added cloudflare api key, sops encrypted version, and kustomization

2026-03-22 16:38:02 +13:00 · 2026-03-22 16:38:02 +13:00 · 8c93f3486a
parent b33a92df5d
commit 8c93f3486a
4 changed files with 41 additions and 0 deletions
--- a/infrastructure/certmanager/.sops.yaml
+++ b/infrastructure/certmanager/.sops.yaml
@ -0,0 +1,3 @@
 creation_rules:
  - path_regex: '.*\.yaml$'
    age: age15hfu6avfx8egwkhydm6yst3arep70sklrh7eah05wslud3v90vyqrpph4j
--- a/infrastructure/certmanager/cloudflareapikey.enc.yaml
+++ b/infrastructure/certmanager/cloudflareapikey.enc.yaml
@ -0,0 +1,23 @@
 apiVersion: ENC[AES256_GCM,data:Hag=,iv:1f4CAyLIzzvEFwmWVAm35vlHX0lJTMWxi0K5m+TkI20=,tag:R4hRY43pmjNNF41LB8AhKg==,type:str]
 kind: ENC[AES256_GCM,data:mCTDAVLb,iv:TSIGjqjQVjXumYhk1zSwDU64hwpNneysMv0ybyIeODE=,tag:X53fHlgw5VAGCPBM0+3xOQ==,type:str]
 metadata:
    name: ENC[AES256_GCM,data:6FmuiIZQR9HZngWHKiQIIjpN,iv:T4VtvkGCwkqgo4fMMTvwMw9pH85biwi5Trb5xJa0wBs=,tag:R1lDINdYizF6eFUVEPUhUg==,type:str]
    namespace: ENC[AES256_GCM,data:qFv1fMdoG+YGgV4s,iv:Vl3UFxq7J1IaKk/6ssyB2Wob1JV+J78zHB0TAhhHdFM=,tag:RpASN0/yTfc1ANSkck4FxA==,type:str]
 type: ENC[AES256_GCM,data:fzU0AxBh,iv:Rh9a+3BS4fFlC5ZNdgiK+4VfhN9fwQ7mG6ZQEJqxU+E=,tag:wJT8bumEo9WJhKJPsIAFgw==,type:str]
 stringData:
    token: ENC[AES256_GCM,data:TewnG+eR339PJTrJcnVZy/R2ZR8WQdxJRx1ma9BSsL077XcLq4wba41fdAOzkHAcn3SS8Fc=,iv:0sy1X4vmP93db3b7JwPzn46qGOseE48K+f0goEmYGSI=,tag:kJ85hYG13reHqFIlWz1ZwQ==,type:str]
 sops:
    age:
        - recipient: age15hfu6avfx8egwkhydm6yst3arep70sklrh7eah05wslud3v90vyqrpph4j
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByWWN2QTlFU1NaZm9VNFUr
            MEJmMnZnTXZkR1V5U00xL0V2YWpuMkFVT3lBCnM4Y0NhTndySU5EdlV5OGlSVmNN
            UVliaUlxN0o2ZnByTG9sUXBkZE1meGcKLS0tIGRaZElTRVNvbStOSUo0OGRYbGRw
            Y0Y2RFdvcGFaUU5SbmI2TmZEc21zWFkK+AsM03RbilD41nUsBFx/OzE8crIGm9iJ
            5N2qwqAdNyLCiy46RoZhSwwcJEp9wT00DT7Ey23vHEzLMnAuK1dQ9A==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-03-22T03:32:30Z"
    mac: ENC[AES256_GCM,data:yL6EqGeq5ue0F+CAYxna7igiItXKp+EbraqESPkTbMQeuWWK97RIzoxbMBaj8i/8DfhOaQKoH6kz1BoYu9/kH6ZfAIalRcyN/3qzK1xJzGIqgsidKuPtr6DuiXs3YIPBW8PIRCnJuEZlKV4cscXg8fIVLhTxB/9p8MJVfjJ1rHk=,iv:CeD/as5DStyhslAvb80uXn2vLMZAjWkSW3TR4GG3f7E=,tag:PH0wSXuZ2eNdp35oII9uVQ==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.1
--- a/infrastructure/certmanager/clusterissuer.yaml
+++ b/infrastructure/certmanager/clusterissuer.yaml
@ -0,0 +1,14 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt
 spec:
  acme:
    email: jethro.cotton3@gmail.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-account-key
    solvers:
      - http01:
          ingress:
            class: traefik
--- a/infrastructure/certmanager/kustomization.yaml
+++ b/infrastructure/certmanager/kustomization.yaml
@ -3,3 +3,4 @@ kind: Kustomization
 resources:
  - namespace.yaml
  - helmrelease.yaml
  - cloudflareapikey.enc.yaml