K3S-Cluster/home-cluster-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #487 from 3dwardch3ng/infra/postgresql

Browse Source 
test in app secret decrypt and import
This commit is contained in:
Edward Cheng
2024-07-15 10:39:39 +10:00
committed by GitHub
parent 954b5ec6b4 293c67efad
commit b76a7507a9
3 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
apps/homer/env/k3s-cluster/secret.yaml vendored Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v1
kind: Secret
metadata:
name: homer-secrets
namespace: argocd
type: Opaque
stringData: {}
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMkNTM1BmajJhUWF6UVhr
ajhtcWNneXhpL3hJOVFOVUVkR1hrY2JwMmdnCjk3c09BWnBueUdUV01BL3NSUG9F
Z01oTG9YZEcwYlBwVTMzdlJSVk9ZLzAKLS0tIGlLZzZ3NXMvQkJjQVd2WDZRck5I
MFVyY0tlWlYycjMreDBhazdiVktxSHcKCpS2fHlCH5y6jJ9jBtD/Ud9/Kei+lkl2
VvnGtjfiPl1Gfc5rp3tyNGC48ZKUKU1TJbVn7OsXQQ/SiwWMzV7f+A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-15T00:36:24Z"
mac: ENC[AES256_GCM,data:Zb96Tp0qJcu6sMx+MR4F0vY3ffxVXLRjgbeYuj235egFQeFpkMlWaNJQaBOtK3CD4It6lilWZXxGyrPdh+ARjQXRoiMBHgVL3dxEwEVXh6rp0XWEBN8Mp2SPzIWYtggDr30HsSSexpd6EaNK7LLDMKnoAR8I/+8ryhHczvPhKSc=,iv:S/KTF+ShwqlDHcrrCHVD8hsmstgeIhDz8gpMH3KN/64=,tag:aAcO6rXW+ryBqxvw59/h1Q==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.0

3
projects/k3s-cluster-app.yaml
View File

@@ -61,6 +61,9 @@ spec:
path: '{{ srcPath }}' path: '{{ srcPath }}'
repoURL: '{{ srcRepoURL }}' repoURL: '{{ srcRepoURL }}'
targetRevision: '{{ srcTargetRevision }}' targetRevision: '{{ srcTargetRevision }}'
helm:
valueFiles:
- secrets+age-import-kubernetes://argocd/sops-age#age.agekey?{{ srcPath }}/secret.yaml
syncPolicy: syncPolicy:
automated: automated:
allowEmpty: true allowEmpty: true

6
scripts/2.install-argocd.sh
View File

@@ -5,4 +5,8 @@ kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.11.4
kubectl create namespace argocd || echo "Namespace argocd already exists" kubectl create namespace argocd || echo "Namespace argocd already exists"
helm repo add argo https://argoproj.github.io/argo-helm || echo "Argo repo already exists" helm repo add argo https://argoproj.github.io/argo-helm || echo "Argo repo already exists"
helm repo update || echo "Failed to update helm repos" helm repo update || echo "Failed to update helm repos"
helm upgrade --install argocd -n argocd -f argocd-values.yaml argo/argo-cd --version 7.3.6 helm upgrade --install argocd -n argocd -f argocd-values.yaml argo/argo-cd --version 7.3.6
#Check repo server secret accessibility
echo "Checking repo server secret accessibility:"
kubectl auth can-i get secrets --namespace "argocd" --as "system:serviceaccount:argocd:argocd-repo-server"