Skip to content
This repository has been archived by the owner on Oct 17, 2021. It is now read-only.
/ fluxcd-gitops-example Public archive

This repository explain how to step by step setup a gitops workflow using flux and ksops for secrets management.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

import-benjamin/fluxcd-gitops-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
deployment
deployment
 
 
flux-manifests
flux-manifests
 
 
scripts
scripts
 
 
slides
slides
 
 
.gitignore
.gitignore
 
 
.sops.yaml
.sops.yaml
 
 
README.md
README.md
 
 
public.asc
public.asc
 
 

Repository files navigation

fluxcd-gitops-example

This repository explain how to step by step setup a gitops workflow using flux and ksops for secrets management. We're going to use kustomize to write our manifests in order to deploy a simple nginx server with a encrypted secret.

:octocat: Requirements

Once required tools are installed, we can create our cluster using the following commands:

minikube start
kubectl cluster-info

When creating, minikube will set required settings in $KUBECONFIG allowing you to interact with kubectl.

Install flux

curl -s https://toolkit.fluxcd.io/install.sh | sudo bash
flux check --pre

In our case, since we're using flux in local, we'll install flux by typing:

flux install

Register our repository as a Git source

Here we'll create a git source named test:

flux create source git test --url=https://gitbub.com/benjaminBoboul/fluxcd-gitops-example --branch=main

# check the source:
flux get sources git
#NAME	READY	MESSAGE                                                        	REVISION                                     	SUSPENDED
#test	True 	Fetched revision: main/9b11bf3c6731792f79bb057490bf75114f9ee462	main/9b11bf3c6731792f79bb057490bf75114f9ee462	False

Note: all kind of update can trigger the git repository source, even commit without deployment modifications"

Create a kustomize deployment

Define a kustomize deployment called testkustomize

flux create kustomization testkustomize --source=GitRepository/test --path="./deployment/environments/production" --prune=true --interval=10m --decryption-provider=sops --decryption-secret=sops-gpg
# decryption-provider & decryption-secret refer to secrets encryption using sops
# check kustomization
flux get kustomizations
#NAME 	READY	MESSAGE                                                        	REVISION                                     	SUSPENDED
#testkustomize	True 	Applied revision: main/9b11bf3c6731792f79bb057490bf75114f9ee462	main/9b11bf3c6731792f79bb057490bf75114f9ee462	False

Generate GPG key for SOPS encryption

We need to disable gpg key password with the %no-protection so flux would be able to decrypt secrets in our cluster.

gpg --batch --full-generate-key <<EOF
%no-protection
Key-Type: 1
Key-Length: 4096
Subkey-Type: 1
Subkey-Length: 4096
Expire-Date: 0
Name-Comment: ${KEY_COMMENT}
Name-Real: ${KEY_NAME}
EOF

Export public & private key pair to kubernetes secrets :

gpg --export-secret-keys --armor <KEI_ID> | kubectl create secret generic sops-gpg --namespace=flux-system --from-file=sops.asc=/dev/stdin

About

This repository explain how to step by step setup a gitops workflow using flux and ksops for secrets management.

Topics

flux sops gitops fluxcd ksops

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages