document sops
This commit is contained in:
parent
08fbc60df2
commit
9e19378903
48
README.md
48
README.md
|
@ -5,11 +5,47 @@
|
|||
* Each subdirectory is a namespace
|
||||
* `_apps` is the meta directory for Argo CD apps
|
||||
|
||||
## Usage
|
||||
## Secrets
|
||||
|
||||
### Argo CD
|
||||
Secrets are encrypted using [SOPS](https://github.com/mozilla/sops) and [age](https://github.com/FiloSottile/age).
|
||||
Argo CD uses [KSOPS](https://github.com/viaduct-ai/kustomize-sops) and [kustomize](https://github.com/kubernetes-sigs/kustomize/).
|
||||
|
||||
#### Access
|
||||
Public key: `age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8`
|
||||
|
||||
The installation and configuration happens in a kustomize patch in `argocd/`.
|
||||
|
||||
A good helper to work with SOPS encrypted secrets is [vscode-sops](https://github.com/signageos/vscode-sops).
|
||||
|
||||
The `age` key needs to be stored at `$HOME/.config/sops/age/keys.txt`
|
||||
|
||||
|
||||
### Usage
|
||||
|
||||
Create a normal secret with a `.sops.yaml` file ending. Encrypt it with:
|
||||
|
||||
```
|
||||
sops --encrypt --in-place secret.sops.yaml
|
||||
```
|
||||
|
||||
Create a kustomize configuration to generate the secret:
|
||||
|
||||
secret-generator.yaml
|
||||
```yaml
|
||||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: secret-generator
|
||||
files:
|
||||
- ./secret.sops.yaml
|
||||
```
|
||||
|
||||
kustomization.yaml
|
||||
```yaml
|
||||
generators:
|
||||
- ./secret-generator.yaml
|
||||
```
|
||||
|
||||
## Argo CD
|
||||
|
||||
Either
|
||||
|
||||
|
@ -20,12 +56,6 @@ or
|
|||
`kubectl port-forward svc/argocd-server -n argocd 8080:443` and
|
||||
then https://localhost:8080/
|
||||
|
||||
#### CLI
|
||||
|
||||
* `argocd login argocd-server`
|
||||
* `argocd app list`
|
||||
* `argocd app sync <name>`
|
||||
|
||||
## Bootstrap GitOps
|
||||
|
||||
```
|
||||
|
|
Loading…
Reference in a new issue