNvnpSm0E6TdE=,iv:X6oKLy2Fi53GtFYENqLBcqTUM16Gabyujpk0c8sCJeE=,tag:WfF/+aFKsU106YTswmp+KQ==,type:str] + #ENC[AES256_GCM,data:ub2RPej/n1wDvuLZKRzcgxGYJMcGVdGkQqq7xZT5/e5JlD4kfdYK,iv:twYEcP3ZCBmfurxdQLKCQwb2oHZDJnplJljWcGJ41/E=,tag:gNLD7yS3iT4ENsFUTWiQPA==,type:comment] + database_host: ENC[AES256_GCM,data:YVRKeqdZnX0=,iv:sL3uyZdciGtv6mu4xOjiQQjgyg+KvKo+n46XMVZlxls=,tag:OJ+/867cbcC6HBg/88KIGQ==,type:str] +kind: Secret +metadata: + name: keycloak-database-creds + annotations: + kustomize.config.k8s.io/needs-hash: "true" +type: Opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-03T09:57:54Z" + mac: ENC[AES256_GCM,data:/+djoeLIJrPS/9LDjGmq6WDw3UeZ+YkD7FNiAVH6lpR1sbGp78HwIdZE7RY7seqjWyDli0VdrtYEY/E+ky4jnhfZci5JxGJR0cBWZ9KWFNppDR8PL0H/co2YuG7ytRgV/K1WheXjBbKRirYntDyDeLnPcIHq+fwvIMw4Wl8w0/o=,iv:bJ4CI9AD1kxLbZNjO44yEWzuXBseFgCOCY+s8VAxKZA=,tag:CVpy+Q8k20PB87yUOOrGPw==,type:str] + pgp: + - created_at: "2022-06-03T09:52:41Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA911WKxzIy2nAQ/9EvCfGgcgpYKJ+/TOS9fATI1JeHhBefFRU1gs4b/JJ1nH + rNAQyDTcddfnQMxsanOIl+rojkWghBtF91JRdJH+UKTQAsYAz8lfxPMO796UVQXD + aWiwsnGAjTr3B3vX0pXFEPsRtCK++CtnG3yJOGiLLB7kGop0Jsw/HyckcDfS4ohS + ftZQDEcRF5gS3mg69Sb+0zha8gWIdzGuDCApQOs3gWOAE/etfz1bXszZPrMdKN5s + TJRy06tqE3MwTuuDt5yBEOmWxftEo3/rr4Ed5Y2xGSDGCS1BSCb9/sxJ6U3smQPF + WUWHfxJrkzh2D2yO35BaVb1QIhMC65j2ZagbgQPOzwY+cVq8mXd9vogv8DEhJFd6 + VKsgdv+GvKFe5ohcNdXLFRGJC4TGuBNHwrgdpN6atT0ReJ/nnna0VXY3q9avYU7y + qDOU623FmXN6LAq2PF6kSkhnNogFV3dqjgLtChv0o3lTCfd3sm4uf0/EOT+KAvUm + Y9aWIEliEVEcCqxWC4WeZT4fY0SjC2dfmtFu0wcDuySzmWexF0nj08SE5aQC9noe + vr6OCAJGESQ1VpnKh1GN41Sc9gdh27b3vGI4i0+m7Kt5KEHf+oitbEyMe3/9lsiI + tVJfh3s4gHDCxwaVpFuPcPC1CBd2nIMUYbWXRZYQW3QihThGJdZAAkFZaal3EVnS + XgEOptM7rVx+rg4W7kMAdWpA4gJZIYOBg51TP5jyZuwVuYCGHUV7fZVBdPvH7zk0 + ifPDjL02C9s3RJplFU6yf4t5IxOg5E1tkx8QjZQfLG5Sg3RcshLwQBOFtHVL+JM= + =zj9E + -----END PGP MESSAGE----- + fp: E5B4FE1E0209DFFE320D2A2E47087747D89B72EC + - created_at: "2022-06-03T09:52:41Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7AQ/+Kyk+aoDEJmQEDjUL7/WqHBnPATvSXuUhgtQlhRCcq6zW + lgTqmXL2coPiAfAWEaPg0xKrZ6xy8091UjzS8sgJPQHqqNsXaimuIgxnCQz2WITn + NNrd3KTEuwdZ78JxH+5HrCrnHZ5IB2iYQXvpXMnZ2Shuwq/T2vu6XtFVDHlYys3S + NxlR+4J8iq6vBmZv5L2fuk6/WQjbxUEcHgQIyn2tQFs4pbfD6urB6twOygGFea4G + blHMQfpEHF/fYc36lnGNoFMHdFrLkEO/icgwBvIn25+zdRizjViBhV8aQWBXinW9 + Wuaq6jAHPeDMxMnaDFK9oshFHGHrYHAnNiAIvpOZgccEzbo5pbFsv6Gpx7Uc0f61 + kUxLqV3sS9ib3Kku2ph5hTYvVBOaYngFewOx+Lwh0Gv3zskov8EkdaGki3ZEVtwW + GSDTBAtRDxPDyuEMtqHA4rVV0bTi5DrC4p+4nmN8SiDxifoAOKmOACKfEfyGLb3o + aXzesbxGAg/0Zzr6GLIZK6BORtqaAz5B8Y4WVE1mzaf7fjMUTWiRxgI2iQCcvBTd + x+TK//GgETjeTFhZKEDUQAEFke7jgzVoDkvNDKuZnfcRu2ktleKwYwfSDyklMeYF + 6fhxIFod2JDOnifq63B0ToTxwEXi8xxlIJMRTAff1A4b4nSZPCffBQUFIk1PxSnS + XgE6qPDaO98DHfhxPG5ZHcW75k29iBCBEbu2ebwuHmYD28KnPttOxDo0G9bIPCBw + KElPzY6u/epBvvL2EmaMMhgSYmfS9nAFmg0+YH+FQ4ECI+COr3JvPnTZdg3b94Y= + =S57F + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-06-03T09:52:41Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bAQ//dmtNnvdwZ9xu5kk6mGOjDydRhT/bfFsfzgmMwdAGrGGt + jE1oCOeU5DspDmPAThe3kpJLPj85flBvV82bc8Hkr5CCbpB/v01hj4g6EgDixcfQ + TvztaFJqRTRiklEros+5Dz+4DjFsJkj5aw0/t8rVeQEiNe971TneGLAcL0venddc + JWhtTR4FoXjlvdxV0UTzXhmDOU8iK9YAZKVvZjlr7dwt3JbB/D5W/k1qPmmlYO13 + wyTFk/XCnA7q35TAYw+uNKi6Nt5fFNYFfad8V1KCtDQwUccNFsGd4m5OmX/8GCA8 + Y8QnUjZN/P0fcUBoINim4IfLyY6r2gf6Qj8Rw/BV63ATOK8/ryRzfZMvep0EPcoS + mJgjoh12YOMISFDjYGrYk2Fhbg+512ZPRi9aTAft/6YI/KwGerDF4M85/dCSnbWW + Wz36iNRD1aybxR5yjbCglwaDeRg9Kjczk031u/NV08AkUKX/ETqaj7gEH3sbhI0u + md7FDEpS03oE7hm+Y++9x/xVapWGqO68YtQ7t/JqnU3TAuAj6hoLiBXm2vObB90s + X6UDMuP9paHDTe/tjrHB3BGBOVk+6OC3IZs+WDEDsBTldwXaXk5KW4JRlW8ISuAR + D+BztukEAMBF+DGi5L6QlyPQvq2wIi6e8zEEzWShdVsy/lYboL1opjTSyRY6NbrS + XgH8j6Mnf66KH9+NVB0oIPT0AyPuVLWXpLhRqbFYZjHEmDtJG/Xx5WotdiuTxSZO + TDKM5qzdQNkPCG7Lus/sU2w3tzBaafaeF3YbyQH7fMVb4LO0bh0MA/IkVyzcL04= + =OpAy + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-06-03T09:52:41Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWARAA0ULuAZRpoFUgYD2phZSWR1IT94Bvup/MjbXGm7EVWCfx + lJlxPcFiIradWNDMRKp5KSPg2YxzbT8hKbRkbsNJixDsjFpiTmRTGzt4D2NuM3uL + IbXezM5MAMMPyRBm6LH6WodkJNH22HtIfH6xFKc407KyDlM4wx8bX9/92SsSP/ot + WeemAYteDMlEfP/WwI8xnTMeQDMzapv1AxH7w/v9e4l26anlUeeETfc4jDI3TfpD + qf6BTjx2I1v8NsTzbxSXUc0wsGDj3I8QS6OH4BLKnk4lBns7I/q5ztALH2F4pUpe + sEmO3yTSuUwDz//LEXSUAf4NvsOzdX7VBMh3HdNUqXsRre5R5koU890OSobJgYfw + Sg7iadgguE0X5k9K/A83S5QUZCYAwAtoi+pBbl1+FcWDsyxmV1wL5GyVrT7DdPhy + wFdBLYqn8u1tRgsdtfCVz1OR77O6fEQ7O+XQ1UhFRJaXGQLuDj2Kf0tjy7Dl9wZR + 2BtjZCUl/mzsiytpRF6BqFTqzLDenT2MKytRn4AMptvJQZPnb2hYhdCAOcHyFgcn + N8BNgZUaC420LvzMn2qRV1uvM1bWmrUzYeEClUT0e19w/nF9jkXpNe5FCbXcaXfi + 8gmAfIcS4+WD4NNsao/3ymys+fr9rY0Ftz1oeHpNrdudhoUlP/sUIMo3CA1ZZCHS + XgHQWTgudHefjfFdi3lyXTw9WIhpSqRqoAEAoYErGn/1LdLTY2LnTEGDkvjnFj2z + PqrbaWXTmUZeSKi2omApaQ9np89mytzfIRnxtM7iMjRlarPdbyBpJo+yTnl+eRA= + =BqLB + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1