You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Tobias Brunner 4f4146963e expose DNS UDP 1 month ago
apps improve acmedns config 2 months ago
system expose DNS UDP 1 month ago
.gitignore configure sops 2 months ago
.sops.yaml configure sops 2 months ago
README.md new directory structure 2 months ago
renovate.json configure renovate 2 months ago

README.md

GitOps for tbrnt

Repo structure

  • Each subdirectory is a namespace
  • _apps is the meta directory for Argo CD apps

Secrets

Secrets are encrypted using SOPS and age. Argo CD uses KSOPS and kustomize.

Public key: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8

The installation and configuration happens in a kustomize patch in argocd/.

A good helper to work with SOPS encrypted secrets is vscode-sops.

The age key needs to be stored at $HOME/.config/sops/age/keys.txt

Usage

Create a normal secret with a .sops.yaml file ending. Encrypt it with:

sops --encrypt --in-place secret.sops.yaml

Create a kustomize configuration to generate the secret:

secret-generator.yaml

apiVersion: viaduct.ai/v1
kind: ksops
metadata:
  name: secret-generator
files:
  - ./secret.sops.yaml

kustomization.yaml

generators:
  - ./secret-generator.yaml

Argo CD

Either

sudo -E kubefwd svc -n argocd and then https://argocd-server/

or

kubectl port-forward svc/argocd-server -n argocd 8080:443 and then https://localhost:8080/

Bootstrap GitOps

# install Argo CD
kubectl create ns argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
argocd login argocd-server

# Instantiate Argo Root App
kubectl apply -f _apps/apps.yaml