Skip to content

theinternetcafe/k8s-ansible

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits
group_vars
group_vars
 
 
host_vars
host_vars
 
 
inventory
inventory
 
 
playbooks
playbooks
 
 
roles
roles
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
Vagrantfile
Vagrantfile
 
 
run.sh
run.sh
 
 

Repository files navigation

Initialize cluster

./run.sh -i inventory/staging.yml playbooks/kube.yml
./run.sh -i inventory/staging.yml playbooks/kube_init.yml
./run.sh -i inventory/staging.yml playbooks/kube_join.yml
./run.sh -i inventory/staging.yml playbooks/kube_flux.yml

Sealed secrets

Install Kubeseal

Install kubeseal (macOS)

brew install kubeseal

Install kubeseal (Linux)

KUBESEAL_VERSION='' # Set this to, for example, KUBESEAL_VERSION='0.23.0'
curl -OL "https://github.com/bitnami-labs/sealed-secrets/releases/download/v${KUBESEAL_VERSION:?}/kubeseal-${KUBESEAL_VERSION:?}-linux-amd64.tar.gz"
tar -xvzf kubeseal-${KUBESEAL_VERSION:?}-linux-amd64.tar.gz kubeseal
sudo install -m 755 kubeseal /usr/local/bin/kubeseal

Create cluster key pair with openssl

kubectl create secret generic sealed-secrets-key \
  --namespace sealed-secrets \
  --from-literal=tls.key="$(openssl genrsa 4096 | tee /tmp/sealed-secrets-key )" \
  --from-literal=tls.crt="$(openssl req -x509 -new -nodes -key /tmp/sealed-secrets-key -sha256 -days 3560 -subj '/CN=sealed-secrets/O=sealed-secrets')"

Create a new sealed secret

kubeseal --scope cluster-wide --controller-namespace sealed-secrets --controller-name sealed-secrets --format=yaml < secret.yaml > sealed-secret.yaml

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages