mirror of
https://github.com/ghndrx/homelab-gitops.git
synced 2026-02-10 06:44:57 +00:00
124a29a0a9
- Add root ApplicationSet using Git Directory Generator - Configure AppProjects for infrastructure and apps separation - Add cert-manager with Let's Encrypt ClusterIssuers (staging/prod) - Add SOPS configuration for age-encrypted secrets - Add bootstrap documentation (docs/BOOTSTRAP.md) - Scaffold infrastructure dirs (networking, storage, monitoring) - Update README with quick start and architecture GitOps pattern: directories auto-discovered by ArgoCD ApplicationSets Reference: CNCF App-of-Apps best practices 2025
32 lines
1.1 KiB
YAML
32 lines
1.1 KiB
YAML
# .sops.yaml
|
|
# SOPS configuration for encrypting Kubernetes secrets
|
|
# Generate age key: age-keygen -o key.txt
|
|
# Export: export SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt
|
|
# Encrypt: sops -e -i secret.yaml
|
|
# Decrypt: sops -d secret.yaml
|
|
#
|
|
# Reference: https://github.com/getsops/sops
|
|
|
|
creation_rules:
|
|
# Infrastructure secrets (networking, storage, monitoring)
|
|
- path_regex: infrastructure/.*/.*secret.*\.yaml$
|
|
encrypted_regex: ^(data|stringData)$
|
|
age: >-
|
|
age1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
|
|
# Application secrets
|
|
- path_regex: apps/.*/.*secret.*\.yaml$
|
|
encrypted_regex: ^(data|stringData)$
|
|
age: >-
|
|
age1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
|
|
# Cluster-specific secrets
|
|
- path_regex: clusters/.*/.*secret.*\.yaml$
|
|
encrypted_regex: ^(data|stringData)$
|
|
age: >-
|
|
age1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
|
|
# NOTE: Replace the age public key above with your actual key
|
|
# The encrypted_regex ensures only data/stringData fields are encrypted,
|
|
# leaving metadata readable for GitOps tooling
|