diff --git a/k8s/infrastructure/keycloak/helmrelease.yaml b/k8s/infrastructure/keycloak/helmrelease.yaml index 29d91a5..83bda1d 100644 --- a/k8s/infrastructure/keycloak/helmrelease.yaml +++ b/k8s/infrastructure/keycloak/helmrelease.yaml @@ -14,7 +14,7 @@ spec: chart: spec: chart: keycloak - version: "21.*" + version: "24.*" sourceRef: kind: HelmRepository name: bitnami diff --git a/k8s/infrastructure/kustomization.yaml b/k8s/infrastructure/kustomization.yaml index 66c3f14..166b5e2 100644 --- a/k8s/infrastructure/kustomization.yaml +++ b/k8s/infrastructure/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - helmrepositories.yaml + - sops - longhorn/helmrelease.yaml - cert-manager/helmrelease.yaml - observability diff --git a/k8s/infrastructure/observability/kube-prometheus-stack.yaml b/k8s/infrastructure/observability/kube-prometheus-stack.yaml index 58524d2..1170007 100644 --- a/k8s/infrastructure/observability/kube-prometheus-stack.yaml +++ b/k8s/infrastructure/observability/kube-prometheus-stack.yaml @@ -35,8 +35,10 @@ spec: - "192.168.51.203:9100" - "192.168.51.202:9100" grafana: - adminPassword: + admin: existingSecret: grafana-admin-secret + userKey: admin-user + passwordKey: admin-password ingress: enabled: true annotations: diff --git a/k8s/infrastructure/observability/loki.yaml b/k8s/infrastructure/observability/loki.yaml index 5d9c268..d560ecd 100644 --- a/k8s/infrastructure/observability/loki.yaml +++ b/k8s/infrastructure/observability/loki.yaml @@ -22,9 +22,16 @@ spec: type: filesystem limits_config: retention_period: 14d + auth_enabled: false singleBinary: replicas: 1 persistence: enabled: true storageClass: longhorn size: 20Gi + read: + replicas: 0 + write: + replicas: 0 + backend: + replicas: 0 diff --git a/k8s/infrastructure/sops/cloudflare-api-token-secret.yaml b/k8s/infrastructure/sops/cloudflare-api-token-secret.yaml new file mode 100644 index 0000000..2a0fd62 --- /dev/null +++ b/k8s/infrastructure/sops/cloudflare-api-token-secret.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare-api-token + namespace: cert-manager +stringData: + api-token: ENC[AES256_GCM,data:QA8mDTQa7FSUBZ6YOLj0pqcfh4cnbnfvMLRnB0B7ULJh/YnfghsV2g==,iv:MZ6zfXmoVetKURmspakyny7R4iPdc4BdtPZDESsFi+w=,tag:T3DV/DY9ZBqqG+GXu9bHUA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNTkvV09BLzdzYTRwelli + anM5Y1hNOTRKMi9oUFZ6YXhlTkJMUG1jd1g0Ck42cHJZSmFpdnRjTlZZZ0Z4SUNJ + NjIrd0RNeWZqZFFpMzNNaU1Md2JteG8KLS0tIGdkMVFNK1NQRGY5a3ROUjNiazNl + NVZZbUU4M0lOaEl3WUNFMUNpMExlUFUKTW4VX8WygcukZa357L4kRHPSOHSB/TTr + tB97WTi6mk+jONGbhxRnVx+DQshCAZo54/Sffu71+N0CWhEGu6plRg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-10T05:17:08Z" + mac: ENC[AES256_GCM,data:iqgrbG5fkZOrmwMIvPirllwInQOUn/1ooQm1VV3afThwOdh72wjK3hGsi4dh+kzXZoe92Hniu2nuzMs1cg04ac9ZukfT4W/tLPOSAnr727h6vJe0y4ObMu4RM7CrEJMR/3SQBSWt51AN1dHbMoTc8zdL2qRrZzxxWUqywv9Zygk=,iv:HGcw/Cr0oqUV75abbmB/iIDH6/BOy7bUOiWnf2KvqN0=,tag:TerTxRAp2tRSDg0cexJqfg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.4 diff --git a/k8s/infrastructure/sops/grafana-admin-secret.yaml b/k8s/infrastructure/sops/grafana-admin-secret.yaml new file mode 100644 index 0000000..44a3aa0 --- /dev/null +++ b/k8s/infrastructure/sops/grafana-admin-secret.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Secret +metadata: + name: grafana-admin-secret + namespace: observability +stringData: + admin-password: ENC[AES256_GCM,data:1r1R7/u78lSEJJ0mvyZzLwWrw4wRiZv/3AcgGGHjr7Y=,iv:vIe0wu0YPKK1p2WgKt71DumxbBKYctCHhZwO1DsTEAM=,tag:TvYSeRiQHgF3uSZ3SCXr8A==,type:str] + admin-user: ENC[AES256_GCM,data:bDIkVxY=,iv:wpwxDML0y3P4NIkMOGPA7kRaUpbm3oHXdkgT3SuER9E=,tag:uIsIwd5hV+uyLOH4ICF2eQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArRXN4MTYrMklDVnVmd3p4 + YzREaU10L1RKTW9CRlBienhiNzVQNWdHbWxRClpUYXVLa0cxd1dHMzM3VjF4amEz + RjhldFJSYjEzem9VQ01YRGNIKzRSQk0KLS0tIHBYd0h2c1VHZitQbHZvN2RZVDVB + U0tCeVg5YkVtQlpVTHptMXdhSTVCL1EK/rVeXSS+gGLj6ebZXvTHLK9dF+9TmMCM + tNRHgknT6s67ipbGqOTaHJS/+8nE/iS4ISm4XQmbORanVDnl/8zk8Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-10T05:17:08Z" + mac: ENC[AES256_GCM,data:3viJNrbKI5jVesurwX3SruzRKeEqeyTByPoQZEgIAkoZcyem7M0S5s5GnYEPGDul7tJzoH25+u8QuUGbjtKLQSht6hppJh37Y8PVOy6LUpS+8IIZ4QqVNiyRGjISFcRUAmesm4KGvyFufe03VhmiLoJ7PNQGjwzR7gXpvEd+zs4=,iv:Q+rna95peLTNqHwjXGr0JHHLeH0NyHNVOQyzYhtjInU=,tag:Y8DqtOBxc0wHseMYoCWp5A==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.4 diff --git a/k8s/infrastructure/sops/keycloak-secrets.yaml b/k8s/infrastructure/sops/keycloak-secrets.yaml new file mode 100644 index 0000000..f537f3c --- /dev/null +++ b/k8s/infrastructure/sops/keycloak-secrets.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: Secret +metadata: + name: keycloak-admin-secret + namespace: keycloak +stringData: + admin-password: ENC[AES256_GCM,data:+7omuVTQ4qU9uCZEujGcoSG/h+y0WgNhNw1esbMdhI0=,iv:k3sWbvscqkjnYnAi7DOxlKbJFR5h03VxH3OFA3UfvX8=,tag:iniKOfnUXn9ypYQtjXIoJw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXYXpsUWx6YmlqR1B4djJo + Tm9XcjQ4VmU4TU9heUpHU3lkSk1ESTY1cEFrClRPeWtaUFdxOHlrYUxmdVo5UVNV + WkNXaE5XbThjU1ZwZ1VqNDF1MnFNdDQKLS0tIEFvYkQyemZZaEsvMmJaYkJMTTVK + cklsUElqZ05DN290T2h5dlZTbjFvM1EKCxexgWQdHMAEHxoZaTvLcYZev0llmPwq + GsFTPX9yb2HvIP5WVg16Pe2snhyObUwK86yh9ELkH+646gFnEfNFtg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-10T05:17:08Z" + mac: ENC[AES256_GCM,data:JUnkiyPDixjze1A/xe2n9JntotPStrSiq9gjJLs0tT90QMtGCbo63FE8tNUHtRt7tAasDdc7fC0iKUoo1ZRhmZErVr0VxUOk7WTBUedi35W577XRw4hfjF1UiSI5ZGJatZh3LAtBpmOfyeLMYL+tG6NlgVj6ekKD6gubQXQ0REQ=,iv:1nUt5xPpXS0Fqn31LYpeILpB+2TUd0UElvZh+OIGcBg=,tag:hyAIjSFwgiQmXZDP9zn7BA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.4 +--- +apiVersion: v1 +kind: Secret +metadata: + name: keycloak-db-secret + namespace: keycloak +stringData: + password: ENC[AES256_GCM,data:odKIDsYeo1Q/mSHfAK3AUJxUZD91nouEx6ox7wIbfKka+7+Q4gJDGryGzg==,iv:v2havxWV5OA9iab3sPe0wvdLw18BaUl5vaV1+IBnEE0=,tag:Lh4VZ2mEPozA0VZico5SYA==,type:str] + db-password: ENC[AES256_GCM,data:WqDfJASxz7/Oyz31L4xBj4mQvNczN6Pdd9s0FobjWilGz8L49uZkZtEChg==,iv:CgeiQ14EP2LYjMvJwZDi3b7pHgVn58tgpcbec2kqxAY=,tag:cRJV9KzWjkLzcqzVsXrmcQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXYXpsUWx6YmlqR1B4djJo + Tm9XcjQ4VmU4TU9heUpHU3lkSk1ESTY1cEFrClRPeWtaUFdxOHlrYUxmdVo5UVNV + WkNXaE5XbThjU1ZwZ1VqNDF1MnFNdDQKLS0tIEFvYkQyemZZaEsvMmJaYkJMTTVK + cklsUElqZ05DN290T2h5dlZTbjFvM1EKCxexgWQdHMAEHxoZaTvLcYZev0llmPwq + GsFTPX9yb2HvIP5WVg16Pe2snhyObUwK86yh9ELkH+646gFnEfNFtg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-10T05:17:08Z" + mac: ENC[AES256_GCM,data:JUnkiyPDixjze1A/xe2n9JntotPStrSiq9gjJLs0tT90QMtGCbo63FE8tNUHtRt7tAasDdc7fC0iKUoo1ZRhmZErVr0VxUOk7WTBUedi35W577XRw4hfjF1UiSI5ZGJatZh3LAtBpmOfyeLMYL+tG6NlgVj6ekKD6gubQXQ0REQ=,iv:1nUt5xPpXS0Fqn31LYpeILpB+2TUd0UElvZh+OIGcBg=,tag:hyAIjSFwgiQmXZDP9zn7BA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.4 diff --git a/k8s/infrastructure/sops/kustomization.yaml b/k8s/infrastructure/sops/kustomization.yaml new file mode 100644 index 0000000..33a1f18 --- /dev/null +++ b/k8s/infrastructure/sops/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - cloudflare-api-token-secret.yaml + - grafana-admin-secret.yaml + - keycloak-secrets.yaml + - openldap-admin-secret.yaml + - vaultwarden-db-secret.yaml diff --git a/k8s/infrastructure/sops/openldap-admin-secret.yaml b/k8s/infrastructure/sops/openldap-admin-secret.yaml new file mode 100644 index 0000000..370645c --- /dev/null +++ b/k8s/infrastructure/sops/openldap-admin-secret.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Secret +metadata: + name: openldap-admin-secret + namespace: openldap +stringData: + LDAP_ADMIN_PASSWORD: ENC[AES256_GCM,data:u69FlYAUXTp/kJM9BjAWkF/D/FsyVs/J0iw9Ce+Xb3Tzezug7utPSG2vCQ==,iv:4JzdvYo9aJnRxJ/Z1y6NNy2UDabhdz4ZLv9T/xppoZU=,tag:H42jy7Oc+VmB1rw50RT4uQ==,type:str] + LDAP_CONFIG_PASSWORD: ENC[AES256_GCM,data:R3suEzlwbXL3rxuMrFzfU7GecwAsGWwC6vwi3rLKggabwjyTn1o6WwKQBQ==,iv:6n49F2OZduSgqxOmsHfG4oqGetUtfQQZj9KC83I2jxM=,tag:N2XdR5biaBvgGhraVyi6qQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvSFhIR1lPNXB6MVAzcVli + TlByS3FKSU9yUjc3dmRjcjQxVS9NWXJLdjB3ClA0Ui9JYXZ3Y0IyYmorRWhubGI1 + S3BRK21rb2h3WjFFMkZtczRhYXhGdFUKLS0tIFc5VDMzTEdSbjRyUE1lNmhtMXQv + bFhQSE9ESTk5MmZzUC9vVGxjbEZkVVEKBlVzIEYzjWgp8oHsuRTblhINql+6aPaj + /FDJ0YS+vpcURONG5rKN1AnOqVLX2d7uO/GQWcYIwMdM/M1/I0+Rlw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-10T05:17:09Z" + mac: ENC[AES256_GCM,data:tGFthRkv03eScjWoFiyUTFRGimHrd2jO87RTTEYaV4iD80+81p52/A47JIuV+F6xWCGBUEJX430alF+jEtCuxgpDKvNbxMwBZODeX0zRPdu/oHhbApaAY40braqyXOYT/Oeo3SBe3oa0bBta8tQorn9N2Tr5PRVI6PbdQVjF1KQ=,iv:eC63jq1DgWqTvx9yjQPb0qP5uHqDPJ/mYnKfqtt/He4=,tag:B1spspFMv6ajqrDgWti5HQ==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.4 diff --git a/k8s/infrastructure/sops/vaultwarden-db-secret.yaml b/k8s/infrastructure/sops/vaultwarden-db-secret.yaml new file mode 100644 index 0000000..dc98069 --- /dev/null +++ b/k8s/infrastructure/sops/vaultwarden-db-secret.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: vaultwarden-db-secret + namespace: vaultwarden +stringData: + DATABASE_URL: ENC[AES256_GCM,data:2F8b0trMlUH9trR+ktKQUhlpPCls+D0HAvK6Y4Q0NPfBA+UVDj1IyquPZ0W2HUuiGQp9MYdi2GmZtHDfzJzHdRtZCxLVVQ314u/EmgbKVvmjmD9XXuoiIlvQ/5UEGi5BMC4HDb7kDh8=,iv:/UJ7twIJ5Bk0JhiRXVPyH63OUbKTCeUOTdA0J12Lfls=,tag:D5oRx38eRkVgUD61pRGU2A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDK3VXN3pQSTB5RHRvMERQ + QkozZFFBQXd1ZVNySElvdTlCaURKdlo5K0E4Clg5eTFiZFNnWjQrQk14TERveGtp + c3BjcnZpS2NIQitGc0tjY2tNUEluS1UKLS0tIGwrdlMyTGxzUm9URjBtUlFyOHZN + RkRDOTNCY3JpSWxTcCtsQ2tEU2k0MzgKjAbEwqpAkPjdKlILTUqCIiw/jjRTXGfQ + kRiZNGfem40rw8pJ813Q5zw6SGE7hWoFw11k6PbiL59U/7cXSuRw/w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-10T05:17:09Z" + mac: ENC[AES256_GCM,data:BWd3f8rIIMdQRyh3ZO1Fg+KiNGDWtHH9lQE+gPiE2R8LTxHGxtX95qdbsAnocCdCjDgXEgNQnMPWwV1eLFQcIZgKQiawnEzjtNoXcdRLpdJDwLzQLTDhy79xQ7apmRMJ/VWJnGmPdtjWuXRuxV4KQ3S5ctUADMAb7YMqewigXnA=,iv:6M2QuR4Y/baL88U1Yz6XEipFiFMOG/X9ogqU7U3slSI=,tag:HHXpFduEwYf6W91QmAFeDw==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.4 diff --git a/k8s/pg-init/keycloak-db-bootstrap-secret.yaml b/k8s/pg-init/keycloak-db-bootstrap-secret.yaml new file mode 100644 index 0000000..b7449e3 --- /dev/null +++ b/k8s/pg-init/keycloak-db-bootstrap-secret.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: keycloak-db-bootstrap-secret + namespace: pg-init +stringData: + password: ENC[AES256_GCM,data:kQZtoGdJdAORAm/dwPG8WsLUX5jwPBTs49d1+nPZp+ZoMiPm7skrmk/vaA==,iv:27DGN5aQHkxLCXbMWALccjuKfbWbcy5nICLETZiq3rs=,tag:jRqFdI36zfZsf4lknT0FAA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbEJoVUZyYnlBQ0JxbUFv + d2VOYUVPbmxzbmQzR1NRMTNTcW52N3E0aGpRCml0WjNPeHFPZ2ZFbnh2cDhpemJE + ajQ5K0RJNEw3cW9HUzQvaTFDRWtGN00KLS0tIHpNMDZDaG8weDY5dXhzRk5BcGR1 + T0Q4UTZLR1NCb2RjMmFka1UrcDYwVTQKb1nsWORg5fvLPt47vbBfdSv374zyoRb6 + SvfuBAB4DiMD3uj6ZdPvZDw9Vpo/M/1t+17xhFB+r9JpNLpj4KogBg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-10T05:16:28Z" + mac: ENC[AES256_GCM,data:wenlSbJZS7exiRyfpEgam8mEk3+JpTD6RO1ZmOsAcbotSolmCZIhFIjEZlH6KzxXtnq3NdQqLdXXvK74EYBR8UcjSn1aJ2GcojZTY8QVntsvx2Q9v+gB4JD6haqGre9ovVUy6ApktZekEe04F9BX9HVY/ajTFeCZBDfoFe8cv/I=,iv:Q0Q26/qEy29Kjzg09Bl8gYt0GO5l9glHEKhx9PBBylM=,tag:trnnM9a5Lj0raUtEpK3xAQ==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.4 