Kubernetes: Adding Secrets

Table of Contents

Kubernetes - This article is part of a series.

Part 1: Kubernetes: Introduction

Part 2: Kubernetes: Deploying Services

Part 3: This Article

Part 4: Kubernetes: Longhorn Persistence

Part 5: Kubernetes: MetalLB Load Balancing

Part 6: Kubernetes: Netbird Operator

Part 7: Kubernetes: Adding CloudnativePG Databases

Part 8: Kubernetes: A Factory for Valkey

Adding Secrets
#

We can make use of sops-nix templates to

                                        { self, inputs, ... class="p">}: class="p">{ flake.modules.nixos.immich-secrets = { config, lib, pkgs, ... }: { config = lib.mkIf (config.immich.enable && config.secrets.enable && config.secrets.immich.enable) { sops = { secrets = { "immich/key" = { }; "immich/postgres_password" = { }; "immich/valkey_password" = { }; }; templates = { immich-secrets = { content = builtins.toJSON { apiVersion = "v1"; kind = "Secret"; metadata = { name = "immich-secrets"; namespace = "immich"; }; type = "Opaque"; stringData = { username = "immich"; password = config.sops.placeholder."immich/postgres_password"; valkey-password = config.sops.placeholder."immich/valkey_password"; }; }; path = "/var/lib/rancher/k3s/server/manifests/immich-secrets.json"; }; }; }; }; }; class="p">}

Kubernetes - This article is part of a series.

Part 1: Kubernetes: Introduction

Part 2: Kubernetes: Deploying Services

Part 3: This Article

Part 4: Kubernetes: Longhorn Persistence

Part 5: Kubernetes: MetalLB Load Balancing

Part 6: Kubernetes: Netbird Operator

Part 7: Kubernetes: Adding CloudnativePG Databases

Part 8: Kubernetes: A Factory for Valkey

Adding Secrets #

Adding Secrets
#