From 283951388c96e871c9c4a835eee6594fc27e08c0 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <tazjin@google.com>
Date: Tue, 3 Sep 2019 16:10:42 +0100
Subject: feat(k8s): Insert Nixery's secrets via kontemplate

Instead of having a manually prepared secret, use Cloud KMS (as per
the previous commits) to decrypt the in-repo secrets and template them
into the Secret resource in Kubernetes.

Not all of the values are actually secret, it has thus become a bit
easier to edit the known hosts, SSH config and such now.
---
 infra/kubernetes/nixery/ssh_config | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 infra/kubernetes/nixery/ssh_config

(limited to 'infra/kubernetes/nixery/ssh_config')

diff --git a/infra/kubernetes/nixery/ssh_config b/infra/kubernetes/nixery/ssh_config
new file mode 100644
index 000000000000..78afbb0b039d
--- /dev/null
+++ b/infra/kubernetes/nixery/ssh_config
@@ -0,0 +1,4 @@
+Match host *
+      User tazjin@google.com
+      IdentityFile /var/nixery/id_nixery
+      UserKnownHostsFile /var/nixery/known_hosts
-- 
cgit 1.4.1