Testing SS on amd host

2025-11-17 21:58:35 +00:00 · 2025-11-17 21:58:35 +00:00 · c5e47bb142
commit c5e47bb142
parent b322446b0d
9 changed files with 74 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -2,6 +2,7 @@ Repo for storing the home lab's K8s GitOps setup. WIP...
 ### WIP
 - [ ] configure ingress for Grafana instances
 - [ ] update repo README
 - [ ] move all apps on old-reliable into Flux management
 - [ ] switch to branch based operation  (merge feature branch into main for any changes)
--- a/components/monitoring/controllers/base/kustomization.yaml
+++ b/components/monitoring/controllers/base/kustomization.yaml
@ -3,10 +3,10 @@ kind: Kustomization
 namespace: monitoring
 resources:
  - namespace.yaml
  - kube-prometheus-stack.yaml
  - metrics-server.yaml
  - rbac.yaml
  - grafana-auth-secret.yaml
  - kube-prometheus-stack.yaml
  - metrics-server.yaml
 configMapGenerator:
  - name: flux-kube-state-metrics-config
    files:
--- a/components/security/controllers/base/.sops.yaml
+++ b/components/security/controllers/base/.sops.yaml
@ -0,0 +1,5 @@
 creation_rules:
  - path_regex: sealed-secret-seed-tls.yaml$
    encrypted_regex: "^(data)$"
    age: 
      - age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq
--- a/components/security/controllers/base/kustomization.yaml
+++ b/components/security/controllers/base/kustomization.yaml
@ -0,0 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: security
 resources:
  - namespace.yaml
  - rbac.yaml
  - sealed-secret-seed-tls.yaml
  - sealed-secrets.yaml
--- a/components/security/controllers/base/namespace.yaml
+++ b/components/security/controllers/base/namespace.yaml
@ -0,0 +1,8 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: security
  labels:
    app.kubernetes.io/component: security
    toolkit.fluxcd.io/tenant: platform-team
    pod-security.kubernetes.io/enforce: privileged
--- a/components/security/controllers/base/rbac.yaml
+++ b/components/security/controllers/base/rbac.yaml
--- a/components/security/controllers/base/sealed-secret-seed-tls.yaml
+++ b/components/security/controllers/base/sealed-secret-seed-tls.yaml
--- a/components/security/controllers/base/sealed-secrets.yaml
+++ b/components/security/controllers/base/sealed-secrets.yaml
@ -0,0 +1,20 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
  name: sealed-secrets
 spec:
  interval: 1h
  url: https://bitnami-labs.github.io/sealed-secrets
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: sealed-secrets
 spec:
  serviceAccountName: flux
  interval: 1h
  chartRef:
    kind: HelmChart
    name: sealed-secrets
  values:
    secretName: sealed-secrets-seed-key
--- a/components/security/controllers/dev-amd64/kustomization.yaml
+++ b/components/security/controllers/dev-amd64/kustomization.yaml
@ -0,0 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ../base