feat(downloadarr): set api keys & security context

kid · Aug 25, 2024 · 4e7437d · 4e7437d
1 parent 2fe13c6
commit 4e7437d
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 32 deletions.
diff --git a/clusters/base/apps/downloadarr/api-keys.sops.yaml b/clusters/base/apps/downloadarr/api-keys.sops.yaml
diff --git a/clusters/base/apps/downloadarr/kustomization.yaml b/clusters/base/apps/downloadarr/kustomization.yaml
@@ -4,7 +4,6 @@ kind: Kustomization
 namespace: downloadarr
 resources:
   - ./namespace.yaml
-  - ./api-keys.sops.yaml
   - ./pv-series.yaml
   - ./gateway.yaml
   - ./prowlarr.yaml

diff --git a/clusters/talos.kidibox.net/apps/downloadarr/api-keys.sops.yaml b/clusters/talos.kidibox.net/apps/downloadarr/api-keys.sops.yaml
@@ -0,0 +1,38 @@
+# https://kubernetes.io/docs/concepts/configuration/secret/
+apiVersion: v1
+kind: Secret
+metadata:
+    name: api-keys
+type: Opaque
+stringData:
+    SONARR__AUTH__APIKEY: ENC[AES256_GCM,data:3EmQno9hdBUt67sZYCgwcJNMq+s=,iv:C6UZbOjGcPwfLdxPstIzyJeHNWPdy5jcwiy96cLLRlU=,tag:pth+Ym4adAR4kuNoKrrffg==,type:str]
+    PROWLARR__AUTH__APIKEY: ENC[AES256_GCM,data:CGlLMuanf1hVyvpkotPE1+2nOd0=,iv:R+X0ottx59KajDWs2fWZ+OkUHj2xa9adtuHmOidadTU=,tag:OU5TmYQfJPEBHn7huYgRdg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1dghfu7sxwlkf4626eywmgr63y2g7m4x8zs8a6xt2zay3x7dclpnsw776dd
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlazJvdmNCTWV2eWpWc0ll
+            WFdWK0l0b0pIMFVvTzd1THdacExTQzBRaVFzCmtlc2Zzcktrbk03UjRZaWZBRGFQ
+            QUszN0RQcE1TUWs5alhMdk1LZmxmalUKLS0tIHBISmZ5dTM5VkhBRG5wa0ZZbmVl
+            OEpTK0s0eW5vTlNaS05UcmhWRFBsMXMKburrIAapmU7rc+gPhiXULdCssLaWn5A4
+            1JRjyDuGGDojuMTy12kS1VpPOfBhoQvy7CoG3MdJvdr28k7NfTdjOA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1d3fhnsrjptnrvelew39xux2mes4d9zt8eyem3q5mpccav5g4fg6su9mx29
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtck5NK2ZwMXQxNk5XRnlo
+            ems3QzZnelAyWlRjS0tKV1Zhd3JJV3YyTDNNCmlFTDRJNFlPMHZ0UDc2RHcxQ2tk
+            VERFQndMN3pDRm9mSVlHUHRHcE1MbjgKLS0tICs5bzBIU1VlaHhKbk1idldPcXAz
+            clV4THVKc1REMmZpdWhxTnJWdzhHYzAK0PSmmiNbeErL6JARDaEr2RU44OOrTDgz
+            mTsIMrcVB9JVYH85YSUitApFKlYblLtktkHpMNZmTSHVuE0qMaOFBA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-08-25T15:59:22Z"
+    mac: ENC[AES256_GCM,data:gB/DWzjNVPYjxQOOpN3gAUDMkTku2k77YmaXScSy3e3HTDhcqeXqaJRlrqz7WObpGTFtC1p6MVSKZh6QU0g3q2sCoZSUzpY+ef9/248QuaaWYOAIk4/YfOkHvoWcnhxNCZVPzk8HdzEiaQKjRKiEgNH2Gcfj8A+MSNm9QZFcHYI=,iv:IcV3g10HZeOuhcj1ovesugj6VyhWqbOPL/mqCjrLr7w=,tag:cjayC5XMLOennnoFUyiU/A==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.0
diff --git a/...s/talos.kidibox.net/apps/downloadarr.yaml → .../apps/downloadarr/kustomization-flux.yaml b/...s/talos.kidibox.net/apps/downloadarr.yaml → .../apps/downloadarr/kustomization-flux.yaml
@@ -5,7 +5,7 @@ metadata:
   namespace: flux-system
 spec:
   interval: 1h0m0s
-  path: ./clusters/base/apps/downloadarr
+  path: ./clusters/talos.kidibox.net/apps/downloadarr
   prune: true
   sourceRef:
     kind: GitRepository

diff --git a/clusters/talos.kidibox.net/apps/downloadarr/kustomization.yaml b/clusters/talos.kidibox.net/apps/downloadarr/kustomization.yaml
@@ -0,0 +1,7 @@
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: downloadarr
+resources:
+  - ../../../base/apps/downloadarr/
+  - ./api-keys.sops.yaml
diff --git a/clusters/talos.kidibox.net/apps/kustomization.yaml b/clusters/talos.kidibox.net/apps/kustomization.yaml
@@ -2,7 +2,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./downloadarr.yaml
+  - ./downloadarr/kustomization-flux.yaml
 patches:
   - target:
       group: kustomize.toolkit.fluxcd.io