diff options
| author | Vincent Ambo <tazjin@google.com> | 2019-09-03T15·10+0100 |
|---|---|---|
| committer | Vincent Ambo <tazjin@google.com> | 2019-09-03T15·12+0100 |
| commit | 283951388c96e871c9c4a835eee6594fc27e08c0 (patch) | |
| tree | fe6be2f9756627ac09c3207f876430921789baec /infra/kubernetes/nixery/config.yaml | |
| parent | 0bc548e75e7e06ee4ad172449f818d7e4b861b1d (diff) | |
feat(k8s): Insert Nixery's secrets via kontemplate
Instead of having a manually prepared secret, use Cloud KMS (as per the previous commits) to decrypt the in-repo secrets and template them into the Secret resource in Kubernetes. Not all of the values are actually secret, it has thus become a bit easier to edit the known hosts, SSH config and such now.
Diffstat (limited to 'infra/kubernetes/nixery/config.yaml')
| -rw-r--r-- | infra/kubernetes/nixery/config.yaml | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/infra/kubernetes/nixery/config.yaml b/infra/kubernetes/nixery/config.yaml index 1bd95536ac17..796e21a7273c 100644 --- a/infra/kubernetes/nixery/config.yaml +++ b/infra/kubernetes/nixery/config.yaml @@ -3,10 +3,6 @@ # The service via which Nixery is exposed has a private DNS entry # pointing to it, which makes it possible to resolve `nixery.local` # in-cluster without things getting nasty. -# -# The 'nixery-keys' secret was configured manually using a created -# service account key. This does not use metadata-based authentication -# due to the requirement for having an actual PEM-key to sign with. --- apiVersion: apps/v1 kind: Deployment |