From 293c67efadf62dc26735be8ea47fcb839004d9c6 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 15 Jul 2024 10:39:20 +1000 Subject: [PATCH] test in app secret decrypt and import --- apps/homer/env/k3s-cluster/secret.yaml | 27 ++++++++++++++++++++++++++ projects/k3s-cluster-app.yaml | 3 +++ scripts/2.install-argocd.sh | 6 +++++- 3 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 apps/homer/env/k3s-cluster/secret.yaml diff --git a/apps/homer/env/k3s-cluster/secret.yaml b/apps/homer/env/k3s-cluster/secret.yaml new file mode 100644 index 0000000..24abbc0 --- /dev/null +++ b/apps/homer/env/k3s-cluster/secret.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: homer-secrets + namespace: argocd +type: Opaque +stringData: {} +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMkNTM1BmajJhUWF6UVhr + ajhtcWNneXhpL3hJOVFOVUVkR1hrY2JwMmdnCjk3c09BWnBueUdUV01BL3NSUG9F + Z01oTG9YZEcwYlBwVTMzdlJSVk9ZLzAKLS0tIGlLZzZ3NXMvQkJjQVd2WDZRck5I + MFVyY0tlWlYycjMreDBhazdiVktxSHcKCpS2fHlCH5y6jJ9jBtD/Ud9/Kei+lkl2 + VvnGtjfiPl1Gfc5rp3tyNGC48ZKUKU1TJbVn7OsXQQ/SiwWMzV7f+A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-07-15T00:36:24Z" + mac: ENC[AES256_GCM,data:Zb96Tp0qJcu6sMx+MR4F0vY3ffxVXLRjgbeYuj235egFQeFpkMlWaNJQaBOtK3CD4It6lilWZXxGyrPdh+ARjQXRoiMBHgVL3dxEwEVXh6rp0XWEBN8Mp2SPzIWYtggDr30HsSSexpd6EaNK7LLDMKnoAR8I/+8ryhHczvPhKSc=,iv:S/KTF+ShwqlDHcrrCHVD8hsmstgeIhDz8gpMH3KN/64=,tag:aAcO6rXW+ryBqxvw59/h1Q==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.0 diff --git a/projects/k3s-cluster-app.yaml b/projects/k3s-cluster-app.yaml index 3987395..34e6168 100644 --- a/projects/k3s-cluster-app.yaml +++ b/projects/k3s-cluster-app.yaml @@ -61,6 +61,9 @@ spec: path: '{{ srcPath }}' repoURL: '{{ srcRepoURL }}' targetRevision: '{{ srcTargetRevision }}' + helm: + valueFiles: + - secrets+age-import-kubernetes://argocd/sops-age#age.agekey?{{ srcPath }}/secret.yaml syncPolicy: automated: allowEmpty: true diff --git a/scripts/2.install-argocd.sh b/scripts/2.install-argocd.sh index 2c0723b..ae34603 100644 --- a/scripts/2.install-argocd.sh +++ b/scripts/2.install-argocd.sh @@ -5,4 +5,8 @@ kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.11.4 kubectl create namespace argocd || echo "Namespace argocd already exists" helm repo add argo https://argoproj.github.io/argo-helm || echo "Argo repo already exists" helm repo update || echo "Failed to update helm repos" -helm upgrade --install argocd -n argocd -f argocd-values.yaml argo/argo-cd --version 7.3.6 \ No newline at end of file +helm upgrade --install argocd -n argocd -f argocd-values.yaml argo/argo-cd --version 7.3.6 + +#Check repo server secret accessibility +echo "Checking repo server secret accessibility:" +kubectl auth can-i get secrets --namespace "argocd" --as "system:serviceaccount:argocd:argocd-repo-server" \ No newline at end of file