From bfd666b9db875b5e8b1a8eaf9def68c04efbe5c2 Mon Sep 17 00:00:00 2001 From: Mathias Gebbe Date: Fri, 3 Jun 2022 22:25:31 +0200 Subject: [PATCH 1/5] feat: add namespace separation with secrets example --- .../.kluctl.yml | 24 +++++++++++++++++++ .../.secrets-template.yaml | 4 ++++ .../deployment.yml | 18 ++++++++++++++ .../environments/common.yml | 4 ++++ .../environments/dev.yml | 2 ++ .../environments/test.yml | 2 ++ .../misc/deployment.yml | 9 +++++++ .../sealed-secrets-operator/helm-chart.yml | 6 +++++ .../sealed-secrets-operator/helm-values.yml | 22 +++++++++++++++++ .../sealed-secrets-operator/kustomization.yml | 5 ++++ .../namespaces/kustomization.yml | 2 ++ .../namespaces/namespace.yml | 7 ++++++ .../persistency/deployment.yml | 7 ++++++ .../persistency/mongodb/db-secrets.yml.sealme | 8 +++++++ .../persistency/mongodb/kustomization.yml | 5 ++++ .../services/deployment.yml | 9 +++++++ .../services/echo-headers/deploy.yml | 21 ++++++++++++++++ .../services/echo-headers/kustomization.yml | 5 ++++ .../services/nginx-helm/helm-chart.yml | 6 +++++ .../services/nginx-helm/helm-values.yml | 9 +++++++ .../services/nginx-helm/kustomization.yml | 5 ++++ .../services/ui/deploy.yml | 21 ++++++++++++++++ .../services/ui/kustomization.yml | 6 +++++ .../services/ui/namespace.yml | 4 ++++ 24 files changed, 211 insertions(+) create mode 100644 namespace-separation-with-file-secrets/.kluctl.yml create mode 100644 namespace-separation-with-file-secrets/.secrets-template.yaml create mode 100644 namespace-separation-with-file-secrets/deployment.yml create mode 100644 namespace-separation-with-file-secrets/environments/common.yml create mode 100644 namespace-separation-with-file-secrets/environments/dev.yml create mode 100644 namespace-separation-with-file-secrets/environments/test.yml create mode 100644 namespace-separation-with-file-secrets/misc/deployment.yml create mode 100644 namespace-separation-with-file-secrets/misc/sealed-secrets-operator/helm-chart.yml create mode 100644 namespace-separation-with-file-secrets/misc/sealed-secrets-operator/helm-values.yml create mode 100644 namespace-separation-with-file-secrets/misc/sealed-secrets-operator/kustomization.yml create mode 100644 namespace-separation-with-file-secrets/namespaces/kustomization.yml create mode 100644 namespace-separation-with-file-secrets/namespaces/namespace.yml create mode 100644 namespace-separation-with-file-secrets/persistency/deployment.yml create mode 100644 namespace-separation-with-file-secrets/persistency/mongodb/db-secrets.yml.sealme create mode 100644 namespace-separation-with-file-secrets/persistency/mongodb/kustomization.yml create mode 100644 namespace-separation-with-file-secrets/services/deployment.yml create mode 100644 namespace-separation-with-file-secrets/services/echo-headers/deploy.yml create mode 100644 namespace-separation-with-file-secrets/services/echo-headers/kustomization.yml create mode 100644 namespace-separation-with-file-secrets/services/nginx-helm/helm-chart.yml create mode 100644 namespace-separation-with-file-secrets/services/nginx-helm/helm-values.yml create mode 100644 namespace-separation-with-file-secrets/services/nginx-helm/kustomization.yml create mode 100644 namespace-separation-with-file-secrets/services/ui/deploy.yml create mode 100644 namespace-separation-with-file-secrets/services/ui/kustomization.yml create mode 100644 namespace-separation-with-file-secrets/services/ui/namespace.yml diff --git a/namespace-separation-with-file-secrets/.kluctl.yml b/namespace-separation-with-file-secrets/.kluctl.yml new file mode 100644 index 0000000..ed7273c --- /dev/null +++ b/namespace-separation-with-file-secrets/.kluctl.yml @@ -0,0 +1,24 @@ +targets: + - name: dev + context: kind-kind + args: + environment: dev + sealingConfig: + secretSets: + - dev + - name: test + context: dev-dce-t1-hellmann-net + args: + environment: test + sealingConfig: + secretSets: + - test + +secretsConfig: + secretSets: + - name: dev + vars: + - file: .secrets-dev.yaml + - name: test + vars: + - file: .secrets-test.yaml diff --git a/namespace-separation-with-file-secrets/.secrets-template.yaml b/namespace-separation-with-file-secrets/.secrets-template.yaml new file mode 100644 index 0000000..4e2127e --- /dev/null +++ b/namespace-separation-with-file-secrets/.secrets-template.yaml @@ -0,0 +1,4 @@ +secrets: + mongo: + username: NOT-SET + password: NOT-SET diff --git a/namespace-separation-with-file-secrets/deployment.yml b/namespace-separation-with-file-secrets/deployment.yml new file mode 100644 index 0000000..6376ad5 --- /dev/null +++ b/namespace-separation-with-file-secrets/deployment.yml @@ -0,0 +1,18 @@ +deployments: + - path: namespaces + - barrier: true + - include: misc + - barrier: true + - include: persistency + - include: services + +commonLabels: + examples.kluctl.io/environment: "{{ args.environment }}" + examples.kluctl.io/deployment-project: namespace-separation-with-file-secrets + +vars: + - file: environments/common.yml + - file: environments/{{ args.environment }}.yml + +args: + - name: environment diff --git a/namespace-separation-with-file-secrets/environments/common.yml b/namespace-separation-with-file-secrets/environments/common.yml new file mode 100644 index 0000000..3cad4f0 --- /dev/null +++ b/namespace-separation-with-file-secrets/environments/common.yml @@ -0,0 +1,4 @@ +namespaces: + persistency: kluctl-examples-{{ args.environment }}-persistency + services: kluctl-examples-{{ args.environment }}-services + misc: kluctl-examples-{{ args.environment }}-misc diff --git a/namespace-separation-with-file-secrets/environments/dev.yml b/namespace-separation-with-file-secrets/environments/dev.yml new file mode 100644 index 0000000..c330a1e --- /dev/null +++ b/namespace-separation-with-file-secrets/environments/dev.yml @@ -0,0 +1,2 @@ +scale: + nginx: 1 diff --git a/namespace-separation-with-file-secrets/environments/test.yml b/namespace-separation-with-file-secrets/environments/test.yml new file mode 100644 index 0000000..46f55d1 --- /dev/null +++ b/namespace-separation-with-file-secrets/environments/test.yml @@ -0,0 +1,2 @@ +scale: + nginx: 2 diff --git a/namespace-separation-with-file-secrets/misc/deployment.yml b/namespace-separation-with-file-secrets/misc/deployment.yml new file mode 100644 index 0000000..f0d63d2 --- /dev/null +++ b/namespace-separation-with-file-secrets/misc/deployment.yml @@ -0,0 +1,9 @@ +deployments: + {% if args.environment == 'dev' %} + - path: sealed-secrets-operator + {% endif %} + +commonLabels: + kluctl-example/environment: "{{ args.environment }}" + +overrideNamespace: {{ namespaces.misc }} diff --git a/namespace-separation-with-file-secrets/misc/sealed-secrets-operator/helm-chart.yml b/namespace-separation-with-file-secrets/misc/sealed-secrets-operator/helm-chart.yml new file mode 100644 index 0000000..9b92aed --- /dev/null +++ b/namespace-separation-with-file-secrets/misc/sealed-secrets-operator/helm-chart.yml @@ -0,0 +1,6 @@ +helmChart: + repo: