This repository contains the configuration for our Kubernetes cluster. Each folder contains an "application" that is deployed into the cluster.
Deployment is done with a self-managed ArgoCD instance. Secrets are encrypted in this repository using SOPS and applied via KSOPS.
If you'd like to change anything about hashbang's infrastructure, please send a PR!
Add the new admin's PGP key to .sops.yaml, then run:
find . -name '*.enc.yaml' | while read file; do
sops updatekeys -y $file
doneCreate a new argocd local user for the admin (argocd/users.patch.yaml).
Add the new user to the admin group (argocd/argo-cd-rbac.patch.yaml).
Have the new user create a password for accessing argocd and hash it with e.g. htpasswd -n -B -C 10 adminusername. Add it to argocd/argocd-secret.enc.yaml.
Have the new user create a password for accessing metrics and hash it with e.g. htpasswd -n -B -C 10 adminusername. Add it to monitoring/user-auth.enc.yaml.
Add the admin's PGP key to argocd/gpg-keys/KEYID (and update the list in argocd/kustomization.yaml) e.g.
gpg -a --export --export-options export-minimal C91A9911192C187A > argocd/gpg-keys/C91A9911192C187AAdd the admin's PGP key to mtls/files/admin_seeds/ (and update the list in mtls/kustomization.yaml)