Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Mozilla SOPS decryption #95

Merged
merged 7 commits into from
Sep 2, 2020
Merged

Implement Mozilla SOPS decryption #95

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
b00a841
Refactor kustomization file generation
stefanprodan Sep 1, 2020
86e96a0
Add decryption optional field to API
stefanprodan Sep 1, 2020
7e06af6
Refactor garbage collection
stefanprodan Sep 1, 2020
c605ccf
Implement Mozilla SOPS decryption
stefanprodan Sep 1, 2020
e2743c7
Add SOPS decryption e2e tests
stefanprodan Sep 1, 2020
2f33ba0
Add secrets decryption section to docs
stefanprodan Sep 1, 2020
07f13e5
GPG decryption in contained environment
hiddeco Sep 2, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .github/workflows/e2e.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,11 @@ jobs:
kubectl get ns
kubectl -n kustomize-system delete -k ./config/testdata/overlays
until kubectl get ns staging 2>&1 | grep NotFound ; do sleep 2; done
- name: Run SOPS tests
run: |
kubectl -n kustomize-system apply -k ./config/testdata/sops
kubectl -n kustomize-system wait kustomizations/sops --for=condition=ready --timeout=4m
kubectl -n test2 get secrets/test --template={{.data.password}} | base64 -d | grep test
- name: Logs
run: |
kubectl -n kustomize-system logs deploy/source-controller
Expand Down
8 changes: 7 additions & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,21 +19,27 @@ RUN go mod download
# copy source code
COPY main.go main.go
COPY controllers/ controllers/
COPY internal/ internal/

# build
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o kustomize-controller main.go

FROM alpine:3.12

RUN apk add --no-cache ca-certificates tini git
RUN apk add --no-cache ca-certificates tini git gnupg

COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/
COPY --from=builder /workspace/kustomize-controller /usr/local/bin/

# Create minimal nsswitch.conf file to prioritize the usage of /etc/hosts over DNS queries.
# https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-354316460
RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf

RUN addgroup -S controller && adduser -S -g controller controller

USER controller

ENV GNUPGHOME=/tmp
COPY config/kubeconfig /home/controller/.kube/config

ENTRYPOINT [ "/sbin/tini", "--", "kustomize-controller" ]
4 changes: 4 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,10 @@ docker-build:
docker-push:
docker push ${IMG}

# Set the docker image in-cluster
docker-deploy:
kubectl -n gitops-system set image deployment/kustomize-controller manager=${IMG}

# find or download controller-gen
# download controller-gen if necessary
controller-gen:
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ curl -s https://toolkit.fluxcd.io/install.sh | sudo bash
Install the toolkit controllers in the `gitops-system` namespace:

```bash
tk install
gotk install
```

### Define a Git repository source
Expand Down
16 changes: 16 additions & 0 deletions api/v1alpha1/kustomization_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@ type KustomizationSpec struct {
// +optional
DependsOn []string `json:"dependsOn,omitempty"`

// Decrypt Kubernetes secrets before applying them on the cluster.
// +optional
Decryption *Decryption `json:"decryption,omitempty"`

// The interval at which to apply the kustomization.
// +required
Interval metav1.Duration `json:"interval"`
Expand Down Expand Up @@ -103,6 +107,18 @@ type ServiceAccount struct {
Namespace string `json:"namespace"`
}

// Decryption defines how decryption is handled for Kubernetes manifests.
type Decryption struct {
// Provider is the name of the decryption engine.
// +kubebuilder:validation:Enum=sops
// +required
Provider string `json:"provider"`

// The secret name containing the private OpenPGP keys used for decryption.
// +optional
SecretRef *corev1.LocalObjectReference `json:"secretRef,omitempty"`
}

// KustomizationStatus defines the observed state of a kustomization.
type KustomizationStatus struct {
// ObservedGeneration is the last reconciled generation.
Expand Down
26 changes: 26 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

