Skip to content
/ sops-flux-playground Public

This project, named "sops-flux-playground," serves as an educational playground for learning secure methods of deploying secrets within Kubernetes. The primary objective is to provide hands-on experience with "sops," a tool for encrypting and decrypting Kubernetes secrets, and "Flux," a GitOps operator for Kubernetes.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hvaandres/sops-flux-playground

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
clusters/kind1/flux-system
clusters/kind1/flux-system
 
 
README.md
README.md
 
 

Repository files navigation

sops-flux-playground

For this time, I decided to use kind as my kubernetes cluster. To start I have to install kind:

Install Kind

brew install kind

Create Cluster

kind create cluster

Export github user & token

export GITHUB_USER=[github_user]
export GITHUB_TOKEN=[github_token]

CD into the github config file

cd ~/.config/gh

Create a folder for the path

mkdir flex-boostrap-demos.pat

Create repo with Flux command

flux bootstrap github --hostname=github.com --owner=[username] --repository=sops-flux-playground --branch=main --path=clusters/kind0 --personal --private=false

Clone the repo that you just created

git clone https://github.com/[username]/sops-flux-playground.git

Open vscode

cd sops-flux-playground
code .

Modify or Change the following file

#gotk-sync.yaml
#In the Spec, you will add the following:
spec:
	decryption:
		provider: sops
		secretRef:
			name: sops-gpg

Install gnupg sops

brew install gnupg sops

Run a GPG command / create the key

gpg --batch --full-generate-key <<EOF                                 
%no-protection
Key-Type: 1
Key-Length: 4096
Subkey-Type: 1
Subkey-Length: 4096
Expire-Date: 0
Name-Email: [email protected]
Name-Real: kind0
EOF

List your secrets

gpg --list-secret-keys
This should look like this:
sec   rsa4096 2023-03-09 [SCEA]
      ABB063E31C65B14C81B607021CC77C4A64215338
uid           [ultimate] kind0 <[email protected]>
ssb   rsa4096 2023-03-09 [SEA]

Export Secret and create a secret inside of the kubernetes cluster

gpg --export-secret-keys --armor ABB063E31C65B14C81B607021CC77C4A64215338 | kubectl create secret generic --namespace flux-system --from-file=sops.asc=/dev/stdin sops-gpg

Export public key and move it to your repo

gpg --export --armor ABB063E31C65B14C81B607021CC77C4A64215338 > clusters/kind0/flux-system/sops.pub.asc
Look

Pay attention to the path where you are located on the terminal

Add/Commit/Push to Github

git add .
git commit -m "Adding secrets into my repo"
git push
Attention

We recommend to create a secret for each environment you have

Time to reconcile your source

flux reconcile source git flux-system

Confirm all the changes that you did

kubectl describe kustomizations.kustomize.toolkit.fluxcd.io -A

Confirm the secrets

kubectl describe kustomizations.kustomize.toolkit.fluxcd.io -A | grep sops

By now, you should see that your repo is up-to-date and ready to use the secrets that you created.

About

This project, named "sops-flux-playground," serves as an educational playground for learning secure methods of deploying secrets within Kubernetes. The primary objective is to provide hands-on experience with "sops," a tool for encrypting and decrypting Kubernetes secrets, and "Flux," a GitOps operator for Kubernetes.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published