2022-10-05 08:48:24 +00:00
|
|
|
# GitOps for tbrnt
|
|
|
|
|
|
|
|
## Repo structure
|
|
|
|
|
|
|
|
* Each subdirectory is a namespace
|
|
|
|
* `_apps` is the meta directory for Argo CD apps
|
|
|
|
|
2022-10-05 19:15:29 +00:00
|
|
|
## Secrets
|
2022-10-05 08:48:24 +00:00
|
|
|
|
2022-10-05 19:15:29 +00:00
|
|
|
Secrets are encrypted using [SOPS](https://github.com/mozilla/sops) and [age](https://github.com/FiloSottile/age).
|
|
|
|
Argo CD uses [KSOPS](https://github.com/viaduct-ai/kustomize-sops) and [kustomize](https://github.com/kubernetes-sigs/kustomize/).
|
2022-10-05 08:48:24 +00:00
|
|
|
|
2022-12-23 20:00:08 +00:00
|
|
|
Install `sops` and `age` packages on Arch Linux.
|
|
|
|
|
2022-10-05 19:15:29 +00:00
|
|
|
Public key: `age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8`
|
|
|
|
|
|
|
|
The installation and configuration happens in a kustomize patch in `argocd/`.
|
|
|
|
|
|
|
|
A good helper to work with SOPS encrypted secrets is [vscode-sops](https://github.com/signageos/vscode-sops).
|
|
|
|
|
|
|
|
The `age` key needs to be stored at `$HOME/.config/sops/age/keys.txt`
|
|
|
|
|
|
|
|
### Usage
|
|
|
|
|
|
|
|
Create a normal secret with a `.sops.yaml` file ending. Encrypt it with:
|
|
|
|
|
|
|
|
```
|
|
|
|
sops --encrypt --in-place secret.sops.yaml
|
|
|
|
```
|
|
|
|
|
|
|
|
Create a kustomize configuration to generate the secret:
|
|
|
|
|
|
|
|
secret-generator.yaml
|
|
|
|
```yaml
|
|
|
|
apiVersion: viaduct.ai/v1
|
|
|
|
kind: ksops
|
|
|
|
metadata:
|
|
|
|
name: secret-generator
|
|
|
|
files:
|
|
|
|
- ./secret.sops.yaml
|
|
|
|
```
|
|
|
|
|
|
|
|
kustomization.yaml
|
|
|
|
```yaml
|
|
|
|
generators:
|
|
|
|
- ./secret-generator.yaml
|
|
|
|
```
|
|
|
|
|
|
|
|
## Argo CD
|
2022-10-05 08:48:24 +00:00
|
|
|
|
|
|
|
Either
|
|
|
|
|
|
|
|
`sudo -E kubefwd svc -n argocd` and then https://argocd-server/
|
|
|
|
|
|
|
|
or
|
|
|
|
|
|
|
|
`kubectl port-forward svc/argocd-server -n argocd 8080:443` and
|
|
|
|
then https://localhost:8080/
|
|
|
|
|
|
|
|
## Bootstrap GitOps
|
|
|
|
|
|
|
|
```
|
|
|
|
# install Argo CD
|
|
|
|
kubectl create ns argocd
|
|
|
|
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
|
|
|
|
kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
|
|
|
|
argocd login argocd-server
|
|
|
|
|
|
|
|
# Instantiate Argo Root App
|
|
|
|
kubectl apply -f _apps/apps.yaml
|
2022-10-08 17:37:02 +00:00
|
|
|
```
|