21 changes: 21 additions & 0 deletions config/crd/bases/kustomize.toolkit.fluxcd.io_kustomizations.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,27 @@ spec:
spec:
description: KustomizationSpec defines the desired state of a kustomization.
properties:
decryption:
description: Decrypt Kubernetes secrets before applying them on the
cluster.
properties:
provider:
description: Provider is the name of the decryption engine.
enum:
- sops
type: string
secretRef:
description: The secret name containing the private OpenPGP keys
used for decryption.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
required:
- provider
type: object
dependsOn:
description: A list of kustomizations that must be ready before this
kustomization can be applied.
Expand Down
6 changes: 6 additions & 0 deletions config/testdata/sops/keys.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
kind: Secret
metadata:
name: sops-pgp
data:
sops_functional_tests_key.asc: LS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQoKbFFPWUJGMW9RVjBCQ0FDMWlGZkU3SDN1dTBoYldiUllWTW96NXpaOTFBQ0hFVENPTVZ4TjhHT0c0U1YwbDhhUQp3bUs5UVdrWXhoaTUyTG5pY1ZEM0Q3VXk3NStKM3prdkVEUTE1QzBBWjhVSFhwNEpsU1F1WHBGaHJPaGZZVUYvCjZwci9RZXhUK2hRak9hY3ZZNHFmbmo0eEthL0FHZHY1dlBJeWd0UXVtRTZyM0doRVZBeFExR1N3dENXU1UzWmwKM1VxZjdTOGtEdkpUZW10UjJVa1ZmcFhjTWQ0QW1NS2d0N2ZWaFBPOGVGb3RxVExQdnovaUNsekVSK3E2MWZMQQpkMXJQOVlsbVk0Nk1KcC9QZmZQaWNXZEppS3YyaTZ5bktjSXdrclF5UDZWMlp6WWkvZ0FoTkpzdDNabE1mc2lOCmVrQ3Rjb3c5Qm40NHV4VzNVOFcwMkZOUVNOeW42VjZRUERJWEFCRUJBQUVBQi8wWjhrUVNsa3pFOTdRaFhtMGcKL1BRdWFWQ2RZOVVKZVNNQlhUdkRaaEJoQWNMZjZ5WkxTdHExdXo0c0lpV202K1pjWDhtWFE5YjkwZk1jZW9hSwpzVnhpWVlhRWNDWGd1NXpjdU1UdTh4UldLMzBiemprQVJyRGpFQnlaRk5McnIveXpPM0tLV3ZkVkFUb291NzdOCnhMeGN0NGRmKzQ2dkVNcy9ET3VsRFVreEJPamxrcHJscTh4U0cvNnZ1bzdySktVeWxzUzRzNSt5K0VKQ2ZtMG0KOEM5NElJT3Q0MkFOT2JEVXppVUhDRk5oQ0tTVXM5MnJMN0hYZmNNRzZMMTZVclNwSjN5TE52VEkzNFBnUnlkdgpwcHU2REFGTmVxc0o2b0lOU1dYRXFqZk1ISzdMeTlveUYyYmtCMlZLb2FwQWR6NllHSnlkck9EaEZyVGhjdUprCitwWTlCQURLblh0WXZEUlBvVHNmUllnWmV3dEJ4ZjNjY0dVam9TOVlDQzNzYWxXdVBFV25hbDJ5STBZUndaTkUKaWlyT0ZHS0g2amgvZnh0RlpOUFh1WWI3TUp6RnFWT2NBUno2VVNDdlIxdmEya01aelFFT0t3eE9YcUlZWU1WaApVd3o5KytRdWdxY0JMSHc5WVVGbUgvRHNSYUw0elA0SDhjWDVPMVRBTEZvM2FDL0VIUVFBNVZ6VUR1cGNwUkxQCmdGNmRDZ1QyR3lhamdSb1VGVTdCcnE4MitISkRCRGhITUIrM1ZXSmhzQzlEa1RNaC9SdFBPdUxiNDFLME9aLy8KYWNvWG8wUWpzTHNCeCtoTnFXQzBvb3NxYW9YaVV5aGJtRXVrdmxVUm01dUhUaFg5bjVCWklLaGlDZnQvTllOTwp5YitPQmdZRkhOMTFCTVVWeWhNUjdiZTJtbEo0RU1NRC9qZDlXUUlvSFFRNkJLTU5PbGM2Qkd1NEtzTXYvK2ZGCktWNHhuSktyV2pKeHdyaTBGc09ZTFMycWtnYlNBWGp4THFaV3g0VXlsbUpoMUhTQXlqVGdoWTB6UUVmMm9ES2QKMERLTjhZNDJhYXdoMUFvbElmRGJZT2FtcHc1dEJ6STIvV1lPa3NHUkZDd2pDaWRMM3BOZDAzVzlkQm1OYkJSYwp0VktMRy9rdDRKd0NMMHkwVTFOUFVGTWdSblZ1WTNScGIyNWhiQ0JVWlhOMGN5QkxaWGtnTVNBb2FIUjBjSE02Ckx5OW5hWFJvZFdJdVkyOXRMMjF2ZW1sc2JHRXZjMjl3Y3k4cElEeHpaV052Y0hOQWJXOTZhV3hzWVM1amIyMCsKaVFGT0JCTUJDQUE0RmlFRSs4ZTU0cVQ1S0pyQXdkU0VQUmJPNUtKemdiUUZBbDFvUVYwQ0d3TUZDd2tJQndJRwpGUW9KQ0FzQ0JCWUNBd0VDSGdFQ0Y0QUFDZ2tRUFJiTzVLSnpnYlREY1FmN0JwN2Uyelk5cEJCWFRnREFTUWwzCjFTU0hwOVdrUlVWNWlxUFZDOWlQQ0VMZ2d0ZUJHTXdJcGJEbG9iYzZPOC8wNmZveFdjdFRVYWFjaVBCbzIramUKV0ZUTytETnZCN29YSUFycXI1NjczUUhMaDZqRUFCQmp5dDkxcnZ0YTJ3WUYxWEpCZ3hwdWk5YUxJQ3NDcHRGTgpJUnZIZUtVclhCSTRmRzV6M0NEcy9FT29ZOEsvQUFZSlVGK0VSdG12bWlzaUUvbTIwVXBiWVJta0JKeTI1Yzg5CldjbjEySTFTVUpBM0gzaEd3dlpDWXA4aFkxSFB4eFFVdFUrRFpCSXByeWkweFFxRXhHQWxZcWNrN0cwM0YrQUQKNy9jc2FUMUxFZEN0V1JMTndFOFVrdmZVRjZsaUYwU2d6eEZvMXBwM2dCVTRzd2RzOXlPOXdOZTEySlkvTTVBLwpCSjBEbUFSZGFFRmRBUWdBdHVuOEpoU3BOQUt2T1h3V1gybkZobk1YVEpwNHZpTWhsQVpFZG1NWEVpMjdCMkRNCi9uUnpsZGp4R1pvTlVCU1ZiSk5qMmt4NVpVRGwwbzZlT3BDaHZSYUd1Q09wWXFPdVNRdkQ4Rm5YME5nUVVMd3UKVForTWF3c2Flemt0SkVqRFNCTTFSNnVBU2VKd0RaajRoY1VuUGd5QUlFU2FqUGRvd0VrRWpkWXQyNjFmR09MTApjVm9WZHRxek9NQmtMVmRySy9GRDFrR1I5am5TbEtFWURWOUR2ZUJVQlFHZHFrZ1dYalM1QktjYWUwN3ZpQzZ4Ck1hOUFKUzRwaXp5REFMQjJrMEhRT2VsWk5paE9HWFlVdXZrY3MyRml2bDBUazNPQ2ZIOVhEdkZlaGJZUkhta1IKRG9NdUtVRFN6ZHk2dEZCQWtMMENQbFhBV0k2a1FrbGFCRXAxOVFBUkFRQUJBQWY3Qlg3WUxZaTNZTEduOUJFdgpWdVNGbzdsM2ZMeXpYZnNPT2pWSi8waVEyK0gxMlkzbCtzc2k0ZUNudGI0MElqRE1JSHY1SndqZktOU2ZVd2tuCjVkaU1rM0xHejJkNjRsVEttclU0eU5MYU1oTWJ3bUUwL3U0Sk9Qb1hiSlpXTGQzbHlCZVRwVGlZM1I5cGdHOFYKSUdmQSt4TkRFalVkYzVqSFUrZWR0R2szN1g2bDZ1TDNPQU5TL015VFJkVk5yMjhHdi91cFhtSnMvTmJ2VG9zdAoxaHNVODlnYURqa2ZzV2hkaGl1Q0hSOWJxb3lvdC9WZ3ZwdDFOeHpmVjRTUUdWRmVwaDh5Q0d2U1JCUzh6WHVaCkZ0bXpBQ3MwajJhT01TdWNBR29nRW9EMTU4T3BYU05mZG1aMW5Dc3dsbzF5cVA2K2lyOG1