apps | ||
system | ||
.gitignore | ||
.sops.yaml | ||
README.md | ||
renovate.json |
GitOps for tbrnt
Repo structure
- Each subdirectory is a namespace
_apps
is the meta directory for Argo CD apps
Secrets
Secrets are encrypted using SOPS and age. Argo CD uses KSOPS and kustomize.
Public key: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
The installation and configuration happens in a kustomize patch in argocd/
.
A good helper to work with SOPS encrypted secrets is vscode-sops.
The age
key needs to be stored at $HOME/.config/sops/age/keys.txt
Usage
Create a normal secret with a .sops.yaml
file ending. Encrypt it with:
sops --encrypt --in-place secret.sops.yaml
Create a kustomize configuration to generate the secret:
secret-generator.yaml
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: secret-generator
files:
- ./secret.sops.yaml
kustomization.yaml
generators:
- ./secret-generator.yaml
Argo CD
Either
sudo -E kubefwd svc -n argocd
and then https://argocd-server/
or
kubectl port-forward svc/argocd-server -n argocd 8080:443
and
then https://localhost:8080/
Bootstrap GitOps
# install Argo CD
kubectl create ns argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
argocd login argocd-server
# Instantiate Argo Root App
kubectl apply -f _apps/apps.yaml