https://bitnami-labs.github.io/sealed-secrets + chartName: sealed-secrets + chartVersion: 2.1.6 + releaseName: sealed-secrets-controller + output: deploy.yml diff --git a/namespace-separation-with-file-secrets/misc/sealed-secrets-operator/helm-values.yml b/namespace-separation-with-file-secrets/misc/sealed-secrets-operator/helm-values.yml new file mode 100644 index 0000000..8dfeb32 --- /dev/null +++ b/namespace-separation-with-file-secrets/misc/sealed-secrets-operator/helm-values.yml @@ -0,0 +1,22 @@ +podSecurityContext: + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + fsGroup: 65534 + seccompProfile: + type: RuntimeDefault + +containerSecurityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - all + +resources: + limits: + cpu: 1 + memory: 256Mi + requests: + cpu: 1 + memory: 256Mi diff --git a/namespace-separation-with-file-secrets/misc/sealed-secrets-operator/kustomization.yml b/namespace-separation-with-file-secrets/misc/sealed-secrets-operator/kustomization.yml new file mode 100644 index 0000000..b24bc32 --- /dev/null +++ b/namespace-separation-with-file-secrets/misc/sealed-secrets-operator/kustomization.yml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - deploy.yml diff --git a/namespace-separation-with-file-secrets/namespaces/kustomization.yml b/namespace-separation-with-file-secrets/namespaces/kustomization.yml new file mode 100644 index 0000000..e1eb92f --- /dev/null +++ b/namespace-separation-with-file-secrets/namespaces/kustomization.yml @@ -0,0 +1,2 @@ +resources: + - namespace.yml diff --git a/namespace-separation-with-file-secrets/namespaces/namespace.yml b/namespace-separation-with-file-secrets/namespaces/namespace.yml new file mode 100644 index 0000000..ea8b489 --- /dev/null +++ b/namespace-separation-with-file-secrets/namespaces/namespace.yml @@ -0,0 +1,7 @@ +{% for ns in namespaces.values() %} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ ns }} +--- +{% endfor %} diff --git a/namespace-separation-with-file-secrets/persistency/deployment.yml b/namespace-separation-with-file-secrets/persistency/deployment.yml new file mode 100644 index 0000000..8ab57e2 --- /dev/null +++ b/namespace-separation-with-file-secrets/persistency/deployment.yml @@ -0,0 +1,7 @@ +deployments: + - path: mongodb + +commonLabels: + kluctl-example/environment: "{{ args.environment }}" + +overrideNamespace: {{ namespaces.persistency }} diff --git a/namespace-separation-with-file-secrets/persistency/mongodb/db-secrets.yml.sealme b/namespace-separation-with-file-secrets/persistency/mongodb/db-secrets.yml.sealme new file mode 100644 index 0000000..c59f628 --- /dev/null +++ b/namespace-separation-with-file-secrets/persistency/mongodb/db-secrets.yml.sealme @@ -0,0 +1,8 @@ +kind: Secret +apiVersion: v1 +metadata: + name: db-secrets + namespace: {{ namespaces.persistency }} +stringData: + DB_USERNAME: {{ secrets.mongo.username }} + DB_PASSWORD: {{ secrets.mongo.password }} diff --git a/namespace-separation-with-file-secrets/persistency/mongodb/kustomization.yml b/namespace-separation-with-file-secrets/persistency/mongodb/kustomization.yml new file mode 100644 index 0000000..17036b1 --- /dev/null +++ b/namespace-separation-with-file-secrets/persistency/mongodb/kustomization.yml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - db-secrets.yml diff --git a/namespace-separation-with-file-secrets/services/deployment.yml b/namespace-separation-with-file-secrets/services/deployment.yml new file mode 100644 index 0000000..104df2d --- /dev/null +++ b/namespace-separation-with-file-secrets/services/deployment.yml @@ -0,0 +1,9 @@ +deployments: + - path: ui + - path: echo-headers + - path: nginx-helm + +commonLabels: + kluctl-example/environment: "{{ args.environment }}" + +overrideNamespace: {{ namespaces.services }} diff --git a/namespace-separation-with-file-secrets/services/echo-headers/deploy.yml b/namespace-separation-with-file-secrets/services/echo-headers/deploy.yml new file mode 100644 index 0000000..7bd7cf3 --- /dev/null +++ b/namespace-separation-with-file-secrets/services/echo-headers/deploy.yml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: echo-headers-deployment + labels: + app: echo-headers +spec: + replicas: 3 + selector: + matchLabels: + app: echo-headers + template: + metadata: + labels: + app: echo-headers + spec: + containers: + - name: echo-headers + image: "{{ images.get_image('mendhak/http-https-echo') }}" + ports: + - containerPort: 80 diff --git a/namespace-separation-with-file-secrets/services/echo-headers/kustomization.yml b/namespace-separation-with-file-secrets/services/echo-headers/kustomization.yml new file mode 100644 index 0000000..b24bc32 --- /dev/null +++ b/namespace-separation-with-file-secrets/services/echo-headers/kustomization.yml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - deploy.yml diff --git a/namespace-separation-with-file-secrets/services/nginx-helm/helm-chart.yml b/namespace-separation-with-file-secrets/services/nginx-helm/helm-chart.yml new file mode 100644 index 0000000..6f81903 --- /dev/null +++ b/namespace-separation-with-file-secrets/services/nginx-helm/helm-chart.yml @@ -0,0 +1,6 @@ +helmChart: + repo: https://charts.bitnami.com/bitnami + chartName: nginx + chartVersion: 11.1.5 #12.0.0 + releaseName: nginx + output: deploy.yml diff --git a/namespace-separation-with-file-secrets/services/nginx-helm/helm-values.yml b/namespace-separation-with-file-secrets/services/nginx-helm/helm-values.yml new file mode 100644 index 0000000..cfc1344 --- /dev/null +++ b/namespace-separation-with-file-secrets/services/nginx-helm/helm-values.yml @@ -0,0 +1,9 @@ +resources: +limits: + cpu: 100m + memory: 128Mi +requests: + cpu: 100m + memory: 128Mi + +replicaCount: {{ scale.nginx }} diff --git a/namespace-separation-with-file-secrets/services/nginx-helm/kustomization.yml b/namespace-separation-with-file-secrets/services/nginx-helm/kustomization.yml new file mode 100644 index 0000000..b24bc32 --- /dev/null +++ b/namespace-separation-with-file-secrets/services/nginx-helm/kustomization.yml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - deploy.yml diff --git a/namespace-separation-with-file-secrets/services/ui/deploy.yml b/namespace-separation-with-file-secrets/services/ui/deploy.yml new file mode 100644 index 0000000..7f78a64 --- /dev/null +++ b/namespace-separation-with-file-secrets/services/ui/deploy.yml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ui + labels: + app: ui +spec: + replicas: {{ scale.nginx }} + selector: + matchLabels: + app: ui + template: + metadata: + labels: + app: ui + spec: + containers: + - name: nginx + image: "{{ images.get_image('nginx') }}" + ports: + - containerPort: 80 diff --git a/namespace-separation-with-file-secrets/services/ui/kustomization.yml b/namespace-separation-with-file-secrets/services/ui/kustomization.yml new file mode 100644 index 0000000..4c846b2 --- /dev/null +++ b/namespace-separation-with-file-secrets/services/ui/kustomization.yml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yml + - deploy.yml diff --git a/namespace-separation-with-file-secrets/services/ui/namespace.yml b/namespace-separation-with-file-secrets/services/ui/namespace.yml new file mode 100644 index 0000000..1b561a9 --- /dev/null +++ b/namespace-separation-with-file-secrets/services/ui/namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: "{{ args.environment }}" From fb2ff1275836869d394e5ea42fc9f689471def08 Mon Sep 17 00:00:00 2001 From: Mathias Gebbe Date: Fri, 3 Jun 2022 22:26:40 +0200 Subject: [PATCH 2/5] fix: use kind context for test as well. --- namespace-separation-with-file-secrets/.kluctl.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/namespace-separation-with-file-secrets/.kluctl.yml b/namespace-separation-with-file-secrets/.kluctl.yml index ed7273c..c1bec28 100644 --- a/namespace-separation-with-file-secrets/.kluctl.yml +++ b/namespace-separation-with-file-secrets/.kluctl.yml @@ -7,7 +7,7 @@ targets: secretSets: - dev - name: test - context: dev-dce-t1-hellmann-net + context: kind-kind args: environment: test sealingConfig: From 7043468ed056201b1384f129676e4d55436218fe Mon Sep 17 00:00:00 2001 From: Mathias Gebbe Date: Sat, 4 Jun 2022 23:15:35 +0200 Subject: [PATCH 3/5] feat: modify multiply namespace example --- .../.kluctl.yml | 2 ++ .../persistency/mongodb/dev/db-secrets.yml | 20 +++++++++++ .../.secrets-dev.yaml | 4 +++ .../.secrets-test.yaml | 4 +++ .../misc/deployment.yml | 7 +--- .../persistency/mongodb/deploy.yml | 35 +++++++++++++++++++ .../persistency/mongodb/kustomization.yml | 1 + .../services/deployment.yml | 2 ++ 8 files changed, 69 insertions(+), 6 deletions(-) create mode 100644 namespace-separation-with-file-secrets/.sealed-secrets/persistency/mongodb/dev/db-secrets.yml create mode 100644 namespace-separation-with-file-secrets/.secrets-dev.yaml create mode 100644 namespace-separation-with-file-secrets/.secrets-test.yaml create mode 100644 namespace-separation-with-file-secrets/persistency/mongodb/deploy.yml diff --git a/namespace-separation-with-file-secrets/.kluctl.yml b/namespace-separation-with-file-secrets/.kluctl.yml index c1bec28..b2fe93e 100644 --- a/namespace-separation-with-file-secrets/.kluctl.yml +++ b/namespace-separation-with-file-secrets/.kluctl.yml @@ -15,6 +15,8 @@ targets: - test secretsConfig: + sealedSecrets: + namespace: kube-system secretSets: - name: dev vars: diff --git a/namespace-separation-with-file-secrets/.sealed-secrets/persistency/mongodb/dev/db-secrets.yml b/namespace-separation-with-file-secrets/.sealed-secrets/persistency/mongodb/dev/db-secrets.yml new file mode 100644 index 0000000..78ea33d --- /dev/null +++ b/namespace-separation-with-file-secrets/.sealed-secrets/persistency/mongodb/dev/db-secrets.yml @@ -0,0 +1,20 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + annotations: + kluctl.io/sealedsecret-cluster-id: 7d5c4b6511b59705c0650e22e629fe7117c88cc8b7f998d347f12315500218f2 + kluctl.io/sealedsecret-hashes: | + DB_PASSWORD: cef37fae17edb51eecbf9075b245193ff9f702d49514ec3203fd68e0a587903320c87e9e730dc444aceda0d67dac38b13bb1c48b36a05137b336ac95143d09db + DB_USERNAME: f6ffaea0a713daa105fc9363f6491f62b0a8ae6bc1d78d746e979ef0c70af96630197fb1cf6351277151e9986c53038b041aba5adb96e7a417b3819c9f2504ed + sealedsecrets.bitnami.com/scope: strict + name: db-secrets + namespace: kluctl-examples-dev-persistency +spec: + encryptedData: + DB_PASSWORD: