feat: add secret regcred

cluster/apps/development/gitea/.decrypted.backup-job.yaml

@@ -0,0 +1,47 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: gitea-repositories-backup
+  namespace: development
+spec:
+  schedule: "@weekly"
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          name: gitea-repositories-backup
+        spec:
+          imagePullSecrets:
+            - name: regcred
+          containers:
+            - name: trash-updater
+              image: bitnami/kubectl:1.21.3
+              imagePullPolicy: IfNotPresent
+              command:
+                - "bin/sh"
+                - "-ec"
+                - |
+                  #!/bin/sh
+
+                  set -o nounset
+                  set -o errexit
+
+                  DATE=`date +%Y%m%d`
+                  ARCHIVE_NAME=gitea-repositories-${DATE}.tar
+
+                  kubectl exec gitea-0 --namespace development -- bash -c "\
+                    cd /data/git/gitea-repositories && \
+                    tar cvf /tmp/${ARCHIVE_NAME} ./ && \
+                    zstd /tmp/${ARCHIVE_NAME} && \
+                    scp -i /opt/id_rsa /tmp/${ARCHIVE_NAME}.zst homelab@truenas:/mnt/storage/backups/gitea/ && \
+                    rm /tmp/${ARCHIVE_NAME}.zst"
+              volumeMounts:
+                - name: secret
+                  mountPath: /opt/id_rsa
+                  subPath: deployment-rsa-priv-key
+          volumes:
+            - name: secret
+              secret:
+                secretName: drone-pipelines
+          restartPolicy: Never

cluster/apps/development/jobs/serviceaccount.yaml

@@ -2,13 +2,13 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: jobs
-  namespace: media
+  namespace: development
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: jobs-edit
-  namespace: media
+  namespace: development
 subjects:
   - kind: ServiceAccount
     name: jobs

cluster/apps/development/kustomization.yaml

@@ -5,3 +5,4 @@ resources:
   - drone
   - drone-runner-kube
   - gitea
+  - jobs

cluster/base-custom/secrets/kustomization.yaml

@@ -4,5 +4,6 @@ resources:
   - cluster-secrets.yaml
   - drone-pipelines.yaml
   - regcred-data.yaml
+  - regcred-development.yaml
   - regcred-media.yaml
   - replicated.yaml

