You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tobias Brunner 4f4146963e expose DNS UDP 1 month ago
apps improve acmedns config 2 months ago
system expose DNS UDP 1 month ago
.gitignore configure sops 2 months ago
.sops.yaml configure sops 2 months ago new directory structure 2 months ago
renovate.json configure renovate 2 months ago

GitOps for tbrnt

Repo structure

  • Each subdirectory is a namespace
  • _apps is the meta directory for Argo CD apps


Secrets are encrypted using SOPS and age. Argo CD uses KSOPS and kustomize.

Public key: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8

The installation and configuration happens in a kustomize patch in argocd/.

A good helper to work with SOPS encrypted secrets is vscode-sops.

The age key needs to be stored at $HOME/.config/sops/age/keys.txt


Create a normal secret with a .sops.yaml file ending. Encrypt it with:

sops --encrypt --in-place secret.sops.yaml

Create a kustomize configuration to generate the secret:


kind: ksops
  name: secret-generator
  - ./secret.sops.yaml


  - ./secret-generator.yaml

Argo CD


sudo -E kubefwd svc -n argocd and then https://argocd-server/


kubectl port-forward svc/argocd-server -n argocd 8080:443 and then https://localhost:8080/

Bootstrap GitOps

# install Argo CD
kubectl create ns argocd
kubectl apply -n argocd -f
kubectl get pods -n argocd -l -o name | cut -d'/' -f 2
argocd login argocd-server

# Instantiate Argo Root App
kubectl apply -f _apps/apps.yaml