AQA5Hzu+FSaq7ApTQXaClDHfQvLZiHkDH0SaM3/H4BWWUwo1jJqDqXSj8Q+LFiTtFdN4abWM3hWdv0dMTViDcTPpcgxYFGyI99A5JYJZPnecD9A5gTTgf8yFD1ku7JQqyJtv63bg/2A+QBPXNAb5g418khRNMWPvpGG8BBqYOUkiKxd7bxCmBh83hdlc103rphsSgCOcHHb7uhx315zbeuK/PzwXz8mk+c/YZzsTxJ0wGGwFCZ3DxrnVfkVQVWg8Y7oQCqodvcGgL0EoPOUWDPVbrv+sCzMz08rQw72Qgp+ARm9ZdO2ilYMEsA/GdhKSlvLRSIGAncIoPHaZO4/+J7MEWxdo2+n6I+k7ZH6v4qWNnH5YS/sGEEpA + DB_USERNAME: AQCAJA9CKWZ+JsH+evTWKiZPGwnZgAIsRvJdJ9OgUWsR11KoCURWIXOOrtYQuoyCT0/f7Pn5NvE/BqHwWWdlM7DSYVjZnysphbIDtJ9DHF4s2eqO4CJXSCneKqM6tLnk7+4A0KUyb8CYxXE9AX7bNf26hHlSjOHqJ+VDDuUATx4Pg1hPzopjy6oKu/w4wwBvciZMNhhyGDoq+o1ByTcJ1CXywoSXjpxgyb8SE4+IC905/d5XLns1e84D32s52W848XLi/6MeRmAzUIw4uZcbmaBTKcpyW/Up0UwcdjgKq5OpvFb7svTux4vRZiDkhNYxEQzP2NeXd+PQfxiOAX1S2JDQkn9Cwut3879jlbEp48zRTqRm5/Af + template: + metadata: + name: db-secrets + namespace: kluctl-examples-dev-persistency + type: Opaque diff --git a/namespace-separation-with-file-secrets/.secrets-dev.yaml b/namespace-separation-with-file-secrets/.secrets-dev.yaml new file mode 100644 index 0000000..1cc7f75 --- /dev/null +++ b/namespace-separation-with-file-secrets/.secrets-dev.yaml @@ -0,0 +1,4 @@ +secrets: + mongo: + username: admin + password: password diff --git a/namespace-separation-with-file-secrets/.secrets-test.yaml b/namespace-separation-with-file-secrets/.secrets-test.yaml new file mode 100644 index 0000000..6f5d975 --- /dev/null +++ b/namespace-separation-with-file-secrets/.secrets-test.yaml @@ -0,0 +1,4 @@ +secrets: + mongo: + username: mongo + password: mongo diff --git a/namespace-separation-with-file-secrets/misc/deployment.yml b/namespace-separation-with-file-secrets/misc/deployment.yml index f0d63d2..2ed7934 100644 --- a/namespace-separation-with-file-secrets/misc/deployment.yml +++ b/namespace-separation-with-file-secrets/misc/deployment.yml @@ -1,9 +1,4 @@ deployments: - {% if args.environment == 'dev' %} - path: sealed-secrets-operator - {% endif %} -commonLabels: - kluctl-example/environment: "{{ args.environment }}" - -overrideNamespace: {{ namespaces.misc }} +overrideNamespace: kube-system diff --git a/namespace-separation-with-file-secrets/persistency/mongodb/deploy.yml b/namespace-separation-with-file-secrets/persistency/mongodb/deploy.yml new file mode 100644 index 0000000..f388626 --- /dev/null +++ b/namespace-separation-with-file-secrets/persistency/mongodb/deploy.yml @@ -0,0 +1,35 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mongodb-deployment + labels: + app: mongodb +spec: + replicas: 1 + selector: + matchLabels: + app: mongodb + template: + metadata: + labels: + app: mongodb + spec: + containers: + - name: mongodb + image: mongo:5 + ports: + - containerPort: 27017 + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: db-secrets + key: DB_USERNAME + optional: false + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: db-secrets + key: DB_PASSWORD + optional: false + diff --git a/namespace-separation-with-file-secrets/persistency/mongodb/kustomization.yml b/namespace-separation-with-file-secrets/persistency/mongodb/kustomization.yml index 17036b1..7834ae2 100644 --- a/namespace-separation-with-file-secrets/persistency/mongodb/kustomization.yml +++ b/namespace-separation-with-file-secrets/persistency/mongodb/kustomization.yml @@ -3,3 +3,4 @@ kind: Kustomization resources: - db-secrets.yml + - deploy.yml diff --git a/namespace-separation-with-file-secrets/services/deployment.yml b/namespace-separation-with-file-secrets/services/deployment.yml index 104df2d..a963d60 100644 --- a/namespace-separation-with-file-secrets/services/deployment.yml +++ b/namespace-separation-with-file-secrets/services/deployment.yml @@ -1,5 +1,7 @@ deployments: + {% if args.environment == 'dev' %} - path: ui + {% endif %} - path: echo-headers - path: nginx-helm From b6008208cffec6b10752b9443dbeb4e399fefc1c Mon Sep 17 00:00:00 2001 From: Mathias Gebbe Date: Sat, 4 Jun 2022 23:19:54 +0200 Subject: [PATCH 4/5] docs: modify readme / add example --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7f3f0c9..6a694b2 100644 --- a/README.md +++ b/README.md @@ -21,4 +21,6 @@ target cluster and the deployment is defined externally. You can configure the r give a first impression how kluctl and Helm work together. 4. [microservices-demo](microservices-demo): This example is a more complex one and contains the files for the [microservices tutorial](https://kluctl.io/docs/guides/tutorials/microservices-demo/) inspired by the -[Google Online Boutique Demo](https://github.com/GoogleCloudPlatform/microservices-demo). \ No newline at end of file +[Google Online Boutique Demo](https://github.com/GoogleCloudPlatform/microservices-demo). +5. [namespace-separation-with-file-secrets](namespace-separation-with-file-secrets): This example shows a separation +to different dynamic namespaces and variables loaded for the corresponding environment. From 4fd530ff2665d436b7379491e72cb500be0a0fc8 Mon Sep 17 00:00:00 2001 From: Mathias Gebbe Date: Sat, 4 Jun 2022 23:23:05 +0200 Subject: [PATCH 5/5] feat: remove sealed secret --- .../persistency/mongodb/dev/db-secrets.yml | 20 ------------------- 1 file changed, 20 deletions(-) delete mode 100644 namespace-separation-with-file-secrets/.sealed-secrets/persistency/mongodb/dev/db-secrets.yml diff --git a/namespace-separation-with-file-secrets/.sealed-secrets/persistency/mongodb/dev/db-secrets.yml b/namespace-separation-with-file-secrets/.sealed-secrets/persistency/mongodb/dev/db-secrets.yml deleted file mode 100644 index 78ea33d..0000000 --- a/namespace-separation-with-file-secrets/.sealed-secrets/persistency/mongodb/dev/db-secrets.yml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - annotations: - kluctl.io/sealedsecret-cluster-id: 7d5c4b6511b59705c0650e22e629fe7117c88cc8b7f998d347f12315500218f2 - kluctl.io/sealedsecret-hashes: | - DB_PASSWORD: cef37fae17edb51eecbf9075b245193ff9f702d49514ec3203fd68e0a587903320c87e9e730dc444aceda0d67dac38b13bb1c48b36a05137b336ac95143d09db - DB_USERNAME: f6ffaea0a713daa105fc9363f6491f62b0a8ae6bc1d78d746e979ef0c70af96630197fb1cf6351277151e9986c53038b041aba5adb96e7a417b3819c9f2504ed - sealedsecrets.bitnami.com/scope: strict - name: db-secrets - namespace: kluctl-examples-dev-persistency -spec: - encryptedData: - DB_PASSWORD: AQA5Hzu+FSaq7ApTQXaClDHfQvLZiHkDH0SaM3/H4BWWUwo1jJqDqXSj8Q+LFiTtFdN4abWM3hWdv0dMTViDcTPpcgxYFGyI99A5JYJZPnecD9A5gTTgf8yFD1ku7JQqyJtv63bg/2A+QBPXNAb5g418khRNMWPvpGG8BBqYOUkiKxd7bxCmBh83hdlc103rphsSgCOcHHb7uhx315zbeuK/PzwXz8mk+c/YZzsTxJ0wGGwFCZ3DxrnVfkVQVWg8Y7oQCqodvcGgL0EoPOUWDPVbrv+sCzMz08rQw72Qgp+ARm9ZdO2ilYMEsA/GdhKSlvLRSIGAncIoPHaZO4/+J7MEWxdo2+n6I+k7ZH6v4qWNnH5YS/sGEEpA - DB_USERNAME: AQCAJA9CKWZ+JsH+evTWKiZPGwnZgAIsRvJdJ9OgUWsR11KoCURWIXOOrtYQuoyCT0/f7Pn5NvE/BqHwWWdlM7DSYVjZnysphbIDtJ9DHF4s2eqO4CJXSCneKqM6tLnk7+4A0KUyb8CYxXE9AX7bNf26hHlSjOHqJ+VDDuUATx4Pg1hPzopjy6oKu/w4wwBvciZMNhhyGDoq+o1ByTcJ1CXywoSXjpxgyb8SE4+IC905/d5XLns1e84D32s52W848XLi/6MeRmAzUIw4uZcbmaBTKcpyW/Up0UwcdjgKq5OpvFb7svTux4vRZiDkhNYxEQzP2NeXd+PQfxiOAX1S2JDQkn9Cwut3879jlbEp48zRTqRm5/Af - template: - metadata: - name: db-secrets - namespace: kluctl-examples-dev-persistency - type: Opaque