cluster/base-custom/secrets/regcred-development.yaml

@@ -0,0 +1,59 @@
+kind: Secret
+apiVersion: v1
+metadata:
+    name: regcred
+    namespace: development
+type: kubernetes.io/dockerconfigjson
+stringData:
+    .dockerconfigjson: ENC[AES256_GCM,data:HfEH30Dis81WFXJ2bAbKPVUmHTkqcpPB7bLm1Zn1f0ELUJzD2Z8JGJ7xOBcfJR9CvzUma9gLYlrz1J8moy4B2n/hIGQFySN4zKR3iDjHNFLJo+HcRn2rONzfKX0lTFZ4YXWhw6Rlx3j0MZ7OFBnhI2I5kyfEyYcc1Xqq4c8++GosYCG4lwTrwFjmTeCo9BoTvOphgnkC5NuihDQ/UiHV9/po9zeQO/I=,iv:3XqfPFv3Rc7g8W7Bk1Q0n945mPvQTqkLX4yWh9CfLyc=,tag:l+LpDfWt1K5uRfBbM71DhQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2021-07-19T12:09:05Z"
+    mac: ENC[AES256_GCM,data:WAteda2YTX0sgGtNJX/QI5bNBCBGdv+lSMM2gyoZfzmRS6Uj5Y7pPHf7EScqGcou8ZfEcGdJG/lA9A7hONETAf+2fKdn9g7FM7cVvh493+wLr8drtJMu/mqqP3A72tbhi6PMtmUHAtF2+gNyYak1QAmvEfO/+cAJC4TfxXaBsZ4=,iv:0PUuKI1qewENzW0KTq+Cm9LpdJ60OvhZ1CEqZXvH/tI=,tag:fWLUbqnV5FGqkVucFBciaw==,type:str]
+    pgp:
+        - created_at: "2021-07-17T21:25:06Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA6nQR2zACjUjAQ/9G4rlzO+Mf9NXs5jwGf+yuj0VM3SWl9Rz7kEAFdnEhYNG
+            RWBu/lpg6ipIBAIramz1hV4NQPraoEEO/OwEwj0Bez88ydt3a7CxMFyu2q+pNjvi
+            QIrQuM+3J3dM8l5qVh3/5r81QvSb/g+USgYIGhbd9jABxBzglnb3GYA+KBgWncsp
+            PVaBG5t3+7jd2FbKd+6fzYkMiW1kZmK4/3P2etoDFR4bgoADck0Coy9Y155QAlnk
+            /AYVwS6IIZ8+BUwwT+gOk8V9QJRwcKFFo9TJ2gmnkNb5MbXgX7DEKwGPIegEUyKY
+            Ex9x+yEdfy5dlsJ7TE4C5olk4yOEnXfhxUeiMD6myEJjVM9SjP3A7DK+/f/E6+9Q
+            MAMFxxHaKGLu2wRmUPMWH78VhVLExgq7P9l8YGMEKch32wdwo4b4295mLe+AtXlw
+            z3vWLx1PYU+l0sJ8leVZtd//547NbLxtUGYhI+5ozzxaL8Hwps5fWbcmXLWaz8Dr
+            Lj1zwatetd1Loc0OZFR90giQVl9JREHK9QlARAFnIMnu7eKZlln/TnF7MjdgAuD4
+            2diAocyU+X7PZty+oWbi56LQE90Vr01MBO/wsvUUETZ+6sAEYB805EKpGj+r432H
+            /WPx2Yedn9HAE8ZPIRedYK5gXh8867mA3XCw6sd9ELI67BWiqdveR1jeKreFPJjS
+            XgHx9krMM0IcX2V0rT0nJea8m3M+b6ZpvdBicmfjTCBxrnAgMnbOGuzwoUGNePX2
+            IZtgHNvqEaQfEONDtIJM6gtY6soJJxQ790w+FmTGs7av4o0IHgT4xqZRhDZSF/8=
+            =p08Q
+            -----END PGP MESSAGE-----
+          fp: 19B850FBA7685A526CF11E5F9BBE834259976EE8
+        - created_at: "2021-07-17T21:25:06Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA98IrODHuiZ9ARAArzhyppi7wq055mnLiBm3CG1JUIELebfLwyD4Xj46Rjq4
+            cRZAeRKSM/MjUT0G8RuhssaJPoI2uNtZT9z3+qIZDUoCHLt8horo147oMzN7RqVW
+            VjEbO63Tiv253Jles3lax5eCmO0f88frzOqs4IqSluYWL1AlKkA6zGZuEhysasHk
+            RtZh2jWe7/ZBP8gICgTaPv/ptIWF4mJYcK2rD9mM3PeZ1oBVfwVhsxumGISo9hEm
+            oDtfFqTaX+nDRcjofIp/u85Jt3SrD+NCyCyBUzoprs5npPlLcy/cjrQ1HCxrOSxh
+            fzGo90CWg0TqSFx545CiTxT6wJzRVsLspP662/nV1wHXOu3fO1IqAjWsmDk66oBp
+            A4tgE8eDo7NA849VmsUkNfdgFOiFFBW8TolHZUJHbV4BomWK1KXJuRRAqIdg620Y
+            oDjHClWLpJTpkhlN+GhU0AojXWEYnpQhDApqrFnpQECEjOUuu643JSjDOj/kY/IJ
+            0DeveaBy9clylq8G+SMXSKt/LivATquvuMzsDnLzy+SYjnOsjpIL/JNdFH5uWqm7
+            1erIyM9Ix7cIAzk4qm/5M3smy/7p+eOMlqFgRrN+fbt54uSbW+7BamjTCPsXnqk5
+            0zHMdf6BHC1QKgOH24jhPFUATiJeY4fJBPIJF+orbWlBTBrFFp3h6W12HdHUG83S
+            XgHN9EqRP9PC1n+F3Ni4VVVfx5kBr4g5tyrGhpSgYNJqSdIQCdaWySsTVLs2D4Xr
+            69Bdc0tBQv5aCyU4g2PT2CDYjLrPFxImCcyr/JeZd2x44scuHUqjAl/plihSmes=
+            =cyE+
+            -----END PGP MESSAGE-----
+          fp: 5749D0AE39445C1CCA6006DF8913091C690BDD69
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.1