tobru/gitops-zurrli
1
1
Fork 0
Code Issues 1 Pull requests 10 Activity
107 commits 12 branches 0 tags 7.8 MiB
HTML 69%
Shell 14.9%
Python 13.9%
Makefile 2.2%
Go to file
Tobias Brunner 4f4146963e expose DNS UDP
2022-11-03 20:53:25 +01:00
apps improve acmedns config 2022-10-17 21:30:24 +02:00
system expose DNS UDP 2022-11-03 20:53:25 +01:00
.gitignore configure sops 2022-10-05 20:27:52 +02:00
.sops.yaml configure sops 2022-10-05 20:27:52 +02:00
README.md new directory structure 2022-10-08 19:37:02 +02:00
renovate.json configure renovate 2022-10-11 22:16:12 +02:00

README.md

GitOps for tbrnt

Repo structure

  • Each subdirectory is a namespace
  • _apps is the meta directory for Argo CD apps

Secrets

Secrets are encrypted using SOPS and age. Argo CD uses KSOPS and kustomize.

Public key: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8

The installation and configuration happens in a kustomize patch in argocd/.

A good helper to work with SOPS encrypted secrets is vscode-sops.

The age key needs to be stored at $HOME/.config/sops/age/keys.txt

Usage

Create a normal secret with a .sops.yaml file ending. Encrypt it with:

sops --encrypt --in-place secret.sops.yaml

Create a kustomize configuration to generate the secret:

secret-generator.yaml

apiVersion: viaduct.ai/v1
kind: ksops
metadata:
  name: secret-generator
files:
  - ./secret.sops.yaml

kustomization.yaml

generators:
  - ./secret-generator.yaml

Argo CD

Either

sudo -E kubefwd svc -n argocd and then https://argocd-server/

or

kubectl port-forward svc/argocd-server -n argocd 8080:443 and then https://localhost:8080/

Bootstrap GitOps

# install Argo CD
kubectl create ns argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
argocd login argocd-server

# Instantiate Argo Root App
kubectl apply -f _apps/apps.yaml