feat(k8s): Insert Nixery's secrets via kontemplate
Instead of having a manually prepared secret, use Cloud KMS (as per the previous commits) to decrypt the in-repo secrets and template them into the Secret resource in Kubernetes. Not all of the values are actually secret, it has thus become a bit easier to edit the known hosts, SSH config and such now.
This commit is contained in:
Vincent Ambo
parent
0bc548e75e
commit
283951388c
5 changed files with 25 additions and 4 deletions
4
infra/kubernetes/nixery/ssh_config
Normal file
4
infra/kubernetes/nixery/ssh_config
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
Match host *
|
||||
User tazjin@google.com
|
||||
IdentityFile /var/nixery/id_nixery
|
||||
UserKnownHostsFile /var/nixery/known_hosts
|
||||
Loading…
Add table
Add a link
Reference in a new issue