From b7587f8226be0bb53d6e4ad8fc0700083a5a7393 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Thu, 18 Jul 2024 15:56:16 +1000 Subject: [PATCH] update scripts --- scripts/2.install-argocd.sh | 1 + ...secrets.sh => 3.install-sealed-secrets.sh} | 0 scripts/3.install-sops.sh | 7 -- scripts/4.add-age-key.sh | 7 -- scripts/4.install-argocd-ingress.sh | 0 scripts/argocd-values.yaml | 77 +------------------ 6 files changed, 2 insertions(+), 90 deletions(-) rename scripts/{5.install-sealed-secrets.sh => 3.install-sealed-secrets.sh} (100%) delete mode 100644 scripts/3.install-sops.sh delete mode 100644 scripts/4.add-age-key.sh create mode 100644 scripts/4.install-argocd-ingress.sh diff --git a/scripts/2.install-argocd.sh b/scripts/2.install-argocd.sh index 2f50267..38ce9b6 100644 --- a/scripts/2.install-argocd.sh +++ b/scripts/2.install-argocd.sh @@ -6,6 +6,7 @@ kubectl create namespace argocd || echo "Namespace argocd already exists" helm repo add argo https://argoproj.github.io/argo-helm || echo "Argo repo already exists" helm repo update || echo "Failed to update helm repos" helm upgrade --install argocd -n argocd -f argocd-values.yaml argo/argo-cd --version 7.3.6 +#kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.9.18/manifests/ha/install.yaml helm plugin install https://github.com/jkroepke/helm-secrets #Check repo server secret accessibility diff --git a/scripts/5.install-sealed-secrets.sh b/scripts/3.install-sealed-secrets.sh similarity index 100% rename from scripts/5.install-sealed-secrets.sh rename to scripts/3.install-sealed-secrets.sh diff --git a/scripts/3.install-sops.sh b/scripts/3.install-sops.sh deleted file mode 100644 index 166c8b9..0000000 --- a/scripts/3.install-sops.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -set -e - -curl -LO https://github.com/getsops/sops/releases/download/v3.8.1/sops-v3.8.1.linux.arm64 && -sudo mv sops-v3.8.1.linux.arm64 /usr/local/bin/sops && -chmod +x /usr/local/bin/sops -sudo apt install age -y \ No newline at end of file diff --git a/scripts/4.add-age-key.sh b/scripts/4.add-age-key.sh deleted file mode 100644 index 92cc7a0..0000000 --- a/scripts/4.add-age-key.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -set -e - -cat /mnt/nfs/agekey/age.agekey | -kubectl create secret generic sops-age \ ---namespace=argocd \ ---from-file=age.agekey=/dev/stdin \ No newline at end of file diff --git a/scripts/4.install-argocd-ingress.sh b/scripts/4.install-argocd-ingress.sh new file mode 100644 index 0000000..e69de29 diff --git a/scripts/argocd-values.yaml b/scripts/argocd-values.yaml index e1e0661..284cf5f 100644 --- a/scripts/argocd-values.yaml +++ b/scripts/argocd-values.yaml @@ -32,81 +32,6 @@ redis-ha: enabled: true server: - env: - - name: HELM_PLUGINS - value: /gitops-tools/helm-plugins/ - - name: HELM_SECRETS_CURL_PATH - value: /gitops-tools/curl - - name: HELM_SECRETS_SOPS_PATH - value: /gitops-tools/sops - - name: HELM_SECRETS_VALS_PATH - value: /gitops-tools/vals - - name: HELM_SECRETS_KUBECTL_PATH - value: /gitops-tools/kubectl - - name: HELM_SECRETS_BACKEND - value: sops - - name: HELM_SECRETS_VALUES_ALLOW_SYMLINKS - value: "false" - - name: HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH - value: "true" - - name: HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL - value: "false" - - name: HELM_SECRETS_WRAPPER_ENABLED - value: "true" - - name: HELM_SECRETS_DECRYPT_SECRETS_IN_TMP_DIR - value: "true" - - name: HELM_SECRETS_HELM_PATH - value: /usr/local/bin/helm - - name: SOPS_AGE_KEY_FILE - # Multiple keys can be separated by space - value: /helm-secrets-private-keys/age.agekey - initContainers: - - name: download-tools - image: alpine:latest - imagePullPolicy: IfNotPresent - command: [ sh, -ec ] - env: - - name: HELM_SECRETS_VERSION - value: "4.6.0" - - name: KUBECTL_VERSION - value: "1.30.2" - - name: VALS_VERSION - value: "0.37.3" - - name: SOPS_VERSION - value: "3.9.0" - args: - - | - mkdir -p /gitops-tools/helm-plugins - - GO_ARCH=$(uname -m | sed -e 's/x86_64/amd64/') - wget -qO /gitops-tools/curl https://github.com/moparisthebest/static-curl/releases/latest/download/curl-${GO_ARCH} - - GO_ARCH=$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/') && \ - wget -qO /gitops-tools/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${GO_ARCH}/kubectl - wget -qO /gitops-tools/sops https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux.${GO_ARCH} - wget -qO- https://github.com/helmfile/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_${GO_ARCH}.tar.gz | tar zxv -C /gitops-tools vals - wget -qO- https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets.tar.gz | tar -C /gitops-tools/helm-plugins -xzf- - - chmod +x /gitops-tools/* - cp /gitops-tools/helm-plugins/helm-secrets/scripts/wrapper/helm.sh /gitops-tools/helm - volumeMounts: - - mountPath: /gitops-tools - name: gitops-tools - volumes: - - name: gitops-tools - emptyDir: { } - # kubectl create secret generic helm-secrets-private-keys --from-file=key.asc=assets/gpg/private2.gpg - - name: helm-secrets-private-keys - secret: - secretName: sops-age - volumeMounts: - - mountPath: /gitops-tools - name: gitops-tools - - mountPath: /usr/local/sbin/helm - subPath: helm - name: gitops-tools - - mountPath: /helm-secrets-private-keys/ - name: helm-secrets-private-keys autoscaling: enabled: true minReplicas: 2 @@ -121,7 +46,7 @@ server: service: type: NodePort ingress: -# enabled: true + enabled: true annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/ssl-passthrough: "true"