Update README.md
This commit is contained in:
parent
3381aec5e3
commit
83623a2733
77
README.md
77
README.md
|
@ -2,9 +2,86 @@
|
||||||
|
|
||||||
Helm configs and Kubernetes manifests for my dev cluster managed by Kustomize.
|
Helm configs and Kubernetes manifests for my dev cluster managed by Kustomize.
|
||||||
|
|
||||||
|
## Structure
|
||||||
|
|
||||||
|
- infra
|
||||||
|
- [storage](https://github.com/rancher/local-path-provisioner): Local path provisioner configuration
|
||||||
|
- [traefik](https://doc.traefik.io/traefik/): Reverse proxy with wildcart SSL certificates
|
||||||
|
- apps
|
||||||
|
- [authelia](https://www.authelia.com/): SSO and basic auth provider
|
||||||
|
- [gitea](https://docs.gitea.com/): Git server with [Actions](https://docs.gitea.com/usage/actions/overview) and [renovate-bot](https://docs.renovatebot.com/)
|
||||||
|
- [namesny-com](https://namesny.com/): Personal website and blog
|
||||||
|
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
|
- [age](https://github.com/FiloSottile/age)
|
||||||
- [helm](https://helm.sh/)
|
- [helm](https://helm.sh/)
|
||||||
- [kustomize](https://kustomize.io/)
|
- [kustomize](https://kustomize.io/)
|
||||||
- [sops](https://github.com/getsops/sops)
|
- [sops](https://github.com/getsops/sops)
|
||||||
- [ksops](https://github.com/viaduct-ai/kustomize-sops)
|
- [ksops](https://github.com/viaduct-ai/kustomize-sops)
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
Generate age key
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mkdir -p $HOME/.config/sops/age
|
||||||
|
age-keygen -o $HOME/.config/sops/age/keys.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
Create `.sops.yaml` file in the repo root and copy the age public key
|
||||||
|
|
||||||
|
`.sops.yaml`
|
||||||
|
```yaml
|
||||||
|
creation_rules:
|
||||||
|
- unencrypted_regex: "^(apiVersion|metadata|kind|type)$"
|
||||||
|
age: "<age public key>"
|
||||||
|
```
|
||||||
|
|
||||||
|
Create `secret.yaml`
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: mysecret
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
username: YWRtaW4=
|
||||||
|
password: MWYyZDFlMmU2N2Rm
|
||||||
|
```
|
||||||
|
|
||||||
|
Encrypt the secret using sops
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sops -e secret.yaml > secret.enc.yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
Create `secret-generator.yaml`
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: gitea-secret-generator
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |
|
||||||
|
exec:
|
||||||
|
path: ksops
|
||||||
|
files:
|
||||||
|
- ./secret.enc.yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
Use secret generator in `kustomization.yaml`
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
generators:
|
||||||
|
- ./secret-generator.yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
Deploy application
|
||||||
|
|
||||||
|
```sh
|
||||||
|
kustomize build --enable-helm --enable-alpha-plugins --enable-exec . | k apply -f -
|
||||||
|
```
|
||||||
|
|
Loading…
Reference in New Issue