# GitOps for tbrnt

## Repo structure

* Each subdirectory is a namespace
* `_apps` is the meta directory for Argo CD apps

## Secrets

Secrets are encrypted using [SOPS](https://github.com/mozilla/sops) and [age](https://github.com/FiloSottile/age).
Argo CD uses [KSOPS](https://github.com/viaduct-ai/kustomize-sops) and [kustomize](https://github.com/kubernetes-sigs/kustomize/).

Install `sops` and `age` packages on Arch Linux.

Public key: `age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8`

The installation and configuration happens in a kustomize patch in `argocd/`.

A good helper to work with SOPS encrypted secrets is [vscode-sops](https://github.com/signageos/vscode-sops).

The `age` key needs to be stored at `$HOME/.config/sops/age/keys.txt`

### Usage

Create a normal secret with a `.sops.yaml` file ending. Encrypt it with:

```
sops --encrypt --in-place secret.sops.yaml
```

Create a kustomize configuration to generate the secret:

secret-generator.yaml
```yaml
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
  name: secret-generator
files:
  - ./secret.sops.yaml
```

kustomization.yaml
```yaml
generators:
  - ./secret-generator.yaml
```

## Argo CD

Either

`sudo -E kubefwd svc -n argocd` and then https://argocd-server/

or

`kubectl port-forward svc/argocd-server -n argocd 8080:443` and
then https://localhost:8080/

## Bootstrap GitOps

```
# install Argo CD
kubectl create ns argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
argocd login argocd-server

# Instantiate Argo Root App
kubectl apply -f _apps/apps.yaml
```