diff --git a/k8s/pg-init/kustomization.yaml b/k8s/pg-init/kustomization.yaml index 598d70e..f6eac90 100644 --- a/k8s/pg-init/kustomization.yaml +++ b/k8s/pg-init/kustomization.yaml @@ -2,5 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml + - pg-init-secret.yaml + - keycloak-db-bootstrap-secret.yaml + - vaultwarden-db-bootstrap-secret.yaml - keycloak-db.yaml - vaultwarden-db.yaml diff --git a/k8s/pg-init/pg-init-secret.yaml b/k8s/pg-init/pg-init-secret.yaml new file mode 100644 index 0000000..8df253f --- /dev/null +++ b/k8s/pg-init/pg-init-secret.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: pg-init-secret + namespace: pg-init +stringData: + password: ENC[AES256_GCM,data:9kCxooPkTvDELyp7BkwOLrH37672R+Qsq1ULO5pAP3sPPlgziM82ABFQxQ==,iv:367xblUY1NYGzhC4CS+oVWnXyoZYlqBEVCVqtBaoCTg=,tag:UyMGAenjrTmlv5vW7+o9Ug==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhM1l1bkhrUis3SzMrd1V6 + cTVqZlJXeHpkVmUrcGxaZmdEYXBCZHoxWkJnCnEyekRzK3RlclBjSmhPdlFyZUsx + ZFRxQTBCWXhuaWFYREtpY1FhUmZ2NGsKLS0tIDh0bWlSSUpab2tHZEluTWQ5U3Bm + NXdiMXA1dFFhdnl2MHZvaDhWajdvaDgKSrQB8S6eF326SiHx/JdnMNLsWJTwIxu6 + G0XbHWvCYBRWad7QKYb5seJLE3RrMrgFKIFbxwBWUr7U57hREnRtDg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-10T05:16:28Z" + mac: ENC[AES256_GCM,data:DGXWckQ1cbEKa83epUG+trnMPlhD2s6fJh49CSX4vWbGfX5BGxS1zfZzOQOUM61XFguHjFZak3+pgE3ol90Sz/6glSHAkf3FsXK5C+iJMhCnkRcFA7Ivlya25drzsA80AeoBp4pKqig+5JSZB/4pqgV1xlSuFsqqGwVAc7JU1pM=,iv:asC0hleogTy9OtgkRol9jTt9Of87ESOAeJO5qDPjUlA=,tag:goh62hcwv6MqeCF2DB/3UQ==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.4 diff --git a/k8s/pg-init/vaultwarden-db-bootstrap-secret.yaml b/k8s/pg-init/vaultwarden-db-bootstrap-secret.yaml new file mode 100644 index 0000000..e3b081c --- /dev/null +++ b/k8s/pg-init/vaultwarden-db-bootstrap-secret.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: vaultwarden-db-bootstrap-secret + namespace: pg-init +stringData: + password: ENC[AES256_GCM,data:DdpkH/G+xMnMISF+6MYMbKyMNyM2F7nE+UIFq6tKQ1B+czfRg0c1+cwMwg==,iv:Kr3QDrBonlCi+qDxIQ4PWCRFAEpvUmLK//969EidzTI=,tag:AOJrh18i2f1w1rhrzQAb1Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSi9sSXF0VWFJdnRFN2ha + NjZMSUROK0lCSzdORmJ2S01NdXBKRnJmc0hNCjIwMXhkbUVFbVZyNmE3NEJHdTI2 + WGhMMzdQN3hKMkE1cCtES1NaSkVWZkEKLS0tIGJYaitFSjJ1RzNsZnoyZU1aYWNK + bEFSOE90NzVsaFdkUzhBbEErN2NpaGMKtuII3EF3A+GCLKzCeHp93jl4EdKEHaEN + 0EDnqZXNm2o7Yl9HqjCgK0jPNWj00WHs/4hS2CzHkfavmqA7KTG72Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-10T05:16:28Z" + mac: ENC[AES256_GCM,data:sk2G0TE7s1mzuceAzLM7ebzkUxYGYeNOD23Fmw7vLCCOmeLXGwpbaoGl0zMvXBjRVa6TgjnXuFH49faYAwfC1QaxlRzM77yA81WtkVIROrKs77/h//wxZxF9WxcvV50zBIw8H1n+mrUHqIABUeL02sxj65BLl1N61Tv/FagFt1M=,iv:iNrlL4Dq+PcmXPV7PqokF0Y68skNJMnvh9DLpvYdghY=,tag:jbR39HU4rxfGtkYZ5pdhtg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.4