yMkRUUmdNdHhQUWEKTjQ5YjRRUUF4VlR3Ulo2K3FpU0N6L0dKUHE3cUFTR0c0UklyODdnUHp4YUhtem5RaEtJeDZMRU1qWC8rTlU2Ywo5NEE4YVpZL29ON2YzcnI4YXBJQStjQUhiQXdGR3BiYzdrZTFDZ3kvbS9lSlpOVXhXUFQvWUJqWjRWKzQxVWF0CnZpR3JibVM5QjRRdWxPcEYyTmc2TGNPYzRkZ2d4VFBBVy9DWWQ1VDJGSW1yMXFZampXa0VBTzFMc3MwMExZNW8KNUk0UXFnTTBPZWVCRU9POExpU0RtaktnT3Z0c21KNitkQTR4M3JZZ0k4c21GTXN2dHlyY2I3NWs2RWRaYXpnTgpZU0k0c1UzV2NlV2JydGRWcjFnbFAzOENCTXVwbkZ2ZzhLd2JqU0ZWOHZOcVZCSENYU2hVeG5IbWxPVytVVnF5CkN4akpmMFJUT2hMRVk1RElSd1FCMEg4UDMwZFlPZmF0QkFEYUdJYnMvNisxUnVsS3BId1cvYzMrWE9sYVRaclQKVWhOanVjY2o3WTlJc3BZRCs2Y3JOa1F2QXJpNjBBb0RmSWlPNWFUazhyU1lwR3dCMXZFbW5VVm1OUHZSRjk1OApHVjNweUNPdi9wa21ucFMrNHcrYWtpSnNTSFgzanFxcDVmYi94ZDZ1a1VYOTVWZ1N5bXVKK3lhNDlHOEIwamo2CmJ3N0I0UzJNMzkrWGRrZzJpUUUyQkJnQkNBQWdGaUVFKzhlNTRxVDVLSnJBd2RTRVBSYk81S0p6Z2JRRkFsMW8KUVYwQ0d3d0FDZ2tRUFJiTzVLSnpnYlM3endnQW5kYmY1MzJPWG85SHdQSCt5UVFtelFDTERGTDZQNFY3TGNGcgpyeWRZSXRURWh4cUkzdGJiOTZNS1hSQXQrRzVNdzZKalJrV2h3emJVM2pFN0Q3WEJNSHc3R3JpVFRVOVFsdE5ICmc3VlVwU1NhaVRmVmNTTkVyenNhcWJqYkE3ak1zN1ZXek9xNExabzZFZnk4VURLZzVxY3FMRmFUUXJ6UVpZTkgKTmZNK2tMQWlVUFU4bTd2d216Nm9KV3NqSGtRS1VoS2hIcHRscHdNd2RIa29hY3FETzB4Mkg2SDkxbC9QbkRtNApaRzZGeWJKdGNqcjk4aStwNTIvWE9vODFuTGdYN3RjRlMzbnJOOUhOZGdLZzFaVzN5cnpnOE5PYUZDVkE4cUxECmdMay8vTTNxRGl4T3hpdXJFQ2tGck12dC9iRHhFR3BONUdWeTU1ME1teVVaUXJrdXFnPT0KPVZqR0wKLS0tLS1FTkQgUEdQIFBSSVZBVEUgS0VZIEJMT0NLLS0tLS0KLS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQoKbFFIWUJGMW9RWWdCQkFEUHVWUDZKZGsvSi9UYk5hOWRYaXJwL3p6d0sxOFpxTnVkTnFRR04zSCsyYVNneFh3TAp3bFJmenk3ckIzQ1U2RXdqems5RVZZZVl6dFRJa0dITDBKWjFDQ1RpQkpBcmxITzBiSFFRN0NQZUtQa2hJaGtqCmVBOHl1OWRjVTc3b1lDMnhid2dmNDNLWXpmTUtTR0V5Ymcrc0JPK2JIK1k2cGFKSzU0VjJjdVMzR3dBUkFRQUIKQUFQK0pqZjVCWHRWUDFPQXI1eHZDWVM3N0pXemhwVFVTSXBTN2RnUjBicjkxR0FDOURtaG15QkVHZVNxd3o5NQpMVXlZUmJZOXkxclpPZnBFR0NySWM1R0xQT1F5dE85WE1JemFTM2RwemZHaGxhL3NwYUtONHZKRHZJT2wrcnVUCmJJbkRkQ1JTbXFYQ2ZtMjQ3OE9oT3F1YzBIMGE0NmVTbW9hWWVLZEUzRThRWmlFQ0FOeFVML2RGazVqOE55UG8KWmN3WHc5TXYwQThVcnluUmNxaHQzU2N0aTlrN2Ric0h5bGNPYk0zMDVMRmRjb05uU2ZOQUlKaHhmamJpWHlHVwp2d1QyL3FNQ0FQRmF0cTNndlZqeTZ3S0t5bGlvaTVjVndiTHY5TCtPYVJYZFIvRHkyYmgvdDN1am5zbGlWNCtSCmY3azNySE9RZWFNTFRueWZjejhBZW5MNUlPZThSU2tDQU5GcEJneXp4Q2NWNDhNbStGV0R4anJTSjQvbXNSbk4KZ3hxQVBScmRwbTdlMXVlYnRCa1BoNGNoNG9DVzUvbExzUk4yM0xVVklYWUpSd3lGZlJqZWhDaW8wclJUVTA5UQpVeUJHZFc1amRHbHZibUZzSUZSbGMzUnpJRXRsZVNBeUlDaG9kSFJ3Y3pvdkwyZHBkR2gxWWk1amIyMHZiVzk2CmFXeHNZUzl6YjNCekx5a2dQSE5sWTI5d2MwQnRiM3BwYkd4aExtTnZiVDZJemdRVEFRZ0FPQlloQk5jaWtFTTQKUzh4Z01teHZ1ZGh5RFpWOFBUQjBCUUpkYUVHSUFoc0RCUXNKQ0FjQ0JoVUtDUWdMQWdRV0FnTUJBaDRCQWhlQQpBQW9KRU5oeURaVjhQVEIwUjJjRC8yWXdhSjQzaUd1ZWFBekJ5Rm5sK21VRUJRSjRIaEg0cDdCSWR4NkI5QWpFCjN5TGU4STRkcXFZWHh5WnphSjlkK0tpcXhKQlQwbDFHWHQzSDVNMzJ5REpacXpYQjlQVFdQM3l4OCtRMUN1Q3MKN0VML2JoSkQxL3NMZHVtVmM3N2JtUXRjSTlOU2lZeVB6Ti8yWnF0VjVSVTE0TG9oMjRWRkVqdUhHdk8wakkzKwpuUUhZQkYxb1FZZ0JCQUNoWGkwMGZtcEVzMEppcTB6T3lZbTlpNzQ5Vm9Pc05SZW9CLzVpeDFRQ2ltd1ZaS2UxCkQzN0lQNVFxeXN4eStMSVFjNGxKK1E4Zm9OT3gxQWV2NStURHl2K2lVODJEOXhyOXVQTExiQTgyazNBWjA0T3IKQmpyWi9ZdDFOWmh1YUh6Y2laQ1BwbXF6RjlrcVZxQVpjK3ZNaUtaTDFXWmpTN08xRndhaWRZMXZYd0FSQVFBQgpBQVArTDB3VVFlT2ZzRDArZ3Y4a2h5UEpUSlpPRDFweFE2TllLTGNYRjhyRzArdlFuRUNoYTA5OFlLTktBWFRwCmtmVlU4Nzk1aVFZSUtjUVE2SGwyTzFmajFBeEpFL2laWXJxZm03VVp6M2JRN1JPU3NBRVBaNUdET2pLZmJ3c3oKRTZiV1ZIK1BoUzFhemx2dFRzOUplelV0SzBXbDlzKzgxRk9yWnRuVVVza21XdEVDQU1OTnM5dWpVdDZHSHYvSgpOWFZhU21rMXo4UVhpdFBIYkFKTERNajR4VkR5c0pXWlY5NWVwbEMrUlVTaUx6NUhlUDJBUWdoMUQ5UnYyYkE1CmM3T2NKM2tDQU5PRWtBMGhWcFhDSTBGS3JzaWhPZjBOVU9hQXRTNkNRTkZsYUlrckx3c3NKUVk4cEdZYlJmUmEKM2tyTkpQeU9sWG1lelYyL0NzWDNFcUE5S1hYZW41Y0IvaVNtTUpPNFduZEdKVGU3WXpVRW5uWS9QMlRLZzFmTgpzNnY1TGYzOWo1TGw4VjVyVkRUN0FwQXcwSUtTOGZ6cGJkSFAwSGNpenV0bEY2bDQ0WWFBWE1HZmhvaTJCQmdCCkNBQWdGaUVFMXlLUVF6aEx6R0F5YkcrNTJISU5sWHc5TUhRRkFsMW9RWWdDR3d3QUNna1EySElObFh3OU1IVEQKSHdRQXYrdWk3MThBVDJodzJwSzlKYU51VHhqbGxySCtLUE1scm92MFA4b1hIUENvaEM1Y3hNNXNKNnRDUTBxSApYeWVXb0RFOFYzMWJ0cUZWQVF5cnIwd3kwZ250bDFML3RybndNSG9QOGEveGEwUkhOazVDN2htY3VoVEhiUWV5CkpOYmlSSlpwQ0laMU95ckYxNytxNnU5WUJQandxcDhLckovMHJ5eTJreWI3WlJNPQo9K3RKNgotLS0tLUVORCBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQotLS0tLUJFR0lOIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0KCm1RRU5CRjFvUVYwQkNBQzFpRmZFN0gzdXUwaGJXYlJZVk1vejV6WjkxQUNIRVRDT01WeE44R09HNFNWMGw4YVEKd21LOVFXa1l4aGk1MkxuaWNWRDNEN1V5NzUrSjN6a3ZFRFExNUMwQVo4VUhYcDRKbFNRdVhwRmhyT2hmWVVGLwo2cHIvUWV4VCtoUWpPYWN2WTRxZm5qNHhLYS9BR2R2NXZQSXlndFF1bUU2cjNHaEVWQXhRMUdTd3RDV1NVM1psCjNVcWY3UzhrRHZKVGVtdFIyVWtWZnBYY01kNEFtTUtndDdmVmhQTzhlRm90cVRMUHZ6L2lDbHpFUitxNjFmTEEKZDFyUDlZbG1ZNDZNSnAvUGZmUGljV2RKaUt2Mmk2eW5LY0l3a3JReVA2VjJaellpL2dBaE5Kc3QzWmxNZnNpTgpla0N0Y293OUJuNDR1eFczVThXMDJGTlFTTnluNlY2UVBESVhBQkVCQUFHMFUxTlBVRk1nUm5WdVkzUnBiMjVoCmJDQlVaWE4wY3lCTFpYa2dNU0FvYUhSMGNITTZMeTluYVhSb2RXSXVZMjl0TDIxdmVtbHNiR0V2YzI5d2N5OHAKSUR4elpXTnZjSE5BYlc5NmFXeHNZUzVqYjIwK2lRRk9CQk1CQ0FBNEZpRUUrOGU1NHFUNUtKckF3ZFNFUFJiTwo1S0p6Z2JRRkFsMW9RVjBDR3dNRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUVBSYk81S0p6CmdiVERjUWY3QnA3ZTJ6WTlwQkJYVGdEQVNRbDMxU1NIcDlXa1JVVjVpcVBWQzlpUENFTGdndGVCR013SXBiRGwKb2JjNk84LzA2Zm94V2N0VFVhYWNpUEJvMitqZVdGVE8rRE52QjdvWElBcnFyNTY3M1FITGg2akVBQkJqeXQ5MQpydnRhMndZRjFYSkJneHB1aTlhTElDc0NwdEZOSVJ2SGVLVXJYQkk0Zkc1ejNDRHMvRU9vWThLL0FBWUpVRitFClJ0bXZtaXNpRS9tMjBVcGJZUm1rQkp5MjVjODlXY24xMkkxU1VKQTNIM2hHd3ZaQ1lwOGhZMUhQeHhRVXRVK0QKWkJJcHJ5aTB4UXFFeEdBbFlxY2s3RzAzRitBRDcvY3NhVDFMRWRDdFdSTE53RThVa3ZmVUY2bGlGMFNnenhGbwoxcHAzZ0JVNHN3ZHM5eU85d05lMTJKWS9NNUEvQkxrQkRRUmRhRUZkQVFnQXR1bjhKaFNwTkFLdk9Yd1dYMm5GCmhuTVhUSnA0dmlNaGxBWkVkbU1YRWkyN0IyRE0vblJ6bGRqeEdab05VQlNWYkpOajJreDVaVURsMG82ZU9wQ2gKdlJhR3VDT3BZcU91U1F2RDhGblgwTmdRVUx3dVRaK01hd3NhZXprdEpFakRTQk0xUjZ1QVNlSndEWmo0aGNVbgpQZ3lBSUVTYWpQZG93RWtFamRZdDI2MWZHT0xMY1ZvVmR0cXpPTUJrTFZkcksvRkQxa0dSOWpuU2xLRVlEVjlECnZlQlVCUUdkcWtnV1hqUzVCS2NhZTA3dmlDNnhNYTlBSlM0cGl6eURBTEIyazBIUU9lbFpOaWhPR1hZVXV2a2MKczJGaXZsMFRrM09DZkg5WER2RmVoYllSSG1rUkRvTXVLVURTemR5NnRGQkFrTDBDUGxYQVdJNmtRa2xhQkVwMQo5UUFSQVFBQmlRRTJCQmdCQ0FBZ0ZpRUUrOGU1NHFUNUtKckF3ZFNFUFJiTzVLSnpnYlFGQWwxb1FWMENHd3dBCkNna1FQUmJPNUtKemdiUzd6d2dBbmRiZjUzMk9YbzlId1BIK3lRUW16UUNMREZMNlA0VjdMY0ZycnlkWUl0VEUKaHhxSTN0YmI5Nk1LWFJBdCtHNU13NkpqUmtXaHd6YlUzakU3RDdYQk1IdzdHcmlUVFU5UWx0TkhnN1ZVcFNTYQppVGZWY1NORXJ6c2FxYmpiQTdqTXM3Vld6T3E0TFpvNkVmeThVREtnNXFjcUxGYVRRcnpRWllOSE5mTStrTEFpClVQVThtN3Z3bXo2b0pXc2pIa1FLVWhLaEhwdGxwd013ZEhrb2FjcURPMHgySDZIOTFsL1BuRG00Wkc2RnliSnQKY2pyOThpK3A1Mi9YT284MW5MZ1g3dGNGUzNuck45SE5kZ0tnMVpXM3lyemc4Tk9hRkNWQThxTERnTGsvL00zcQpEaXhPeGl1ckVDa0ZyTXZ0L2JEeEVHcE41R1Z5NTUwTW15VVpRcmt1cWc9PQo9WnMycwotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCi0tLS0tQkVHSU4gUEdQIFBVQkxJQyBLRVkgQkxPQ0stLS0tLQoKbUkwRVhXaEJpQUVFQU0rNVUvb2wyVDhuOU5zMXIxMWVLdW4vUFBBclh4bW8yNTAycEFZM2NmN1pwS0RGZkF2QwpWRi9QTHVzSGNKVG9UQ1BPVDBSVmg1ak8xTWlRWWN2UWxuVUlKT0lFa0N1VWM3UnNkQkRzSTk0bytTRWlHU040CkR6SzcxMXhUdnVoZ0xiRnZDQi9qY3BqTjh3cElZVEp1RDZ3RTc1c2Y1anFsb2tybmhYWnk1TGNiQUJFQkFBRzAKVTFOUFVGTWdSblZ1WTNScGIyNWhiQ0JVWlhOMGN5QkxaWGtnTWlBb2FIUjBjSE02THk5bmFYUm9kV0l1WTI5dApMMjF2ZW1sc2JHRXZjMjl3Y3k4cElEeHpaV052Y0hOQWJXOTZhV3hzWVM1amIyMCtpTTRFRXdFSUFEZ1dJUVRYCklwQkRPRXZNWURKc2I3blljZzJWZkQwd2RBVUNYV2hCaUFJYkF3VUxDUWdIQWdZVkNna0lDd0lFRmdJREFRSWUKQVFJWGdBQUtDUkRZY2cyVmZEMHdkRWRuQS85bU1HaWVONGhybm1nTXdjaFo1ZnBsQkFVQ2VCNFIrS2V3U0hjZQpnZlFJeE44aTN2Q09IYXFtRjhjbWMyaWZYZmlvcXNTUVU5SmRSbDdkeCtUTjlzZ3lXYXMxd2ZUMDFqOThzZlBrCk5RcmdyT3hDLzI0U1E5ZjdDM2JwbFhPKzI1a0xYQ1BUVW9tTWo4emY5bWFyVmVVVk5lQzZJZHVGUlJJN2h4cnoKdEl5Ti9yaU5CRjFvUVlnQkJBQ2hYaTAwZm1wRXMwSmlxMHpPeVltOWk3NDlWb09zTlJlb0IvNWl4MVFDaW13VgpaS2UxRDM3SVA1UXF5c3h5K0xJUWM0bEorUThmb05PeDFBZXY1K1REeXYraVU4MkQ5eHI5dVBMTGJBODJrM0FaCjA0T3JCanJaL1l0MU5aaHVhSHpjaVpDUHBtcXpGOWtxVnFBWmMrdk1pS1pMMVdaalM3TzFGd2FpZFkxdlh3QVIKQVFBQmlMWUVHQUVJQUNBV0lRVFhJcEJET0V2TVlESnNiN25ZY2cyVmZEMHdkQVVDWFdoQmlBSWJEQUFLQ1JEWQpjZzJWZkQwd2RNTWZCQUMvNjZMdlh3QlBhSERha3IwbG8yNVBHT1dXc2Y0bzh5V3VpL1EveWhjYzhLaUVMbHpFCnptd25xMEpEU29kZko1YWdNVHhYZlZ1Mm9WVUJES3V2VERMU0NlMlhVdisydWZBd2VnL3hyL0ZyUkVjMlRrTHUKR1p5NkZNZHRCN0lrMXVKRWxta0loblU3S3NYWHY2cnE3MWdFK1BDcW53cXNuL1N2TExhVEp2dGxFdz09Cj1QYWZWCi0tLS0tRU5EIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0KLS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUVOQkYxb1FhWUJDQURzQ3cyMjNXRGoySVNua1pRSjA3TlM3RVIvZnQyVHo2RlB6c01xejVKbUdsd1FhbnRICk16anFOR0U1ZHUxVEJLK3lDSXV6bitQL2lva21PZEZqa0gyME9ISENFbWdCUVBRMld4cFI0QmMvakR2c3dvTDIKMmFta25JWVN0ZitTZ0N3dE5QVDUxUlM3LzVick41cFZuNEdqRFlnK0lSTGszM2J4ejFrTjM5MzNvbGtNRkhKRgpocnIxcmNFMXV4dDNqMkNFUHpmS0FVeXZpS1hrU2w0MUlBb3BFMmU2OXpzVmcwWWFlbnNUbkUvaFk0NXIxcTBXCkFCWG9KTGc0SDZVdEhaV1dHZzd2bXRRWUNwaWlVSWFXWjNZQjQ0OVVyNGp4WGVJWlBVcWhsaXFPb1VrOGE3RW4KMVpDMWhHTHcwamFFTmVhSHl3VkdpOVpxQUJtT1ZZbXZJdEkzQUJFQkFBRzBVMU5QVUZNZ1JuVnVZM1JwYjI1aApiQ0JVWlhOMGN5QkxaWGtnTXlBb2FIUjBjSE02THk5bmFYUm9kV0l1WTI5dEwyMXZlbWxzYkdFdmMyOXdjeThwCklEeHpaV052Y0hOQWJXOTZhV3hzWVM1amIyMCtpUUZPQkJNQkNBQTRGaUVFdGhHaStmRWREL2dsYUlCUkdmbTEKMnVxUi80WUZBbDFvUWFZQ0d3TUZDd2tJQndJR0ZRb0pDQXNDQkJZQ0F3RUNIZ0VDRjRBQUNna1FHZm0xMnVxUgovNFljM1FnQTJXY01sQ0NVQjR1eXl2S3ExYThaVEJsaTBZekl4VCtLc2xMK1BiT3hmaG94Z2x4UFJDbEIwL2w2CnN0RzNSRDBVWEtxOWNUZTlmNW5JOTZYSlJxVXplUGZLdGl4U2llaXJOVFpzd2lISVlpZllmZzQ2MGdYWUFJc1YKZGV6dFJHeEVhTVVWcTZ2YWprQTY5eUdiaTJuRXhhUXJQUUFnY09veUVjR2hzUVZpNU0zcmJJR0lKdEsvSzc3NwpsQXZXc2tNV2pFTC9WSVEzcUhKYXBCd2h0eUs4cEtpUTFVMnNzdlhTUDE1Um91VVUvOFBkRDZkODJkTGxMZkJtCmVpeVFDZUpZUXlSL2dlSkF2aHlCTytKeStTUzJSTkNFNkZHaXJBQ3pSaDNTU0xwS0F2aWVvTUhxWXphdjhrTWgKelNNYTUyMzBTS3BhcnRic2dGdTd0Mzl6c2MzdDZMa0JEUVJkYUVHbUFRZ0E2MGtKZ2hUdXh2WmFOalhDWkJuagowK3orTlNuZmhkUGFHZ2RVU3RYRENienNPMmwvNmt2bFdNd3dTM1Z1RHdHangxdkxXdDlLV3htTDg1K3FMRTJICkZ1UnBINHNKRmErMEhyYVk5U1AxVXhnTzV5ZG9tbVJLZExEdzVpUUlhSkFDTVNzTUFISE9RQ0o5VnVORTFndDgKZ09iNUo5MDJnUmFoZ0lLcEdycm10STZ4M1ptdTFyeUtyQkg5TG42MGtZdnJVMTRBTlBZdEl2T3dxQ054ZVU0Qwo5cTFxNC9iNzNSWGcyR3JpOGFsR2IySE1JYWVLNnU3aTVNbEVPcWtRb2YyRmttR2czbkV3LzZDdmNuZjRqZXNKCmliS2E2OXZDNm4zOVpKMGVSaG1ocjN0dzNNUDc2TGFheWhxcThUK0Zmb2c2OEEzT2UraTYrZjdQeUxlMG9hSEEKdVFBUkFRQUJpUUUyQkJnQkNBQWdGaUVFdGhHaStmRWREL2dsYUlCUkdmbTEydXFSLzRZRkFsMW9RYVlDR3d3QQpDZ2tRR2ZtMTJ1cVIvNGI1bHdnQW1WQ2EwWFllY282RWMrSXowQ0xCdk5YREZIL0tzUC95cFdLNWR1elpSS2ViCkQzMGNEd1FIVUZXSDVXaXZHWjVuSitSczl6a0Q3YTA3b21NVFJtQ3NyakQ0STN4REdNVFUyM2wrZ0JTQzUrOVIKQjZiT2k4MW5nSDNPTGFTYmVoMnQyMVBERWY1N005NFdGTmx3MkxWZ012WjZTNHJzN0k0RlpnbTc1aDRFR0d1WQpJdDFsOFNxTldjS0RtOUt6L3FHMGxxZVNHR0ZuUXFtU0JGSDBWYjBodXMvWEVyVTJyM2ZRcjFsRGowVktwT0lPCkowWXM5cm1JNnlFUFRpK0doRnIxYkhLd1pNaW56NWxjSG5PbDh4eWU0OHRzck90SE1HTjE3L0I2aFVVR3pkK1cKVHBock9mbmZUTzFZQ2tnMW5FQjVFMlJhai9LVitvaHFQdmpFK0toRTdRPT0KPWdxaEUKLS0tLS1FTkQgUEdQIFBVQkxJQyBLRVkgQkxPQ0stLS0tLQo=
16 changes: 16 additions & 0 deletions config/testdata/sops/ks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1alpha1
kind: Kustomization
metadata:
name: sops
spec:
interval: 5m
path: "./testdata/sops/"
prune: true
sourceRef:
kind: GitRepository
name: sops
decryption:
provider: sops
secretRef:
name: sops-pgp
validation: client
6 changes: 6 additions & 0 deletions config/testdata/sops/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- source.yaml
- keys.yaml
- ks.yaml
Loading