test in app secret decrypt and import

2024-07-15 10:39:20 +10:00
parent 9788988f0b
commit 293c67efad
3 changed files with 35 additions and 1 deletions
--- a/apps/homer/env/k3s-cluster/secret.yaml
+++ b/apps/homer/env/k3s-cluster/secret.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: homer-secrets
+    namespace: argocd
+type: Opaque
+stringData: {}
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMkNTM1BmajJhUWF6UVhr
+            ajhtcWNneXhpL3hJOVFOVUVkR1hrY2JwMmdnCjk3c09BWnBueUdUV01BL3NSUG9F
+            Z01oTG9YZEcwYlBwVTMzdlJSVk9ZLzAKLS0tIGlLZzZ3NXMvQkJjQVd2WDZRck5I
+            MFVyY0tlWlYycjMreDBhazdiVktxSHcKCpS2fHlCH5y6jJ9jBtD/Ud9/Kei+lkl2
+            VvnGtjfiPl1Gfc5rp3tyNGC48ZKUKU1TJbVn7OsXQQ/SiwWMzV7f+A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-07-15T00:36:24Z"
+    mac: ENC[AES256_GCM,data:Zb96Tp0qJcu6sMx+MR4F0vY3ffxVXLRjgbeYuj235egFQeFpkMlWaNJQaBOtK3CD4It6lilWZXxGyrPdh+ARjQXRoiMBHgVL3dxEwEVXh6rp0XWEBN8Mp2SPzIWYtggDr30HsSSexpd6EaNK7LLDMKnoAR8I/+8ryhHczvPhKSc=,iv:S/KTF+ShwqlDHcrrCHVD8hsmstgeIhDz8gpMH3KN/64=,tag:aAcO6rXW+ryBqxvw59/h1Q==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.0
--- a/projects/k3s-cluster-app.yaml
+++ b/projects/k3s-cluster-app.yaml
@@ -61,6 +61,9 @@ spec:
        path: '{{ srcPath }}'
        repoURL: '{{ srcRepoURL }}'
        targetRevision: '{{ srcTargetRevision }}'
+        helm:
+          valueFiles:
+            - secrets+age-import-kubernetes://argocd/sops-age#age.agekey?{{ srcPath }}/secret.yaml
      syncPolicy:
        automated:
          allowEmpty: true
--- a/scripts/2.install-argocd.sh
+++ b/scripts/2.install-argocd.sh
@@ -5,4 +5,8 @@ kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.11.4
 kubectl create namespace argocd || echo "Namespace argocd already exists"
 helm repo add argo https://argoproj.github.io/argo-helm || echo "Argo repo already exists"
 helm repo update || echo "Failed to update helm repos"
-helm upgrade --install argocd -n argocd -f argocd-values.yaml argo/argo-cd --version 7.3.6
+helm upgrade --install argocd -n argocd -f argocd-values.yaml argo/argo-cd --version 7.3.6
+
+#Check repo server secret accessibility
+echo "Checking repo server secret accessibility:"
+kubectl auth can-i get secrets --namespace "argocd" --as "system:serviceaccount:argocd:argocd-repo-server"