Skip to content

Commit

Permalink
secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
@AsfaMumtaz
AsfaMumtaz committed Nov 2, 2023
1 parent 5bed060 commit 6b1d9ba
Showing 1 changed file with 43 additions and 0 deletions.
43 changes: 43 additions & 0 deletions content/for-developers/tutorials/outer-loop/deploying-secrets.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,49 @@ To have a fully functional pipeline, we will be needing a few secrets. Some of t
* _Owner_: The owner of this secret will be customer's delivery engineer
* _Location_: This secret will be deployed in build namespace of all tenants, the namespaces created by Tronador.\
* _Deployment Process_: To deploy the git-pat-creds, follow the below-mentioned steps:
1. Navigate to your infra-gitops repository.

Check failure on line 169 in content/for-developers/tutorials/outer-loop/deploying-secrets.md

View workflow job for this annotation

GitHub Actions / vale

[vale] content/for-developers/tutorials/outer-loop/deploying-secrets.md#L169 

[Vale.Terms] Use 'GitOps' instead of 'gitops'.
Raw output 
{"message": "[Vale.Terms] Use 'GitOps' instead of 'gitops'.", "location": {"path": "content/for-developers/tutorials/outer-loop/deploying-secrets.md", "range": {"start": {"line": 169, "column": 37}}}, "severity": "ERROR"}
1. At the base level, your infra repository should already have a folder with cluster name. Open up the tenant-operator-config and create a folder named templates if it is not already there.
1. Now add a template with the following structure. Remember to replace the placeholders.
```yaml

Check failure on line 172 in content/for-developers/tutorials/outer-loop/deploying-secrets.md

View workflow job for this annotation

GitHub Actions / qa / markdown_lint 

Fenced code blocks should be surrounded by blank lines [Context: "```yaml"]
apiVersion: tenantoperator.stakater.com/v1alpha1
kind: Template
metadata:
name: git-pat-creds
resources:
manifests:
- apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: git-pat-creds
spec:
dataFrom:
- extract:
conversionStrategy: Default
key: git-pat-creds
refreshInterval: 1m0s
secretStoreRef:
kind: SecretStore
name: tenant-vault-shared-secret-store
target:
name: git-pat-creds
```

Check failure on line 194 in content/for-developers/tutorials/outer-loop/deploying-secrets.md

View workflow job for this annotation

GitHub Actions / qa / markdown_lint 

Fenced code blocks should be surrounded by blank lines [Context: "```"]
1. Now add a TemplateGroupInstance:

```yaml
apiVersion: tenantoperator.stakater.com/v1alpha1
kind: TemplateGroupInstance
metadata:
name: git-pat-creds
spec:
template: git-pat-creds
selector:
matchExpressions:
- key: stakater.com/kind
operator: In
values: [ build, pr ]
sync: true
```
1. If you have correctly configured your infra repository, ArgoCD should be able to sync the changes and deploy the secret in build namespaces of the tenants.

## Repository level secrets

Expand Down

0 comments on commit 6b1d9ba

Please sign in to comment.