Testing SS on amd host

2025-11-17 21:58:35 +00:00 · 2025-11-17 21:58:35 +00:00 · c5e47bb142
commit c5e47bb142
parent b322446b0d
9 changed files with 74 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -2,6 +2,7 @@ Repo for storing the home lab's K8s GitOps setup. WIP...

 ### WIP

+- [ ] configure ingress for Grafana instances
 - [ ] update repo README
 - [ ] move all apps on old-reliable into Flux management
 - [ ] switch to branch based operation  (merge feature branch into main for any changes)
--- a/components/monitoring/controllers/base/kustomization.yaml
+++ b/components/monitoring/controllers/base/kustomization.yaml
@ -3,10 +3,10 @@ kind: Kustomization
 namespace: monitoring
 resources:
  - namespace.yaml
-  - kube-prometheus-stack.yaml
-  - metrics-server.yaml
  - rbac.yaml
  - grafana-auth-secret.yaml
+  - kube-prometheus-stack.yaml
+  - metrics-server.yaml
 configMapGenerator:
  - name: flux-kube-state-metrics-config
    files:
--- a/components/security/controllers/base/.sops.yaml
+++ b/components/security/controllers/base/.sops.yaml
@ -0,0 +1,5 @@
+creation_rules:
+  - path_regex: sealed-secret-seed-tls.yaml$
+    encrypted_regex: "^(data)$"
+    age: 
+      - age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq
--- a/components/security/controllers/base/kustomization.yaml
+++ b/components/security/controllers/base/kustomization.yaml
@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: security
+resources:
+  - namespace.yaml
+  - rbac.yaml
+  - sealed-secret-seed-tls.yaml
+  - sealed-secrets.yaml
--- a/components/security/controllers/base/namespace.yaml
+++ b/components/security/controllers/base/namespace.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: security
+  labels:
+    app.kubernetes.io/component: security
+    toolkit.fluxcd.io/tenant: platform-team
+    pod-security.kubernetes.io/enforce: privileged
--- a/components/security/controllers/base/rbac.yaml
+++ b/components/security/controllers/base/rbac.yaml
--- a/components/security/controllers/base/sealed-secret-seed-tls.yaml
+++ b/components/security/controllers/base/sealed-secret-seed-tls.yaml
--- a/components/security/controllers/base/sealed-secrets.yaml
+++ b/components/security/controllers/base/sealed-secrets.yaml
@ -0,0 +1,20 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: sealed-secrets
+spec:
+  interval: 1h
+  url: https://bitnami-labs.github.io/sealed-secrets
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: sealed-secrets
+spec:
+  serviceAccountName: flux
+  interval: 1h
+  chartRef:
+    kind: HelmChart
+    name: sealed-secrets
+  values:
+    secretName: sealed-secrets-seed-key
--- a/components/security/controllers/dev-amd64/kustomization.yaml
+++ b/components/security/controllers/dev-amd64/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base