add sealed secrets

0b4243ef · Rob Kooper · fd3d679e · 0b4243ef · 0b4243ef · 0b4243ef
Commit 0b4243ef authored 3 years ago by Rob Kooper
--- a/charts/apps/templates/sealedsecrets.yaml
+++ b/charts/apps/templates/sealedsecrets.yaml
+{{ if .Values.sealedsecrets.enabled }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ .Values.cluster.name }}-sealed-secrets
+  labels:
+    cluster: {{ .Values.cluster.name | quote }}
+    app: sealed-secrets
+  namespace: argocd
+  annotations:
+    {{- toYaml .Values.notifications | nindent 4 }}
+spec:
+  project: {{ .Values.cluster.name }}
+  destination:
+    server: {{ .Values.cluster.url }}
+    namespace: kube-system
+  syncPolicy:
+    {{- if .Values.sync }}
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    {{- end }}
+    syncOptions:
+      - CreateNamespace=true
+  source:
+    repoURL: https://bitnami-labs.github.io/sealed-secrets/
+    chart: sealed-secrets
+    targetRevision: {{ .Values.sealedsecrets.version | quote }}
+    helm:
+      version: v3
+      releaseName: sealed-secrets
+{{- end }}
--- a/charts/apps/values.yaml
+++ b/charts/apps/values.yaml
@@ -35,6 +35,10 @@ ingresscontroller:
  traefik2:
    version: "10.*"
+sealedsecrets:
+  enabled: false
+  version: "0.*"
 metallb:
  enabled: false
  version: "0.10.*"

--- a/terraform/modules/argocd/argocd.tf
+++ b/terraform/modules/argocd/argocd.tf
@@ -43,6 +43,7 @@ locals {
    traefik_dashboard           = var.traefik_dashboard
    acme_staging                = var.acme_staging
    acme_email                  = var.acme_email
+    sealedsecrets_enabled       = var.sealedsecrets_enabled
    healthmonitor_enabled       = var.healthmonitor_enabled
    healthmonitor_nfs           = var.healthmonitor_nfs
    healthmonitor_notifications = var.healthmonitor_notifications

--- a/terraform/modules/argocd/templates/argocd.yaml.tmpl
+++ b/terraform/modules/argocd/templates/argocd.yaml.tmpl
@@ -81,6 +81,9 @@ spec:
          #notifiers:
          #  %%{ indent(12, healthmonitor) }%
+        sealedsecrets:
+          enabled: ${sealedsecrets_enabled}
        longhorn:
          enabled: ${longhorn_enabled}
          replicas: ${longhorn_replicas}

--- a/terraform/modules/argocd/variables.tf
+++ b/terraform/modules/argocd/variables.tf
@@ -160,6 +160,12 @@ variable "healthmonitor_notifications" {
  default     = ""
 }
+variable "sealedsecrets_enabled" {
+  type        = bool
+  description = "Enable sealed secrets"
+  default     = false
+}
 variable "metallb_enabled" {
  type        = bool
  description = "Enable MetalLB"