Getting Started
Prerequisites
Before you continue, ensure that the following prerequisites are installed on your system:
- helm we currently require the
3.11version since it supports the range of k8s version we manage. See here - helm-diff plugin to be able to diff new configuration with what's currently deployed remotely.
- helm-secrets plugin to be able to store encrypted secrets in the repo and decrypt them before deployment.
- age this is the 'low-level' encryption tool used to encrypt/decrypt secrets.
- sops this wraps around
ageto encrypt/decrypt yaml values.
File Structure
First-Time Setup
- clone this project
git clone https://github.com/tristan-greffe/clusters.git- create an age keypair for yourself. The private key will be used to decrypt secrets in our projects.
To encrypt/decrypt secrets stored in this repo, you must be added to the list of recipients of the secret files. Start by generating a public/private key pair for yourself:
sh
age-keygen -o "clusters/age/keys.txt"The command will print the public key in the terminal; communicate this key to an already authorized developer. This key pair functions like an ID card for yourself. Using the public part, we can encrypt files ensuring you can decrypt them. The private part is used only for decryption and should never be shared. It is stored in the clusters/age/keys.txt file.
WARNING
Register this age keypair in your password manager; it is essential to keep it safe.
- grant the necessary permissions to execute the scripts:
sh
chmod +x ./scripts/*.sh