From 72bb079f1065efce16a3c6709162e45bf3fbce7f Mon Sep 17 00:00:00 2001 From: Jacques ROUSSEL Date: Fri, 24 May 2024 12:29:22 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=91=B7(helm)=20preprod=20configuration?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR adds the preprod configuration for the helm chart. --- .github/workflows/deploy.yml | 41 +++++ .github/workflows/secrets.enc.env | 32 ++-- src/helm/env.d/preprod/secrets.enc.yaml | 62 ++++++++ .../env.d/preprod/values.impress.yaml.gotmpl | 140 ++++++++++++++++++ src/helm/env.d/production/secrets.enc.yaml | 64 ++++---- src/helm/helmfile.yaml | 5 + 6 files changed, 297 insertions(+), 47 deletions(-) create mode 100644 .github/workflows/deploy.yml create mode 100644 src/helm/env.d/preprod/secrets.enc.yaml create mode 100644 src/helm/env.d/preprod/values.impress.yaml.gotmpl diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 00000000..adb8c88c --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,41 @@ +name: Deploy + +on: + push: + tags: + - 'preprod' + - 'production' + + +jobs: + notify-argocd: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Load sops secrets + uses: rouja/actions-sops@main + with: + secret-file: .github/workflows/secrets.enc.env + age-key: ${{ secrets.SOPS_PRIVATE }} + - + name: Call argocd github webhook + run: | + data='{"ref": "'$GITHUB_REF'","repository": {"html_url":"'$GITHUB_SERVER_URL'/'$GITHUB_REPOSITORY'"}}' + sig=$(echo -n ${data} | openssl dgst -sha1 -hmac ''${ARGOCD_WEBHOOK_SECRET}'' | awk '{print "X-Hub-Signature: sha1="$2}') + curl -X POST -H 'X-GitHub-Event:push' -H "Content-Type: application/json" -H "${sig}" --data "${data}" $ARGOCD_WEBHOOK_URL + sig=$(echo -n ${data} | openssl dgst -sha1 -hmac ''${ARGOCD_PRODUCTION_WEBHOOK_SECRET}'' | awk '{print "X-Hub-Signature: sha1="$2}') + curl -X POST -H 'X-GitHub-Event:push' -H "Content-Type: application/json" -H "${sig}" --data "${data}" $ARGOCD_PRODUCTION_WEBHOOK_URL + + start-test-on-preprod: + needs: + - notify-argocd + runs-on: ubuntu-latest + if: startsWith(github.event.ref, 'refs/tags/preprod') + steps: + - + name: Debug + run: | + echo "Start test when preprod is ready" diff --git a/.github/workflows/secrets.enc.env b/.github/workflows/secrets.enc.env index 54456e71..cb03d95a 100644 --- a/.github/workflows/secrets.enc.env +++ b/.github/workflows/secrets.enc.env @@ -1,22 +1,24 @@ -SOPS_PRIVATE=ENC[AES256_GCM,data:53ysyQ9gq2PnAQKNjOL+e+Bu5SQIuOguz8Bo5CpqbpYsF0AmV1WsOutckdClbu6ApqV3m9/Cj1FJ30+L/+j05pvcpqMeehPQwGQ=,iv:VMuML9IXiEqKY9jp+ny76jnQHmewq2rqdBy1wYpZkSI=,tag:aAZgwiWDg1AG4wk3f2Fq4w==,type:str] -CROWDIN_API_TOKEN=ENC[AES256_GCM,data:bwh38oLDH4BpI2H+7oUjtVizyrYvVJ6Av4ECTnyPPthMz6DCaYQn55RXp8rQDgJj4bPRls+JcRVC94zYIjgpkDsbbcqHr620KQKHQHMgoOQ=,iv:hydpwWtCiOkhBpAYyNwDzSjhjfdUJcKX7YX3/PXteN0=,tag:eQLniL5XxkNs5yThUuQHyw==,type:str] -CROWDIN_BASE_PATH=ENC[AES256_GCM,data:LJZE454A6qg=,iv:yIjGACBJSX3S9g7PAHRFn074xL94fHvMLcTKzFYwkwo=,tag:1Z8+UbeDOvTxR80b95KumQ==,type:str] -CROWDIN_PROJECT_ID=ENC[AES256_GCM,data:THoNz661,iv:Ixd0D9tnpEWd2yqZui1HJQEO/h7YsAC1R9Vjj8OHBjA=,tag:wfDHhzaXLD3NwY5zDj24RA==,type:str] -DOCKER_HUB_PASSWORD=ENC[AES256_GCM,data:jj92OOVMtsagOXQ=,iv:r/u8M70PspZMFCbi8a3FvuCDtWt+9YGArPNHZRpHA+k=,tag:WM3vzVkuQZVdHa3wh4satg==,type:str] -DOCKER_HUB_USER=ENC[AES256_GCM,data:btdtLdLApQ==,iv:y1o2zwyzusBS6JiQSEtZwS2zctISo+UgAFhyZ53vbKQ=,tag:ZLkMJydgjMBmbbKq979z7g==,type:str] -ARGOCD_WEBHOOK_URL=ENC[AES256_GCM,data:0TnoZv7vQI+8MZ/7EITx0Mvez66G6BcCzw+Mic+NH2qh0BdZBH8ynkYBleKw9V6TbucgHasa7duL,iv:GeE5tSpjAndThrXrzz8Dk6ah9Bxv6JQCJmKAfsToDi0=,tag:O2pIhA0ge1xygIv0izSMxg==,type:str] -ARGOCD_WEBHOOK_SECRET=ENC[AES256_GCM,data:SrdWdV24lGztyUnFXeOYGAhqTErRFakIm7hBw8n4NKW6ll6AgeZKY6w7pbvgFknQ+NlRd/EK7bYk7CZtPDGU6zM=,iv:IkWxnTWrvzWwNh4RSt3N7iPHA7K7jkzSHa4CHptxxvU=,tag:XFVYBRsuDF/La1/8ADQ2jw==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESDdJSzBaaVlEbHRjSlIy\naVoyY2l6RVVqVXhOekV4NHdHQjV6Q0IzSEJNCk9JY3BFQ2tFWXBZVFMyWTJUYjdz\nMVdheTd4cjhFREl5MmNncmlobVNyUUUKLS0tIEg1MHBsV2FoRkFlN2JoNlFuTFFS\nNG5yUXZpQVY4Z1FGZmVLUjBqQWhSQTgKfT7hD5LVWg2NOrdyeIiVt6BX/4dt6fpN\nyydn2U0yxMg9fUZ7KkixAaWpChL3rvi3OWM07h6EdsznTwehLiMFTw==\n-----END AGE ENCRYPTED FILE-----\n +SOPS_PRIVATE=ENC[AES256_GCM,data:FK3PweZstvwslF18oRQNnqY2vTAdNNBWiTxRpuULnRnJbtyeula/MU5E08pImMGDvMXZulOgbmuXUHrKb31P6HG2Cz5MBFGhqU8=,iv:gYCDkAtBe1ldjSjVV/jDFYJTceqODpDRr4TRE9pxgb4=,tag:U7B3L4+SOoxVLBGW3GtrDg==,type:str] +CROWDIN_API_TOKEN=ENC[AES256_GCM,data:r0niJ4YBSb+s2Fg9EXkqgegw8JeQIwu27pfDTndjhbcVZW0/tihn5IZjercX3k8TpOuzPYei8k0JtmnjfBMi9NY3pYr80YCWDzUGqUKubyw=,iv:fF7SzhfsoiF53xdMm8BdPy668nYWBTA4r2aIfhUAd1Q=,tag:HskvnLyy5QTQnDv99Jmr1g==,type:str] +CROWDIN_BASE_PATH=ENC[AES256_GCM,data:jC8utvhuMmQ=,iv:VmHB9DX52YnGGWZEm1hD+zeUffypsAhwQQpox4t5png=,tag:cbQ24lWq7g33fJduMgmvuA==,type:str] +CROWDIN_PROJECT_ID=ENC[AES256_GCM,data:xz8mo2fB,iv:FcsLzOVUxxhcibXiIubIhtbdjCUXiIQpuGdBdNpSE8I=,tag:CNKUYvSlok0WFyFaKXR5QA==,type:str] +DOCKER_HUB_PASSWORD=ENC[AES256_GCM,data:R9ktuIb579tbe+M=,iv:nmn3wlOc88VL4kGyKLRIRIuVqUu8BuWKtHUjjex+zRg=,tag:fGNtJmMB2iHVGMeLBz5RwQ==,type:str] +DOCKER_HUB_USER=ENC[AES256_GCM,data:LJzr2mftjw==,iv:iwFvXHttIyydyNU11ZZH97oBp/DwTn5hlLQl7CqRWa0=,tag:qntAkpeNG/wOZim5K/8w7A==,type:str] +ARGOCD_WEBHOOK_URL=ENC[AES256_GCM,data:+dzTPg4mVqDLu6ac9xf2D4eccaKIvAosBBXpwp+QHZwTEeWGNm0GRaVzOx0gU4CjBNU9og0buYdi,iv:mhgVc5dBh1A1TVisGe0c/MO4EnXSb0ZQ2NL85QJzwaI=,tag:cT6Sa/GRJ94ss7yiL9pH2g==,type:str] +ARGOCD_WEBHOOK_SECRET=ENC[AES256_GCM,data:meQqbpT5gx5K4fW/WWmIQ9vlHjrQsVfGbdiVWm8YZf6EIm9xHWmTcflYxBqfvgWWen84NKWqt0uzl3+m1eDnLyE=,iv:wyIp0baJsw9jFu4z09xirr6qSpxK8aO907SEvce98/U=,tag:FaW5+x7r+fj3R9yq8ataTw==,type:str] +ARGOCD_PRODUCTION_WEBHOOK_URL=ENC[AES256_GCM,data:9xN9mA1JSw0L2wYxpVfG3uYiLPGo+OuziZTQ8PAMy3Cd+AmDWXcT0AInbhBMQsw5Og==,iv:8mW3YYhXmP9EqA25jwevIT4ccUxfgJU/B17XBasl6Dk=,tag:EMDk1YQj6eEinoBSgRo+7A==,type:str] +ARGOCD_PRODUCTION_WEBHOOK_SECRET=ENC[AES256_GCM,data:Y3pRbqpxtZOJi4VfRRx8WIZKJQuSaVePG0b1kmZ2UxWhfumFsvll91blpZQQIWp42AEgJhUfFz7lgGXtNZc=,iv:GBG4AYYEo50H+GC6Auzdabsj9XGMKStKp6bfqy0iWkE=,tag:qpjnB/K3Glq/Dziav6OXqg==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMkZsNEovb2xpWjIrdUpG\nUzArWFlLejB1UTBDTHNJOENybzdRSHBkVVJzCmdWeW1VYUtxejBaWkhvMjEySFNm\nWmlJZWVVMVA2azJhUlBXZ0VrbnNsRGsKLS0tIHhTU0hFSmVnWW9GZE1UVGZMUDVw\ndE1RdCs2OEh1U2Q1WjFkYVNDOEVYQjgKxHI1W+DT2yMW1+0QUNDVdbeo6IvRVEig\nK1WrTM1VAmsji9xuvJQW9uKvYxmHo7OFZzkkNTbmLcJ4wBSNYilh+A==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x -sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJa3EzbDJBeHcrUE44SXpM\ndlVheHdxc2I4ellwcHlUQkhWL2NiMFpBYUd3CmJxZUZhL0tZVkViQTZFRVRFbndC\nd2ljZUJxczZqSmdqcXlzYkZlZ2t4MTgKLS0tIFFmbHE1NXpOYlRnb2wzSTRVbTQ4\nMDhTNzN6WHovMXFhek5pbXZlMW1PdEkKJlydhV9Es+y2ngMwZMGnuF+JnEV1TGZH\nkWoBHxTSA7WEgwnhGaCe7kuzXrvv2ikrV1Ww7sN4wmqfCGC2sdkPBQ==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3OG05S01xK2J5aklEMitF\nNEtYbSthTVJHMk1oNmxkbjBvUkI0a21heXlrCkNPNjh1ektYYXJNVzVBMWxWKzB6\neHd0blE3U1pQdnpXbVkzZGVOdnh4aFEKLS0tIGUwSmdoZWxwNTdiWDdER3ZNU2lV\nZklBdHVERVkzcHZaZWdoM3pLMHBzSDgKTL1ipaUAFXOtGSu1g+pkfr+W3NlJJXcy\nl/yzxbLzPv2MSR09ZUFS6Km97/aTQDkCodt29paHEvRUDhR+oYCDVg==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_1__map_recipient=age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 -sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZEpFZU5maklnN1N4S0kw\nRGFNYzBGR2tFT2d5VzlRYU9NUWVvZld0REQ4CldvTlFtK0RFU0tuNjVhNEM4VzlC\nWjJhUEZVY0l0T05yNVBabXNEdndlbVkKLS0tIGxxdEROcWxpSHczMkN0dkdicnVZ\nT1BXR1hSa2l1SXdYS3RoWWh6NGdWSHcKZJd6HYESjLomY7/S9+eCCN4cFXERipNl\nWtOVZXlufN5BMxX8n8TlKS34oD1t6/CMaZZdmp2SHHslipA+CGRZ5g==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUHRTUkpaaFhZUm1tUFRU\nNU5sZkozcHowTUdoejV5ditibHc1T2V6M3lNCit3OS9TeUx5UTZOTFVibjRaaGR3\nNlQ3WlhKZUNzaUJHNWVLajNnZ2U2RnMKLS0tIG9qdVNFVE5jOHAvSWcvcnVla0hn\nMlg1YTg2b2MreE16Qy85R09pa3ZxbEEKoPB1pOmc5FmSKIwQ017l05Lm+LoNH2KC\ndxSUkmw7n1tVkPKGtgbEcoR04mMm+4ANdXNetu3Goih1bvtjgWvUuQ==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_2__map_recipient=age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg -sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzakNpcGkzWlp6NWt1NFU0\ncmhFek1DTU5YS1MyYzRoOGJ2RXdjRU5WcEZBCjN5eUp6WVh0YmdNMzdHTUNJTVZM\ncHZTY3pxbHd0TmhSWmQyVndZS1JjZ00KLS0tIFNxYjZXRHBKbjNxVitQaGlKQVh0\ncHAwbzFyL3hUVmN2dVNQaklIcXZKQjgKr4IO6BoTFO7Km9V/h8tF3UNRCGUXymIw\nnQGL0ZDyIQw7MMBQQ2mksYPSBTFmaejbSd29UkhVnYFuCjJ+LVmX1w==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjaDVPTVBFVzVxU3JPc0RM\ncTFlSUVzUXpKKzFyTmQweGNITVZFNUlheENjCkxtOU5QTGRMRmVRZ2hrQkY5SXM3\nTmZNU0NGc3VSZ2xOZlRIaTBXOSt2TXcKLS0tIEQ0bVhYSml0eXFLS2lCOFMxWGpS\nWE1tRTFDektsRWVYSHp6eTF4MVJQU3MKfskxXtc6JI86/xdjMRsVTmG0x+jLx/tq\necUbexvI56TOVFThd1Iv2QYnfD48OVstpH1QEpM42XQTRLsrj07gPA==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_3__map_recipient=age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 -sops_age__list_4__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpS0hNdDk2Lys4Rk9nVlV1\nWHVwOHcxT3RmZkVSMWh6L0M1bGRrNEt3c1M0CmdseVlqaFZYZjd6KzI0ejdDSG55\nNkFlMGpiOFhMZWtKYkVodGpmUWRsMjgKLS0tIG5ZbVFadk5XVlREZFFEcWNiSDhw\nVnh5b3BURGU4bCtQQzR3b3hxcXdGSlEKBw7E/umovQnucE4oYeuoHFlEtYBMVXPL\n6YjZzBpBxJ+4kZpMvqsXzowQ7ZDEods9pEcuJmHqxrRpLeOrYrykTA==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_4__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1aXh5eTVZR21TNlBIbmxO\nR0FPNXlyNklucFNwbng5eStmMlNCNi9VYTJrCkZsejJqNmtxRmJlekN2czg3ZUls\nVTdKVWd2eWtpQUdBbGUzYWR4bXYwVW8KLS0tIEJnS2hDQU5CM2NVc3RsQjlZL1FE\nVGYyYWJ6K2gydVFCbUhYeWNDN2RiWjAKHD7/sZFiGD3+Xz5O/Yajb/gEVREWQB/l\nAsquVroBF4A89QUgbjZSYsHJcWuZ4JZXBX7fGSZwio+8+nhjvy+EhQ==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_4__map_recipient=age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw -sops_lastmodified=2024-04-03T15:36:15Z -sops_mac=ENC[AES256_GCM,data:1v44C4K4YjV1m7tZKRgj8SiDamdD+L4p3TVwwOl6+05KCOh2uH2ohH+5MH7MTFL489oqaadpjBQfELSJ8h/4fN5MT6+Trbtk5QFLv4moLZx1tSCE1Tuam2cicFem2mlOrxb0pK/tU1qzCLvZke3yvFmiJEa+92u7y96hXM4VR6Y=,iv:23T3Tl5DvRH8zvef7ftbr5GWk+YFfLCzZ/eEzqjMKXY=,tag:TIch+2911w5qleXo55zM0w==,type:str] +sops_lastmodified=2024-05-24T13:55:45Z +sops_mac=ENC[AES256_GCM,data:gJViDK19UzUaOT+3b9cUJ+634dgzSkamqcj4031pyhrjCVb7FtRu2B8T7vpZObY3dB3mSCtfJKzKoJRhCjYDTd8YdASIOJyep+6K4JSWvKtliZ46syDQaSSTgPx7WaeLzVRpEpBq0adt6ngKTttbhIvhYZD7Kc3Tz3TcMCmEQhg=,iv:G9tzca7nZrBCNowEYpUkAiraVGxUv2732xwXCizJ8X0=,tag:yYt3ppmVYR+lba//lRNpdg==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 diff --git a/src/helm/env.d/preprod/secrets.enc.yaml b/src/helm/env.d/preprod/secrets.enc.yaml new file mode 100644 index 00000000..d9a010ee --- /dev/null +++ b/src/helm/env.d/preprod/secrets.enc.yaml @@ -0,0 +1,62 @@ +djangoSuperUserEmail: ENC[AES256_GCM,data:H1jUBjaAYNQyKTx+zB2PQkhQmTTbEcI3eKlc1hM=,iv:NybOri6oWGyPGOkLqumTuWOjWxd3EbgyfEntO1fj48Q=,tag:WbV3r01/D/vgp7oZ2iEauw==,type:str] +djangoSuperUserPass: ENC[AES256_GCM,data:xphbGcEf7V8LUvAkOg==,iv:3lUDI21WUoDmTSKN4X/i39XQPTiL2SRfpeDYVzgEtCY=,tag:2F8Llk4DNVdN+VlbmYxtaQ==,type:str] +djangoSecretKey: ENC[AES256_GCM,data:otw8d6DxHmCYI7NDjG2/8LuHw7opYxA/a2YJRFbRI4q6k5rEm3OZQXhY+a65CjXsLmk=,iv:0LTA6FDXIhOquOhFl3ccf1jB3MM6SMpJZjPc10IH1JY=,tag:s+qHB6EVy8u6LN5joVncFQ==,type:str] +oidc: + clientId: ENC[AES256_GCM,data:8bKg0t3yX7c+yQLxwsS7MdOBjBISQOg7YJqJA45O+BPaq0cN,iv:mIc64r5yG6tZqs8KALtje1OePaHrw0NIrI6wUyxgiho=,tag:xSiJaaZjXrPrpFTrd4fDHQ==,type:str] + clientSecret: ENC[AES256_GCM,data:PyfBgnuhbOzHH9vXoEcofipo+LkSJD/NVv0tNqyn9krWGCmkcIpKoE5PwN0psabJr7OMM8wgdIq7dQOwbo7qlQ==,iv:DJygUtIoMTa/X53pd6J//3eZbeBLCI8cmovjhXyqhew=,tag:O2Cs6Ro6SGkBvJkJArWr8A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTK3JVSUowZUhRemtlbWly + Z3ZEZ203eHNPTTV2dFdnSktiQ0dMcG9ib3pJCkpTSTlIWnFwNFpWRXQ4QldSSlRY + dFJGdEUxTFZ3QUNpQkJXSWpjNHA4MU0KLS0tIFdtSkpoN0h0TEFQWXJlcDgwcVln + dEtiQTh6ZlMvTTZQOUpIaFR3TFJCQk0KaO3OyygbuCWIuFNy8qE5KyePaSYgzdV9 + 2tOss1evqVR9weI7eH9Ir3bqIyLIPPdKAz1iyEVusI1Ah3SBv5CgEA== + -----END AGE ENCRYPTED FILE----- + - recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Q2x0WjltaE51ckpTaTQv + WDVjVHhKbWFDdys0Ynp3ckdFN05NYzNmU2dzCjBMRXE5YnBpemJGcmlsUHRJQ011 + eWl3TGlOaWFQOE9ZOG53UFJHc1pMTncKLS0tIDJIZWdZOE5wTTc2Unl3dEc5WGJv + ejFxeWVVT1NBYWdQYXViL2V1L2l5ZTgK80dqSiXOlokM+aZ429qbsgzrfOxVd3/y + XHSyBN9kTQxR7Dc62B6ynsVbpVXNtrIZ665hoZenG3JGHvbQ55b6HA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyLzlNdkFlWWEwamEybUVC + amlVZm9mL09haktlWkg1UXNLODA5VUtuTUFrCjlGN3JOVnlyTmppQm1ud2k2QStN + T2NJSCszdTJXb1FsclVOdTh2QUJOU00KLS0tIDBVaEcycXhuWlNtYXVLSithaUZp + V052NFpsNGoxZlRra2R5TzVIQ3JKYjAKMzf80YaXkzsl1FtS2w9KDXk/vNO3fP6L + YvJDA2hXap1FyKRFV9cM4NsuxY9ELlsfhduxhH3a11YH95ZTkhs9aQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSkZPd3lYZXgxYityVDE3 + ZDFmQU5lTTFYMDRJYnRNZFVqdDkvTmJ2Z2xFCmR5SGRzd3FqckZKYTR6QjZUY1dI + MTdWWXY1bUlpLytWQVVZdDY1dmRiK2MKLS0tIFFaQXY3K3dMTWo4RnF6VjEvRUd5 + UjhkaXpVMm40ZmFBSTYxWUp1ZnBrdFkKhHW1f9liTP4j3wsejMqHCFujbUquhuFY + eADVM66fkjyjQMmzFtneBCJMJ0e+LHoMUMVDO2a3SaZYTaRj/ZRvLg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYalhTWlhocklJN3N0eFBC + c1FjemZlK3cyMWxrbnpEWnp2Nlczalo4RWxVCmtvU0NKdnU3Tk5JdTJIUUhuc0dB + UlBrOWtCMlM3SW1PdEVlM0ludXpicTgKLS0tIGVWVHdXNWdOSENGZmFvNk50bENV + QnlsM3BKYTRFMDJqa1kxL1VtMHlsT0kKiJCMZLjdnIkLZxaZ3ecCxNsirnHApgi1 + jgJZWXFCgjAVpuaqDfH2taElVR9Bm9ATjKjQPlvYZhguHdy0iJh++A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-24T12:41:08Z" + mac: ENC[AES256_GCM,data:QYNpy3qpYJgcLShlr0nCGG6XJz8BTkIvSvuGbh2mxO/W+0SlTbsi3hwqpXW0zoiPMy/43BBqa9Vs0y+l+kYLE1A8rRuv1+EljvzDZfvPfwZ+L/mdNNiRExtqbjmaTShKJqqklz8s2k4OvEA6ZI6QCiB7RIb/r6zl91/Yc7BC9Pc=,iv:1jOy/rnFA/Lf2QG7RDXiPbdwT04JdOiB7vHBAFBVGm0=,tag:/5U1/DJA10+4jzdecQKiNQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/src/helm/env.d/preprod/values.impress.yaml.gotmpl b/src/helm/env.d/preprod/values.impress.yaml.gotmpl new file mode 100644 index 00000000..59374322 --- /dev/null +++ b/src/helm/env.d/preprod/values.impress.yaml.gotmpl @@ -0,0 +1,140 @@ +image: + repository: lasuite/impress-backend + pullPolicy: Always + tag: "v0.1.0" + +backend: + migrateJobAnnotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/hook-delete-policy: HookSucceeded + envVars: + DJANGO_CSRF_TRUSTED_ORIGINS: http://impress-preprod.beta.numerique.gouv.fr,https://impress-preprod.beta.numerique.gouv.fr + DJANGO_CONFIGURATION: Production + DJANGO_ALLOWED_HOSTS: "*" + DJANGO_SUPERUSER_EMAIL: + secretKeyRef: + name: backend + key: DJANGO_SUPERUSER_EMAIL + DJANGO_SECRET_KEY: + secretKeyRef: + name: backend + key: DJANGO_SECRET_KEY + DJANGO_SETTINGS_MODULE: impress.settings + DJANGO_SUPERUSER_PASSWORD: + secretKeyRef: + name: backend + key: DJANGO_SUPERUSER_PASSWORD + DJANGO_EMAIL_HOST: "snap-mail.numerique.gouv.fr" + DJANGO_EMAIL_PORT: 465 + DJANGO_EMAIL_USE_SSL: True + DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004 + OIDC_OP_JWKS_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/jwks + OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize + OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token + OIDC_OP_USER_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo + OIDC_OP_LOGOUT_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/session/end + OIDC_RP_CLIENT_ID: + secretKeyRef: + name: backend + key: OIDC_RP_CLIENT_ID + OIDC_RP_CLIENT_SECRET: + secretKeyRef: + name: backend + key: OIDC_RP_CLIENT_SECRET + OIDC_RP_SIGN_ALGO: RS256 + OIDC_RP_SCOPES: "openid email" + OIDC_REDIRECT_ALLOWED_HOSTS: https://impress-preprod.beta.numerique.gouv.fr + OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" + LOGIN_REDIRECT_URL: https://impress-preprod.beta.numerique.gouv.fr + LOGIN_REDIRECT_URL_FAILURE: https://impress-preprod.beta.numerique.gouv.fr + LOGOUT_REDIRECT_URL: https://impress-preprod.beta.numerique.gouv.fr + DB_HOST: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: host + DB_NAME: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: database + DB_USER: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: username + DB_PASSWORD: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: password + DB_PORT: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: port + POSTGRES_USER: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: username + POSTGRES_DB: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: database + POSTGRES_PASSWORD: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: password + REDIS_URL: + secretKeyRef: + name: redis.redis.libre.sh + key: url + AWS_S3_ENDPOINT_URL: + secretKeyRef: + name: impress-media-storage.bucket.libre.sh + key: url + AWS_S3_ACCESS_KEY_ID: + secretKeyRef: + name: impress-media-storage.bucket.libre.sh + key: accessKey + AWS_S3_SECRET_ACCESS_KEY: + secretKeyRef: + name: impress-media-storage.bucket.libre.sh + key: secretKey + AWS_STORAGE_BUCKET_NAME: + secretKeyRef: + name: impress-media-storage.bucket.libre.sh + key: bucket + AWS_S3_REGION_NAME: local + STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage + + createsuperuser: + command: + - "/bin/sh" + - "-c" + - | + python manage.py createsuperuser --email $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD + restartPolicy: Never + +frontend: + image: + repository: lasuite/impress-frontend + pullPolicy: Always + tag: "v0.1.0" + +webrtc: + image: + repository: lasuite/impress-y-webrtc-signaling + pullPolicy: Always + tag: "v0.1.0" + +ingress: + enabled: true + host: impress-preprod.beta.numerique.gouv.fr + className: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + +ingressAdmin: + enabled: true + host: impress-preprod.beta.numerique.gouv.fr + className: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/start + nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/auth diff --git a/src/helm/env.d/production/secrets.enc.yaml b/src/helm/env.d/production/secrets.enc.yaml index 71780889..eca9c955 100644 --- a/src/helm/env.d/production/secrets.enc.yaml +++ b/src/helm/env.d/production/secrets.enc.yaml @@ -1,9 +1,9 @@ -djangoSuperUserEmail: ENC[AES256_GCM,data:m+NiMlUXrTyTgi9P9s5K1Kgh11w7Vjk1YpPxPZzgp38=,iv:mFff/stfKLgoSlf+K9WwDoZ5tYDZEqNwYUxf9QuTJE4=,tag:DTEl01eR2ATj9TRR5Dn2RA==,type:str] -djangoSuperUserPass: ENC[AES256_GCM,data:fNyk7zyNbsCf9CoxOEpn/bBVnRx8,iv:ODKdG754Qsf1udLDJo8aSQ7IVq89NTnEEOcLlryWrRE=,tag:Gqr2zGbpIZf6OiH4/2dj9g==,type:str] -djangoSecretKey: