steps towards a completely managed cluster

2024-03-20 23:45:08 +01:00
parent 84a47b15b6
commit 443da20ff9
19 changed files with 223 additions and 17 deletions
--- a/infrastructure/sealedsecrets/README.md
+++ b/infrastructure/sealedsecrets/README.md
@@ -0,0 +1,9 @@
+### Restoring sealed secrets
+```bash
+# install the sealed secrets controller
+kubectl kustomize . | kubectl apply -f -
+# restore the sealed secrets
+kubectl apply -f main.key
+# restart pod
+kubectl delete pod -n kube-system -l name=sealed-secrets-controller
+```
--- a/infrastructure/sealedsecrets/controller.yaml
+++ b/infrastructure/sealedsecrets/controller.yaml
@@ -6,7 +6,6 @@ metadata:
  labels:
    name: sealed-secrets-service-proxier
  name: sealed-secrets-service-proxier
-  namespace: kube-system
 rules:
 - apiGroups:
  - ""
@@ -35,7 +34,6 @@ metadata:
  labels:
    name: sealed-secrets-controller
  name: sealed-secrets-controller
-  namespace: kube-system
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@@ -43,7 +41,6 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: sealed-secrets-controller
-  namespace: kube-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -52,7 +49,6 @@ metadata:
  labels:
    name: sealed-secrets-key-admin
  name: sealed-secrets-key-admin
-  namespace: kube-system
 rules:
 - apiGroups:
  - ""
@@ -116,7 +112,6 @@ metadata:
  labels:
    name: sealed-secrets-service-proxier
  name: sealed-secrets-service-proxier
-  namespace: kube-system
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@@ -133,7 +128,6 @@ metadata:
  labels:
    name: sealed-secrets-controller
  name: sealed-secrets-controller
-  namespace: kube-system
 spec:
  minReadySeconds: 30
  replicas: 1
@@ -157,7 +151,7 @@ spec:
        command:
        - controller
        env: []
-        image: docker.io/bitnami/sealed-secrets-controller:v0.23.1
+        image: controller
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
@@ -342,7 +336,6 @@ metadata:
  labels:
    name: sealed-secrets-controller
  name: sealed-secrets-controller
-  namespace: kube-system
 spec:
  ports:
  - port: 8080
@@ -365,7 +358,6 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: sealed-secrets-controller
-  namespace: kube-system
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -374,4 +366,3 @@ metadata:
  labels:
    name: sealed-secrets-controller
  name: sealed-secrets-controller
-  namespace: kube-system
--- a/infrastructure/sealedsecrets/kustomization.yaml
+++ b/infrastructure/sealedsecrets/kustomization.yaml
@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: kube-system
+
+resources:
+  - controller.yaml
+
+images:
+  - name: controller
+    newName: docker.io/bitnami/sealed-secrets-controller
+    newTag: v0.23.1