From 0fa7f5c1d5133b0c09870e05e0f6a443ee679277 Mon Sep 17 00:00:00 2001 From: V Date: Sat, 6 Dec 2025 14:26:10 +0000 Subject: [PATCH] added values for nfs helm release --- .../storage/controllers/base/.sops.yaml | 5 ++++ .../controllers/base/kustomization.yaml | 1 + .../storage/controllers/base/namespace.yaml | 2 +- .../storage/controllers/base/nfs-config.yaml | 26 +++++++++++++++++++ .../base/nfs-subdir-external-provisioner.yaml | 4 +++ 5 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 components/storage/controllers/base/.sops.yaml create mode 100644 components/storage/controllers/base/nfs-config.yaml diff --git a/components/storage/controllers/base/.sops.yaml b/components/storage/controllers/base/.sops.yaml new file mode 100644 index 0000000..7d08d97 --- /dev/null +++ b/components/storage/controllers/base/.sops.yaml @@ -0,0 +1,5 @@ +creation_rules: + - path_regex: nfs-config.yaml$ + encrypted_regex: "^(stringData)$" + age: + - age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq diff --git a/components/storage/controllers/base/kustomization.yaml b/components/storage/controllers/base/kustomization.yaml index 7fba198..92eb835 100644 --- a/components/storage/controllers/base/kustomization.yaml +++ b/components/storage/controllers/base/kustomization.yaml @@ -3,4 +3,5 @@ kind: Kustomization namespace: storage resources: - namespace.yaml + - nfs-config.yaml - nfs-subdir-external-provisioner.yaml diff --git a/components/storage/controllers/base/namespace.yaml b/components/storage/controllers/base/namespace.yaml index 58986a0..28088a1 100644 --- a/components/storage/controllers/base/namespace.yaml +++ b/components/storage/controllers/base/namespace.yaml @@ -3,6 +3,6 @@ kind: Namespace metadata: name: storage labels: - app.kubernetes.io/component: admission + app.kubernetes.io/component: storage toolkit.fluxcd.io/tenant: platform-team pod-security.kubernetes.io/enforce: baseline \ No newline at end of file diff --git a/components/storage/controllers/base/nfs-config.yaml b/components/storage/controllers/base/nfs-config.yaml new file mode 100644 index 0000000..324418f --- /dev/null +++ b/components/storage/controllers/base/nfs-config.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +metadata: + name: nfs-provisioner-config + namespace: storage +type: Opaque +stringData: + values.yaml: + nfs: + path: ENC[AES256_GCM,data:N0hfjKR7uEbr+qX1ayasuh5Gbuw8m0kR63swdPYb,iv:Yj/tk4BpJ2jp4m1sSLL131UJ2+eKdBBlgfYe1KqDaFU=,tag:BqV9r8NoVKdZZxGZIMrF0Q==,type:str] + server: ENC[AES256_GCM,data:85mtz+kBLx/p3jI=,iv:nAwUm5wCjNmCIBThjx1YcsAJaeKMH+hXYv188IySTKE=,tag:Zo54yAtD3sTWFUpaQKfwIg==,type:str] +sops: + age: + - recipient: age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTd1dQdEttMG1nVURNTVdI + a0VVR1dtQnN3MCszYUl2SlJYMXhLK0pyQUVVCnpVeEF2MmY2MFk0ZEJjSkc0Tyts + NjBPbnpPT2dNNWpLMDNQUjhZTnBsT28KLS0tIGlkcU90VFhQMFdRTHV6bHBIU2cx + a1JiQTVkdDZBdUxCL1JSR0trMDRCUXMKODjDzI8pHcXM+ckKD4YSkOg0vp/wGs+X + AGzQzWAOd9zr4Zk1ZXIiVPx2DIPtS4IPt+ESdrFzX+HJBGpEbVFgXA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-06T14:25:13Z" + mac: ENC[AES256_GCM,data:6lQzd5Zw2Y97RfUPQXsv+BhxPipAD7/2kDnQImGYAB4mNJoRIcFc3Z+jaIEgE6AUqE+HRJrdbrrXJ93pFEw7w9v9BbWf9fCUfsL5WTZmQBsP6+1JoOhISVyVaTa0CCZ5ZXpdizugvKEcZZcLhfIvOj9uLXxH1bFBYAbunbAVEos=,iv:AkZ7nqxKFmApWkYdac8tMPS1rJJwTxhBlqnPc1VNMIc=,tag:bVNU7AhfSNOta5i2PWY0Sg==,type:str] + encrypted_regex: ^(stringData)$ + version: 3.11.0 diff --git a/components/storage/controllers/base/nfs-subdir-external-provisioner.yaml b/components/storage/controllers/base/nfs-subdir-external-provisioner.yaml index 1f3856e..86560dc 100644 --- a/components/storage/controllers/base/nfs-subdir-external-provisioner.yaml +++ b/components/storage/controllers/base/nfs-subdir-external-provisioner.yaml @@ -34,3 +34,7 @@ spec: timeout: 9m remediation: retries: 3 + valuesFrom: + - kind: Secret + name: nfs-provisioner-config + valuesKey: values.yaml