diff --git a/gitlab-runner/templates/gitlab-secret-sealed.yaml b/gitlab-runner/templates/gitlab-secret-sealed.yaml index 656c8e7..07359ee 100644 --- a/gitlab-runner/templates/gitlab-secret-sealed.yaml +++ b/gitlab-runner/templates/gitlab-secret-sealed.yaml @@ -1,16 +1,56 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret +#apiVersion: bitnami.com/v1alpha1 +#kind: SealedSecret +#metadata: +# creationTimestamp: null +# name: gitlab-secret +# namespace: gitlab-runner +#spec: +# encryptedData: +# runner-registration-token: AgAp5TsqtVCMYNKC/H/VetcFBKKJsab6xzxDuycgBzJdXg3cgklvlh5rlRIeINHHYzRUATPg7xeU0BtvJ9UG8dgWV9Bx7pq2hUEGB0MSNQE1HdTBE4avbMOAbsXiPLefYoeGm7nPHvRS5m+1x2gY1VuvE4wpqdO04ROrBceJP6e1dtDKkmNfqg4V1laB9Y69d68iLIN6lJ3Jh2x4HD9AREftBh0vfFuX1MOivAJ40ZzruhqBvtRn5BMdsk4eRyIZdfeO0SLPm4OV1/KUW3LbRq/BdxKvuEovF0CM9vsBGfgFKWNdBmbM52X4HUVeuSQXmNFzUIOCQcxFPFFRguxfQmjtBAsICGCvOlL89iNIoc12g0ZBdwDZYKx/MjeJDrdPWUlfMW/RvHEWzsBOu/rb1RljEvx1PTFuCInEPaLd/sHs3xyf4QJpzNw5M3uRav009UQf6cwseFKoJTbZVxg4QfJj3HSdPRfk6nfebcwJVm8niw5jy+tA1TtqGfCtHMKNNsctHQV/0eHf2MPyrNyWHBnhylDPxA7aKq0RaWff+rRkbEKL7ODHR7xkCKbV3gYt2gBrN4Fif9G0yLGP0Oz70L1aR8Xuh2VfF314/EPTE+fSYXexr6lzMCGbQS//DQQy0DvV1i8wgno9n6jBPYOOkSUaSexKDLWtB5uXpkbBPVXzw7npZZNe1kyid58CYnulXpJZtfyhUlVvc+hJTaZ6K0pVwVqg/YxvA+AdI9lKiw== +# runner-token: AgBrQtK4/1DwadqCWigyPQyU6n/x67pXEEVCVDVTd8yX3yREBXxTkRNlbYiNgMSegZyymnTCg8mIN9VLuwlLUM1EEHh6sAyIQBQCdNryXtpXAC55PY0iRuV/ztbQl8Sf+rLzL+2Jsq7hXKLL3Mam41ZW36pVWcN3msZac0ScOdHy5J2jWuTFiGF23FPDUSOWKB9ZtYgSTtLmXBiYHiwA8INerY0UXt0/BptYKui7rT6GKHWUvLTaLXlAb3lFiHzj2rLmuvo1IF5Ld6EtLKOOmTYAOvd3hVTt5KAc+6O/UEa7/OZ7jLC8WvfSWobd4HTe3drZyOlLpEiwpxpftdMEaZGL/kBKl+TM6rbxLlEIwiR9Zr2cCbqQ5R8GydPsCqbYaPDrQkLwXxaOvZXMtNJA5f86Ukg1sy9r/MO7T9sfgKzUF25iyqoBHy0EqQjNIQ7CHSMQ8Llfi3Qf9Jybb/WQz8urEpaOB7mQrtV2yU4LAkhql/ppPMD6ZErW2FQ6+ESiuTRAmkZm7XlQkxA5oKHQn7PhK/OYRAPcRBFjYdDTAb1gAtpti77W3HHUqU/u1sH6pjo4mVg0QepwM04X5T55LmAAK5PWgyu7fHZaQVkEEet3TsjHCHo4L3gt4so/5KtMneKrFJgExbxHi5tzLCMNuEbgXQ7NOa3Y8Lj0KxV2odeoKZUSrxhuGbAhbnFuqmOb28/GsTI/dLnMXwhRe2//KE11mhDa3A== +# template: +# data: null +# metadata: +# creationTimestamp: null +# name: gitlab-secret +# namespace: gitlab-runner + +--- + +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret metadata: - creationTimestamp: null - name: gitlab-secret - namespace: gitlab-runner + name: vault-gitlab spec: - encryptedData: - runner-registration-token: AgAp5TsqtVCMYNKC/H/VetcFBKKJsab6xzxDuycgBzJdXg3cgklvlh5rlRIeINHHYzRUATPg7xeU0BtvJ9UG8dgWV9Bx7pq2hUEGB0MSNQE1HdTBE4avbMOAbsXiPLefYoeGm7nPHvRS5m+1x2gY1VuvE4wpqdO04ROrBceJP6e1dtDKkmNfqg4V1laB9Y69d68iLIN6lJ3Jh2x4HD9AREftBh0vfFuX1MOivAJ40ZzruhqBvtRn5BMdsk4eRyIZdfeO0SLPm4OV1/KUW3LbRq/BdxKvuEovF0CM9vsBGfgFKWNdBmbM52X4HUVeuSQXmNFzUIOCQcxFPFFRguxfQmjtBAsICGCvOlL89iNIoc12g0ZBdwDZYKx/MjeJDrdPWUlfMW/RvHEWzsBOu/rb1RljEvx1PTFuCInEPaLd/sHs3xyf4QJpzNw5M3uRav009UQf6cwseFKoJTbZVxg4QfJj3HSdPRfk6nfebcwJVm8niw5jy+tA1TtqGfCtHMKNNsctHQV/0eHf2MPyrNyWHBnhylDPxA7aKq0RaWff+rRkbEKL7ODHR7xkCKbV3gYt2gBrN4Fif9G0yLGP0Oz70L1aR8Xuh2VfF314/EPTE+fSYXexr6lzMCGbQS//DQQy0DvV1i8wgno9n6jBPYOOkSUaSexKDLWtB5uXpkbBPVXzw7npZZNe1kyid58CYnulXpJZtfyhUlVvc+hJTaZ6K0pVwVqg/YxvA+AdI9lKiw== - runner-token: AgBrQtK4/1DwadqCWigyPQyU6n/x67pXEEVCVDVTd8yX3yREBXxTkRNlbYiNgMSegZyymnTCg8mIN9VLuwlLUM1EEHh6sAyIQBQCdNryXtpXAC55PY0iRuV/ztbQl8Sf+rLzL+2Jsq7hXKLL3Mam41ZW36pVWcN3msZac0ScOdHy5J2jWuTFiGF23FPDUSOWKB9ZtYgSTtLmXBiYHiwA8INerY0UXt0/BptYKui7rT6GKHWUvLTaLXlAb3lFiHzj2rLmuvo1IF5Ld6EtLKOOmTYAOvd3hVTt5KAc+6O/UEa7/OZ7jLC8WvfSWobd4HTe3drZyOlLpEiwpxpftdMEaZGL/kBKl+TM6rbxLlEIwiR9Zr2cCbqQ5R8GydPsCqbYaPDrQkLwXxaOvZXMtNJA5f86Ukg1sy9r/MO7T9sfgKzUF25iyqoBHy0EqQjNIQ7CHSMQ8Llfi3Qf9Jybb/WQz8urEpaOB7mQrtV2yU4LAkhql/ppPMD6ZErW2FQ6+ESiuTRAmkZm7XlQkxA5oKHQn7PhK/OYRAPcRBFjYdDTAb1gAtpti77W3HHUqU/u1sH6pjo4mVg0QepwM04X5T55LmAAK5PWgyu7fHZaQVkEEet3TsjHCHo4L3gt4so/5KtMneKrFJgExbxHi5tzLCMNuEbgXQ7NOa3Y8Lj0KxV2odeoKZUSrxhuGbAhbnFuqmOb28/GsTI/dLnMXwhRe2//KE11mhDa3A== - template: - data: null - metadata: - creationTimestamp: null - name: gitlab-secret - namespace: gitlab-runner + secretStoreRef: + name: vault-gitlab + kind: SecretStore + target: + name: db-pass + data: + - secretKey: runner-registration-token + remoteRef: + key: gitlab/runner + property: runner-registration-token + - secretKey: runner-token + remoteRef: + key: gitlab/runner + property: runner-token + + +--- + +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: vault-gitlab +spec: + provider: + vault: + server: "http://vault.vault.svc.cluster.local:8200" + path: "gitlab" + version: "v2" + auth: + kubernetes: + mountPath: "kubernetes" + role: "external-secrets" \ No newline at end of file