ENC[AES256_GCM,data:EjjuNq1DqqXu70AhhrK36SaJ9sw=,iv:FQ/nYB/Otp04qdMV6NqnRgLHRqJ7bk658MZ0eHK0+a4=,tag:a1i5k4PZ4qX6LMJtFVsawg==,type:str] +djangoSuperUserEmail: ENC[AES256_GCM,data:N985+amM7QdZ89YOeCEFvwO/aFJmO6Z6thknPT2ncaE=,iv:AqQuXE6EtIrASdHyEhTzYmM2gUrz1N4XFdPsy3OJHz0=,tag:sF3H2JxFbr4yq2+AkSXM+g==,type:str] +djangoSuperUserPass: ENC[AES256_GCM,data:VRPRDysrsHT110GZoijW,iv:dMqFmz4jVC4J0g2xsFD/gKePpKqje9ab0Ugyho8TCfM=,tag:FylXCjsgUK3IQIG+ROjOcQ==,type:str] +djangoSecretKey: ENC[AES256_GCM,data:PcctSlUFDjOlSgh8iSb6JOq4wqr3qDeVs6ew9+53,iv:b0llP1uZ8Mh4WtJ2dUMreA9uE+8+qe5IkYn8uCIP2gs=,tag:kRZUSXvLO5bA0jCQM2GxTQ==,type:str] oidc: - clientId: ENC[AES256_GCM,data:lsybigXVABEzh/ii3bydX6EvNUKK2Hza0J8T5xvG2Us6tN2D,iv:sk0vuH9Gnkrz1Qmav0R2Vw2ov9UwHNKPFnZhIyLw6To=,tag:EKSziVRCm0yOfxgtvjGZpw==,type:str] - clientSecret: ENC[AES256_GCM,data:jlyIMvkRorq+s/XXFfKTd+aeI+tjaX+5UPFA09LX04qj7eSBfmDMEjDPw/RsXHbtKiqPRaQA6efKdMzDPPgGTA==,iv:jEoZa1e7cVffN9Oojj8Zz3clh+4+Hs0CQ7Pn3+kSrWU=,tag:BpNdhJrTOd6pkEAvafVgyw==,type:str] + clientId: ENC[AES256_GCM,data:qgyrML58jGGW4xAD+1pzOBF5EadwYTvDahEquQgoeYIfd7X7,iv:K9KqcrOc+Sfo1KCDYQZmDGseJFB8soG0ulp0ucsQLG8=,tag:GYd3tywb8Row9EzJ8RkWqg==,type:str] + clientSecret: ENC[AES256_GCM,data:Kez5KFNe8s0yIg+rcFGSsxxzPJubAmwGfd3pzi3Er/yF4D983kE8bkHWPd5d3O5UMr779bGcsG+qeY0S9AJ8gw==,iv:bG6pDYz0QS76cvCRUCp2p4BsyE/mjp+897oW4jxAoak=,tag:HpUbfUxzsDBM+VznBTJX7w==,type:str] sops: kms: [] gcp_kms: [] @@ -13,50 +13,50 @@ sops: - recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqcW9vRnNTSzNMdnhNa3Y0 - KytNd1pMaTdhUmdqek1JWFQ1ZHNpQ2tyTUFJCncyTjkxbWdqbFU0UVZZN2JpUkh5 - MWZjQzRLRUNSdEIzU01xZmo4VWJNUGcKLS0tIGZ6RUZpV2RnMnhKWEl5amdsakJS - RXRZQ0JTR2xWOWtmNlRBVXpnaDVSdzgK/M75CMrIhT1WT21M52/LjmgaN+8ty1t3 - 6qmLPXBucl0MoX915/oCatNJ3KU5fMNaZrZ/bYS1R/ThVxsp3h2q/g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VlgySmNuWjVrdmxyODJK + cWcrVGVDM2IzS1JERllEQ1dwR0R3UklxUGlJCjBHdkQ4NEVFNTUwUWt4eXE5Z3Fq + SGVBb29USHAzRXdZN3ZJS1pyVWJZSkUKLS0tIHE5UWVKbGE3NHJ3dWs1YUFzaS8r + RXdmaG1SZzMyYk9UVDlNMDhXM2Rnd3MKWgsYrP5q2vbtMmZ8S0KpPPzjm1QGPmAK + z+TddmJ3KVVyiwcRG262Anq2E/+zCSJICxMEF60YnjYHPdxTkCDLuw== -----END AGE ENCRYPTED FILE----- - recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKUW44cXNPT1M3TUJnYzBP - NkwvUVM0aGNpdFl5eDdxclZiQXF3VS9QOXgwCjgrL3lWMWxBaW1aT0NTM1BUTElo - SVVJd2RLU0dEZlNJcS8rbm5TcDZuVjQKLS0tIEdYRlZCYjVTWDhuTTNPNk9WZkNI - Rkg3eVVSTEV4M2QwY3FJTUx1Z1lEZUEK6sIJCpFOrFf9XspRyV1alvi4TTczIAos - IncTCQtr+MhOC37EdIrXUKBWFJ2LCIBrYJkdpcxpDhFr0Eo2zEFuXg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOanh6MkwxVUlSa3ZDVVhN + QzI0MkYwZ2ZNSDZSNHBqQ1VJVzk1MnVIem5jCnFBUXBVVDZ4ZDAwM0V2OXd6MTFU + eWRac1BoK2h4ZmVYWlJlRElqbGROT0UKLS0tIFpXK2xNTnVxODV6TjlTd29Fc0Rj + VnB4bVZvZnU3TEd6NytacGc5OG1yUzAKE10zsCu2KsK+akHMkIIheSjS8Mdmikbv + oLqf06IkB7Pr+jmUF+HO+2vPFdK+C5ugeu8j7plTbflWizYQYPeDzw== -----END AGE ENCRYPTED FILE----- - recipient: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMHNPN1Fuai9NUzRROFk2 - RGVpNVBjazI4QTQ1clFvMXlxb01oOHpMR1ZvCmRDa1dqSjdxdGlKQUZ1UGxVVnR5 - K1E1WUxUMjI4d1FLWlFYVmJUelYxT1UKLS0tIHQyVUNnYVpoRkNUUUxidVBOYkRI - NXFleVlpKzl4TVRFMTZRemJrYmpmVGsKfYgxd/ejE5AQVx3u+1u0c7QLy519c2hf - Mrk8+uM1OVOXyYslMEwj40HW/sb6yUzkz+kcSKotDy8ZEHu6WzaCbw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0QUpSK1R0bnlCai9RTzEr + ZzZJbWdFdmdINDdOV1Z1SFlUdjNHNHpHU3cwCk1nS0xrL2pvZy9POGRqZDVubjZy + dWFPRjdyd0pSdEt2U2tRaVZzL1JGL28KLS0tIGVyZkd1R0w4Y1FFT1ZVLzZseng4 + ZVE0dXVqTWVuNk02WHpNUlp1RUFhUFUKG4HV2XncM+YTG5FQc3jA4YUs07O+kXjW + s0/wBXqIR4cpvj+xvi3OY/odGAq76Iy+RHJmwcnJ5tJwDq9IrYTCtg== -----END AGE ENCRYPTED FILE----- - recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYK29HR2pVVW5LUnRBZkZs - WlpZdlRXbkRuUGRhODFOcDYzc3hWNWtBMGdJCm9tS3R2Sk1UOXNMN0lQS0Q5UUdN - K2thQlp6Z3p1Uk9qUCtUWGJpWVhYVjQKLS0tIDBwcTRFdFRMQmpGQ0JBU1k5d3Er - N1lFdmNtVG5sKzRoaTc3cmU3T2Mrdm8KknJBCHMdiyOMRymNti8E7xLW/3P+ZLOx - tadj5YD42WDMMTLrMCaQ3HbcnoC9Bs+OJ6Nqy9owiHtnvM5nGkkopw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONUVna1NDMXNZalpNdUlQ + ZkpmOCtUVmg2SWlHZUJJaURrUFVydFRkOUc4CmViZXdQT0x4K1N2dHZVQm9LMW1r + LzdkREdhSFdhSmkyN2pVMlBZQjhreVEKLS0tIEJSdXo0YW1FWGJpUmRNbDF0WkpF + RTAwZXJFR05ob1ZpdUVnc29USHhIQmMKflq3jyJc2MDRq9Pa4HP25wkyBFctV4q4 + pcMM680vUv1v3g9NERM6GGx1d3GfZS0m/g3kYM2DduyXLmYfVZu2SA== -----END AGE ENCRYPTED FILE----- - recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVb3JOT0F4elBNeFZOcVRo - d3ZSY3lIZm5JUVZoVnhyeXM0dDh3UzlRdWxzCnlGOU1ORzdBSmpFeGZPSlhTUzh4 - N0p0bzlZZ3ZBZG9sKzhiOVl3Z1B4TzQKLS0tIGs3a2xRR0NPWTJvNTFBUGdoRG1z - dnRuVnlkK0N3Q2RFbEpYWDV5WkZQcVEKVR9Jb+hp0lN/AkYt5cCWlNAita+mfMAG - WvEUMEsDUG/ziRr1vQybh+4W62FQo/nvFNQFA63aNK0RHHIv32PR0g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQbDVBUUdvTjMrRDJHK25h + OVRjK1BpSlRCM0NYekRKZ0ZuSXAzT0U2UG5RCnpSU2NRQWJjVWttQXBEM3hHUFhk + UmkxUG1mZENUNm51K211WnRHTVZlQlUKLS0tICt1a0o2aXlSTXdma2paQnNwZVNs + eTkxalhUQm1OZ1lBSmVzYmtXOG1TMFEK2yaVOVuPZ+07KSA0VB4EQbuewXJkcdjm + IHzP/kAkC7g7cvfBmAGlp0E0DBhrZK8hfWW3G9Kv0/BOXA3+QVaBng== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-21T13:04:00Z" - mac: ENC[AES256_GCM,data:SU0DELUktpCpZXtfFnbTRzv3uvAZUOYQHZ86j0zUId3K9JqrbuhJPloosl7iwsMd0IXB19VXIQFgnXWvv1aBj96Lz5JRGaB31lLsWCEAK7iALQhUMO8EUsLVIDIn0c4g1ytz2EAI+tInSbcKrwQxvO00Nbqouu+MJpWESCkK9EQ=,iv:3xXOjSqi/swTQwDSMn6+w6B7U+oB6A/COX8uRZLjxNM=,tag:+p3UvY9y4LVGVK5DXoT73g==,type:str] + lastmodified: "2024-05-24T14:41:41Z" + mac: ENC[AES256_GCM,data:egmz6AP9kquUa+gKnYkV73HmW5ixQrGKL+veoumbogWv7ghnV+9F7MLLJCjx1IyMy00406QTxrbkAXKQ76G1MhA5eF0F8G5PZ0Z4b8SKHONmXWcGpNGWb9lZ1WFbqozjP/EBQOwjieK76DYCar7xcec6H5niy6BDUrO08mEvpb4=,iv:beE/KbWuFvg/YHxP5ca8jhqmtnsQT+UsweFEU+ZQoiE=,tag:94kzwI1HX8h8VcmqGI6TaQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/src/helm/helmfile.yaml b/src/helm/helmfile.yaml index 6930686c..2e0cba8a 100644 --- a/src/helm/helmfile.yaml +++ b/src/helm/helmfile.yaml @@ -70,6 +70,11 @@ environments: - version: 0.0.1 secrets: - env.d/{{ .Environment.Name }}/secrets.enc.yaml + preprod: + values: + - version: 0.0.1 + secrets: + - env.d/{{ .Environment.Name }}/secrets.enc.yaml production: values: - version: 0.0.1