From c6b8e47b29015035e90902b93d3e0dde0075e7b1 Mon Sep 17 00:00:00 2001 From: Jacques ROUSSEL Date: Fri, 15 Mar 2024 16:04:57 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=80(helm)=20prepare=20staging=20deploy?= =?UTF-8?q?ment?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Thx @rouja for your help on deploying Desk. This commit slightly modifies helm charts and helmfile to prepare the initial project deployment in a staging environment. @rouja updates: - added secrets files for dev and staging environments (dev's one is empty) - disable ingress by default, to avoid any security issue - added an extra chart to benefit from Indie hoster Postgres operator Thx to this commit we deployed a first draft version figured out that the Django session were broken. We are using a cache session engine, and wrongly configure cache backend to local memory. Thus, Django server is not able to resolve the session, and enters in an infinite loop to log-in the user. --- .sops.yaml | 4 +- src/helm/desk/values.yaml | 2 +- src/helm/env.d/dev/secrets.enc.yaml | 66 +++++++++++++++++ ...lues.desk.yaml => values.desk.yaml.gotmpl} | 1 + src/helm/env.d/staging/secrets.enc.yaml | 68 +++++++++++++++++ .../env.d/staging/values.desk.yaml.gotmpl | 73 +++++++++++++++++++ src/helm/extra/Chart.yaml | 5 ++ src/helm/extra/templates/postgresql.yaml | 7 ++ src/helm/helmfile.yaml | 19 ++++- 9 files changed, 240 insertions(+), 5 deletions(-) create mode 100644 src/helm/env.d/dev/secrets.enc.yaml rename src/helm/env.d/dev/{values.desk.yaml => values.desk.yaml.gotmpl} (99%) create mode 100644 src/helm/env.d/staging/secrets.enc.yaml create mode 100644 src/helm/env.d/staging/values.desk.yaml.gotmpl create mode 100644 src/helm/extra/Chart.yaml create mode 100644 src/helm/extra/templates/postgresql.yaml diff --git a/.sops.yaml b/.sops.yaml index 2b8570f..1311a4d 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,9 +5,11 @@ creation_rules: # - Anthony Le-Courric key-id: age1g5keveae6zhn059e7cxkjqdz4v3u47ypejv9ujld65nwh6d5pd9qfm0ecv # - Antoine Lebaud key-id: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 # - Marie Pupo Jeammet key-id: age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa + # - argocd key-id: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw - age: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x, age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7, age1g5keveae6zhn059e7cxkjqdz4v3u47ypejv9ujld65nwh6d5pd9qfm0ecv, age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3, - age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa + age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa, + age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw diff --git a/src/helm/desk/values.yaml b/src/helm/desk/values.yaml index 15d78e8..6ce2b27 100644 --- a/src/helm/desk/values.yaml +++ b/src/helm/desk/values.yaml @@ -30,7 +30,7 @@ commonEnvVars: &commonEnvVars ## @param ingress.host Host for the Ingress ## @param ingress.path Path to use for the Ingress ingress: - enabled: true + enabled: false className: null host: desk.example.com path: / diff --git a/src/helm/env.d/dev/secrets.enc.yaml b/src/helm/env.d/dev/secrets.enc.yaml new file mode 100644 index 0000000..32a20f7 --- /dev/null +++ b/src/helm/env.d/dev/secrets.enc.yaml @@ -0,0 +1,66 @@ +empty: "" +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyTjRhME5rSXU4bGlzVXBu + ZS9WanpqRU1zUVJxM01Ld0NiYVR1ak5OZ2dJClRSSTJNSTdoTEQ2UzRVSlhRbDRx + NWxId2tsbUhFd0lOUUY4dTJTOG5tMW8KLS0tIDRpcThPaTkyQ005aXhqSnVTYkN2 + LzhKU1FUeklTd1RuUk1lSVYwK3VLTEEKcKHaluWQ+Wgs9qI0qvyfnx+goSymL9wc + bJ0lxptRr0PGHdKhBRRlSe6HCMfshIoTktooUT6vNv4AsPmZuJZhJg== + -----END AGE ENCRYPTED FILE----- + - recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5bEFSaS9TWmJ6MkRWd09J + TVdGTGN4SS9kVE5yMlRTUHBWK09pYVZpUTFVClJmZ1pVSm1XZFIxeXkrb2gxbTYy + eDVvT2RUNHBOWDRSa1Y1MkpxMGhzbDAKLS0tIEl2ZE1Bb0U4NGZ3QVg2ZUpRQ0o5 + YUFNOS8xUnlKOXZSZ0M2ai8yNmNxTGsKHhwRXY18pGLitckX5vxFRJyqVL4VgWbw + +Gy+IwB7fJXoYlKHJXFfLOfhifCvrgouTcqV0ckPx/WYWSUKNDO89A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1g5keveae6zhn059e7cxkjqdz4v3u47ypejv9ujld65nwh6d5pd9qfm0ecv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQnNWTC9TUHZZZ3JoUnBL + Vmh4OEwvNzVzUS9HVVpaT3lBWlllbFZsSzJnCmhCR0NDT0Q5ekFCSDdoclB4Sml3 + ZjVnV1BpTkhmS0FUSDZmWGk4WGRrVGMKLS0tIGFCTUk1dzBaV1VBR0pLUGJtWDJh + RVd4K2Q0b2Vqc2F6b1hmQng1RHRheWcKOHUOZm+GjvHOKI3VRlgPeH3IKojGB9F4 + YhkW83lF1Wl0XYnHEUya25bMSYLzQHOPiy2I7n4K45uk8hKQmrKE5w== + -----END AGE ENCRYPTED FILE----- + - recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQbTAxQnJzc2xVZUh0VFBh + RUZiN3l6eHNLYzUyVVdqUVl5WjFBRW9uamhVCkRJM1hGWndXclNoVlMvcjQvZTlm + K3RxL2xrb0txZk1XaGlHTGRZbVFQemMKLS0tIFZaRkFQWURzcnRaV1lqTGhMTFp0 + TTVNU2NnLzhlR0dTLzBkdThpeURWL28KHxERu5qGbXlZnTw9bHHe7AgCOZ3PI99R + 91bVqvche0QPiESnu0Od4sIHID5g5F5+EBw53lQgjEx0c4Q1GFQfFQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnQXlGVEJDTDlvTDI1RXAy + ZkZSN2NzVHNmb3U3N2xRQ3EyWmtaYmZyMEM0Cjh0QWh2ZUZycFVjbEJmdDNEK0pZ + MGFSTW13TkRmU1RkZzVvVTZpQkMvaW8KLS0tIE5JRUtOSHErSmtnN1krZFVEd2hs + OXNMaEc4ZUw0RW9qaHhiUVdIZVZrVlEKMBG7NyFXqT6zxwxIq30Nj+uWz/zhjbhU + y4JqomFHxzwySEQD/1rfnTIJpmgpJNbyvRo4ToLDsM3B8TWk6D7/MQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArMnFJMXR3SFBuTGt2TWdL + bUZMQkU3dTlYS0xqbW9xN3JrY28rWEtIcHpFCmUxbFBQYWgyM1dPOUtLVmEwWDJj + N1RtUkVVSHFmUWkyZFBndmhGeFgwc1kKLS0tIHNMSjVYemQyTUlqVGVtVlBHU2cx + eEh1MmhQRFNyNE1NSDdwWk5BRCtDMFUKZByCL2Wj0X+lwUo06PHwOiaJhzqOMVVt + Rj/pvynxLV4d0RBzwpgdL9uV8VzTED4GW9wotODbhEUtdlpSS1YOGg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-15T15:03:15Z" + mac: ENC[AES256_GCM,data:szXSpToolZtr7f+36uEhmP/8P4SkBRpaI/tBbGUGm9bNC1gmiRGUqAU0Yye+HYEhpEQZAUBUyj+wXl3napn6d8reyHed96yTpXWw47tKFlfZo3vPEN4+33OQZ+Za+gr+ZexZkRVelX+O4h31joyw/3eQa/IRz9XPc1afOnOnWq8=,iv:yPfQRDagj5FJW/v4bd8G8CfznN8eNWPk/SUpq6Fyggs=,tag:UCeIeUG0At24YH+K+lKPTw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/src/helm/env.d/dev/values.desk.yaml b/src/helm/env.d/dev/values.desk.yaml.gotmpl similarity index 99% rename from src/helm/env.d/dev/values.desk.yaml rename to src/helm/env.d/dev/values.desk.yaml.gotmpl index 1518cef..4df9881 100644 --- a/src/helm/env.d/dev/values.desk.yaml +++ b/src/helm/env.d/dev/values.desk.yaml.gotmpl @@ -42,6 +42,7 @@ frontend: tag: "latest" ingress: + enabled: true host: desk.127.0.0.1.nip.io diff --git a/src/helm/env.d/staging/secrets.enc.yaml b/src/helm/env.d/staging/secrets.enc.yaml new file mode 100644 index 0000000..dbc1cf3 --- /dev/null +++ b/src/helm/env.d/staging/secrets.enc.yaml @@ -0,0 +1,68 @@ +oidc: + clientId: ENC[AES256_GCM,data:3A6nchWO8pVLIlWLRL3TBXCuwoo4dyrvtrfqrBqStLJRUl2A,iv:WZwTDGphAJ2KRN6cpj4HpZM5AsLywsjdI9m9tuhjigg=,tag:7GDMJhF0jrZghPENdQF9xw==,type:str] + clientSecret: ENC[AES256_GCM,data:X2pWXOrxlt+Sbf6Wq7g4Rz65AOXsAB/U35sJDFXHfZpT556xKekDmW/isD1R3kP8OTtigVi0gSrOvMePC9tgmg==,iv:sTD3nXIx2Z52pzO8A8VNpcQJ9Or9KMAxTG5/fYL0oTI=,tag:CCKemFbgJNDCY2bwNpqJiA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1SzRHcERkUUdLVk9XOG9M + MDdjSGZDam9wbUNwMFZaZ0I0bXJZSDRhTUJVClh3YkRXR3lSRGNrditwejZaeWVD + MVIxNG0yMjNzNlVNVFc2N0Y0dXlaSkkKLS0tIHpWcGZNRkoxZDJJcDg0Y1hJOWM4 + YTdVVC8xU0p1RTZMTmFSQ20rdGFydGsKb/iZA5lO/QdPnNIuC3irxT2Ajh4C5SES + p74VU20kUNFt7WsHMUBlkxbC2p4Mw+qacjIGqpezC+69UlSwTXawMA== + -----END AGE ENCRYPTED FILE----- + - recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzVjZTdENzQllqayt4L1RE + aWFTaHQ0MXpCWFIxN1ZySmFIRXlzSEZrM0c0CmpSUXFISGF1S3IyMjNIdEdSTEJs + MW0rQmdRRWxVREU0c1dUWnpNQW9kbHMKLS0tIE9SVUFERk9CT2RDSmdjYjlzUnNm + MTJGQTRZTzQzeEVrVnFxZVErdWpKMVkKMZzombPphRq0mEKxQotJfLBdBQz+PDJU + YbiTe9jLLWeNDdoqMKNmcAtW0tBL0r3KWtGIZRWDV+IXXXbkVRubnA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1g5keveae6zhn059e7cxkjqdz4v3u47ypejv9ujld65nwh6d5pd9qfm0ecv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSnJrUTFiZm0vRldkS2hr + cUl6bmpHbDBtTmJRWnp1YTR1SzZFMmZmc3dnClVra25QNnBURkZySGRuZlFHNWk2 + dUhvNVhqaWU1bVZVQlpyeDh4eXo3M0EKLS0tIFJHbXU3eG5velpZSTdESysvcVFr + MzBjM0plTnZGakhqckJ4L0NVVGVBSEkK3FI3omG4PXTmBxnnUVAwyRA2B99rzbtx + GqqSqCFYfn4aSFz6kz4+hxzv9rEgMBWhqpA6dpfBbz3SxmbDTW8V6Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5SEZlcnNDRlNSTWRrdG1S + KzRMZ2RBdzVEQVBwTFNXRVk2dG5DUnc0MjJnCnVoeVZ2WnRVaWFMMjBESTZUeHQ0 + RllWdnNXRTRkbWZXbldVVHc0QldhQkkKLS0tIDhuSU1sNXU5R2p5LzI1YXp2VEVo + M3JqeGd2MnQ0QnNNM0cyWHpUYmlHc1EKnZazjekMiytOi1jLktn9DoaRHT0lQP2s + GYvHZ4+xM3LwobmnVJCq1bXnl8fBuVKZbTOG+WeJbxNJq9fSk2I6rw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRSDRQRlc2dUVPWjN4Tlpw + cGpXeGtxc1JWOVdSc0s1WGRrTUl0UmcyVmhrCmNqWkZuZDJYLzM5YlhuVFc0bEln + aExWZ0F6bnBzYkd4V0xKeFZudHplL1UKLS0tIHUvSUtadlRCeC8yNUVEVjZEVm1L + RXVINFI5bHdDWGNjUjNsRU8xbTd0T0UKYL3phOso3YNi6tTWbpHdXW/Pae6uzz17 + AmLjdjD4KUVTlu6bhzSrazP+3EDtO5X3S57nladHcvxQPdqgAJQ99A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtV3JvKzZnaGN4WTBsTnc2 + TDNNYk10ZWhOWHAyZjlWWGRsMDJuSHI3cXg0CllVL1VIVitSLzNieEc2ZWppdVFi + RmlZMjE2cWdEcVhBenl2UG5McUZUK0UKLS0tIE1XMlN0YzZWVVVOdlJsZVZ1VTVC + bnBRVTJYUzYzNEM1eU8vQzlqdk9lY3MKM9g8opHNjlm2cAkVzc9LXt2TM+Jmq8Of + DbVFbegKV8lgnLKdmWVeKDtLFHiZj4dQclvwxbNuIk2QvEj9Wam7uQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-15T15:23:34Z" + mac: ENC[AES256_GCM,data:crwjT3cmrVCWR/CgGt0rb39WtfzY8/PYIue0sWSCS6VmGjR3fNxYfTuqEojk3ROIv2r3R9mAdLioAKQfbKyvdvi3p0v+FGsze3rBnEY76nl53eykubHi8GPCBJCu0yiDT1/pfkdW19LUIxDF0jtiKXlAUo44IJp/okehiEsXC/A=,iv:9Uqv6iy7iW7K42fMZVObcOIaVl1jaDa1PF06UR9Kx+o=,tag:5rKP2k8Gfwl1ImO7Kpc4kg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/src/helm/env.d/staging/values.desk.yaml.gotmpl b/src/helm/env.d/staging/values.desk.yaml.gotmpl new file mode 100644 index 0000000..9d05d14 --- /dev/null +++ b/src/helm/env.d/staging/values.desk.yaml.gotmpl @@ -0,0 +1,73 @@ +image: + repository: lasuite/people-backend + pullPolicy: Always + tag: "main" + +backend: + envVars: + DJANGO_CORS_ALLOWED_ORIGINS: http://desk-staging.beta.numerique.gouv.fr,https://desk-staging.beta.numerique.gouv.fr + DJANGO_CONFIGURATION: Production + DJANGO_ALLOWED_HOSTS: "*" + DJANGO_SECRET_KEY: "ThisIsAnExampleKeyForDevPurposeOnly" + DJANGO_SETTINGS_MODULE: people.settings + DJANGO_SUPERUSER_PASSWORD: admin + DJANGO_EMAIL_HOST: "mailcatcher" + DJANGO_EMAIL_PORT: 1025 + OIDC_OP_JWKS_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/jwks + OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize + OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token + OIDC_OP_USER_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo + OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }} + OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }} + OIDC_RP_SIGN_ALGO: RS256 + OIDC_RP_SCOPES: "openid email" + OIDC_REDIRECT_ALLOWED_HOSTS: https://desk-staging.beta.numerique.gouv.fr + OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" + LOGIN_REDIRECT_URL: https://desk-staging.beta.numerique.gouv.fr + LOGIN_REDIRECT_URL_FAILURE: https://desk-staging.beta.numerique.gouv.fr + LOGOUT_REDIRECT_URL: https://desk-staging.beta.numerique.gouv.fr/login + DB_HOST: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: host + DB_NAME: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: database + DB_USER: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: username + DB_PASSWORD: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: password + DB_PORT: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: port + POSTGRES_USER: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: username + POSTGRES_DB: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: database + POSTGRES_PASSWORD: + secretKeyRef: + name: postgresql.postgres.libre.sh + key: password + +frontend: + image: + repository: lasuite/people-frontend + pullPolicy: Always + tag: "main" + +ingress: + enabled: true + host: desk-staging.beta.numerique.gouv.fr + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + diff --git a/src/helm/extra/Chart.yaml b/src/helm/extra/Chart.yaml new file mode 100644 index 0000000..f489dbf --- /dev/null +++ b/src/helm/extra/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: extra +description: A Helm chart to add some manifests to desk +type: application +version: 0.1.0 diff --git a/src/helm/extra/templates/postgresql.yaml b/src/helm/extra/templates/postgresql.yaml new file mode 100644 index 0000000..c5a77c5 --- /dev/null +++ b/src/helm/extra/templates/postgresql.yaml @@ -0,0 +1,7 @@ +apiVersion: core.libre.sh/v1alpha1 +kind: Postgres +metadata: + name: postgresql + namespace: {{ .Release.Namespace | quote }} +spec: + database: desk diff --git a/src/helm/helmfile.yaml b/src/helm/helmfile.yaml index c252a4c..533b545 100644 --- a/src/helm/helmfile.yaml +++ b/src/helm/helmfile.yaml @@ -5,7 +5,8 @@ repositories: releases: - name: postgres - namespace: desk + installed: {{ eq .Environment.Name "dev" | toYaml }} + namespace: {{ .Namespace }} chart: bitnami/postgresql version: 13.1.5 values: @@ -17,15 +18,27 @@ releases: enabled: true autoGenerated: true + - name: extra + installed: {{ ne .Environment.Name "dev" | toYaml }} + namespace: {{ .Namespace }} + chart: ./extra + - name: desk version: {{ .Values.version }} - namespace: desk + namespace: {{ .Namespace }} chart: ./desk values: - - env.d/{{ .Environment.Name }}/values.desk.yaml + - env.d/{{ .Environment.Name }}/values.desk.yaml.gotmpl + secrets: + - env.d/{{ .Environment.Name }}/secrets.enc.yaml environments: dev: values: - version: 0.0.1 + staging: + values: + - version: 0.0.1 + secrets: + - env.d/{{ .Environment.Name }}/secrets.enc.yaml