19 lines
1012 B
YAML
19 lines
1012 B
YAML
# Sealed Secrets — noble (Git-encrypted Secret workflow)
|
|
#
|
|
# helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
|
|
# helm repo update
|
|
# kubectl apply -f clusters/noble/apps/sealed-secrets/namespace.yaml
|
|
# helm upgrade --install sealed-secrets sealed-secrets/sealed-secrets -n sealed-secrets \
|
|
# --version 2.18.4 -f clusters/noble/apps/sealed-secrets/values.yaml --wait
|
|
#
|
|
# Client: install kubeseal (same minor as controller — see README).
|
|
# Defaults are sufficient for the lab; override here if you need key renewal, resources, etc.
|
|
#
|
|
# GitOps pattern: create Secrets only via SealedSecret (or External Secrets + Vault).
|
|
# Example (Newt): clusters/noble/apps/sealed-secrets/examples/kubeseal-newt-pangolin-auth.sh
|
|
# Backup the controller's sealing key: kubectl -n sealed-secrets get secret sealed-secrets-key -o yaml
|
|
#
|
|
# Talos cluster secrets (bootstrap token, cluster secret, certs) belong in talhelper talsecret /
|
|
# SOPS — not Sealed Secrets. See talos/README.md.
|
|
commonLabels: {}
|