0010 Add secret cluster settings

0010 Add secret cluster settings#

Context and Problem Statement#

Some of the values which are spread across the configuration are not exactly secrets, yet they still should be kept private in a sense that they are not published via the repository. Those values do not need any special protection when deployed inside of the cluster. This means they do not have to be restricted to Secret resources.

Examples are:

  • An email address used for the Letsencrypt configuration.

  • IDs of resources like AWS keys or Zone IDs.

Decision Outcome#

Add a second object to hold “cluster settings” based on a Secret.

This way the data can be kept private within the repository based on the existing SOPS workflow. The variable substitution from Flux will then inject those values during the deployment.