feat(secrets): add sealed secrets for database and internal configurations

This commit is contained in:
Janis Eccarius
2026-05-30 14:35:06 +02:00
parent 1ed4fc4c33
commit e08bb654b5
6 changed files with 82 additions and 9 deletions
+9 -9
View File
@@ -1,12 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
# Seal each secret with the htwg-1 cluster key before uncommenting:
# kubectl -n nowchess create secret generic <name> ... --dry-run=client -o yaml \
# | kubeseal --controller-namespace kube-system -o yaml > secrets/nowchess/htwg-1-prod/<name>.yaml
# Seal each secret with the htwg-1 cluster key before use:
# kubectl -n <namespace> create secret generic <name> ... --dry-run=client -o yaml \
# | kubeseal --controller-name sealed-secrets --controller-namespace kube-system -o yaml > <file>
resources:
- ../nowchess/htwg-1-prod/ghcr-pull-secret.yaml
- ../nowchess/htwg-1-prod/ncs-jwt-keys.yaml
- ../nowchess/htwg-1-prod/ncs-db-secrets.yaml
- ../nowchess/htwg-1-prod/ncs-internal-secret.yaml
- ../nowchess/htwg-1-prod/remotek6-certs.yaml
- ../postgres/credentials-htwg-1.yaml
- ghcr-pull-secret.yaml
- ncs-jwt-keys.yaml
- ncs-db-secrets.yaml
- ncs-internal-secret.yaml
- remotek6-certs.yaml
- postgres-credentials.yaml