forked from nnamdiugwu300/Argosecrets
-
Notifications
You must be signed in to change notification settings - Fork 0
adeel-ansari/Argosecrets
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
First we will create a Kubernetes Cluster and all the requirements for doing thAT. Now we have to install ArgoCD to our kubernetes cluster Use the link below to install argoCd in your cluster --- kubectl create namespace argocd kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml --- Next we would have to install the argoCD CLI Use the command below to install ArgoCD CLI in Linux --- curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd rm argocd-linux-amd64 --- If you want to connect to your ArgoCD GUI(Optional) Use the command below to generate ArgoCD initial Password --- argocd admin initial-password -n argocd --- For port fowarding, Use the command below --- kubectl port-forward svc/argocd-server -n argocd 8080:443 --- Now you can sign up with admin as the username and the password generated earlier The next step is to install Bitnami Kubeseal Client Use the command below for the installation --- wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.18.0/kubeseal-0.18.0-linux-amd64.tar.gz tar xfz kubeseal-0.18.0-linux-amd64.tar.gz sudo install -m 755 kubeseal /usr/local/bin/kubeseal --- To check if kubeseal installed you can use the command below to see if the directory shows up --- which kubeseal --- The next step is Installing the Custom Controller and CRD for SealedSecret Install the SealedSecret CRD, controller and RBAC artifacts on your EKS cluster as follows: --- wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.18.0/controller.yaml kubectl apply -f controller.yaml --- After this step, A sealed secret controller Pod and a sealed secret key (secret) should be created in the kube-system namespace After this, you have to fetch a key with the command below, thus generate a public key. --- kubeseal --fetch-cert >mycert.pem --- this key is generated by sealed secret in the cluster Now Create a Secret --- echo -n nnamdi | kubectl create secret generic postgres-secret --dry-run=client --from-file=password=/dev/stdin -o json >mysecret.json --- the secret tag is password: nnamdi and has been saved to a json file as shown above. After this you will have to seal the secret, thus creating a sealed secret from the original secret json created earlier. and you can seal it with the public key generated earlier also --- kubeseal --cert mycert.pem <mysecret.json >mysealedsecret.json --- Other developers can use this key to seal a secret aslo. all they have to do is have a copy of the key and of course have kubeseal installed in thier environment Now a new file mysealedsecret.json is created. This file is what you will then commit to your source of truth. For more info, visit https://github.com/bitnami-labs/sealed-secrets or check out the youtube video in the link below https://www.youtube.com/watch?v=FJBmovA2Ej4&t=284s
About
For practice purposes
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published