Add sops config

2024-12-23 23:52:05 -05:00 · 2024-12-23 23:52:05 -05:00 · 8ab3783a2b
commit 8ab3783a2b
parent cdf20ba9ef
2 changed files with 11 additions and 0 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,10 @@
+creation_rules:
+  - path_regex: (secret|secrets)\.(yml|yaml)$
+    unencrypted_regex: ^(apiVersion|kind|name|namespace|type)$
+    kms: 'arn:aws:kms:us-east-1:140023401248:key/c51c2cc5-4e8e-484d-b2f0-4d4ec2039938'
+    # kms: 
+    #   - arn: 'arn:aws:kms:us-east-1:140023401248:key/c51c2cc5-4e8e-484d-b2f0-4d4ec2039938'
+    #     aws_profile: home
+    age: 'age1k5y5gj5fzpwtjgzqd4n93h4h9ek9jz8898rva5zsgj7zjet97ytq4dtzjs'
+    hc_vault_transit_uri: 'https://vault.balsillie.net:443/v1/sops/keys/krds'
+  
--- a/talos/talos-patch.yaml
+++ b/talos/talos-patch.yaml
@ -9,6 +9,7 @@ cluster:
  extraManifests:
    - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml
    - https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
+    # - https://github.com/kubernetes-csi/csi-driver-nfs/blob/v4.9.0/deploy/example/pv-nfs-csi.yaml # TODO follow link and add individual manifests
    # - https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-v1.11.3/deploy/static/provider/baremetal/deploy.yaml
  inlineManifests:
    - name: calico-installation