apps | ||
system | ||
.envrc | ||
.gitignore | ||
.sops.yaml | ||
README.md | ||
renovate.json |
GitOps for tbrnt
Repo structure
- Each subdirectory is a namespace
_apps
is the meta directory for Argo CD apps
Secrets
Secrets are encrypted using SOPS and age. Argo CD uses KSOPS and kustomize.
Install sops
and age
packages on Arch Linux.
Public key: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
The installation and configuration happens in a kustomize patch in argocd/
.
A good helper to work with SOPS encrypted secrets is vscode-sops.
The age
key needs to be stored at $HOME/.config/sops/age/keys.txt
Usage
Create a normal secret with a .sops.yaml
file ending. Encrypt it with:
sops --encrypt --in-place secret.sops.yaml
Create a kustomize configuration to generate the secret:
secret-generator.yaml
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: secret-generator
files:
- ./secret.sops.yaml
kustomization.yaml
generators:
- ./secret-generator.yaml
Argo CD
Either
sudo -E kubefwd svc -n argocd
and then https://argocd-server/
or
kubectl port-forward svc/argocd-server -n argocd 8080:443
and
then https://localhost:8080/
Bootstrap GitOps
# install Argo CD
kubectl create ns argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
argocd login argocd-server
# Instantiate Argo Root App
kubectl apply -f _apps/apps.yaml