feat(k8s): Insert Nixery's secrets via kontemplate

Instead of having a manually prepared secret, use Cloud KMS (as per the previous commits) to decrypt the in-repo secrets and template them into the Secret resource in Kubernetes. Not all of the values are actually secret, it has thus become a bit easier to edit the known hosts, SSH config and such now.
author: Vincent Ambo <tazjin@google.com> 2019-09-03T15·10+0100
committer: Vincent Ambo <tazjin@google.com> 2019-09-03T15·12+0100
commit: 283951388c96e871c9c4a835eee6594fc27e08c0 (patch)
tree: fe6be2f9756627ac09c3207f876430921789baec /infra/kubernetes/nixery/ssh_config
parent: 0bc548e75e7e06ee4ad172449f818d7e4b861b1d (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/infra/kubernetes/nixery/ssh_config b/infra/kubernetes/nixery/ssh_config
new file mode 100644
index 000000000000..78afbb0b039d
--- /dev/null
+++ b/infra/kubernetes/nixery/ssh_config
@@ -0,0 +1,4 @@
+Match host *
+      User tazjin@google.com
+      IdentityFile /var/nixery/id_nixery
+      UserKnownHostsFile /var/nixery/known_hosts
author	Vincent Ambo <tazjin@google.com>	2019-09-03T15·10+0100
committer	Vincent Ambo <tazjin@google.com>	2019-09-03T15·12+0100
commit	283951388c96e871c9c4a835eee6594fc27e08c0 (patch)
tree	fe6be2f9756627ac09c3207f876430921789baec /infra/kubernetes/nixery/ssh_config
parent	0bc548e75e7e06ee4ad172449f818d7e4b861b1d (diff)