- Running Kubernetes cluster
- Application k8s manifests with secrets
- Kubeseal binary installed
- Install bitnami sealed controller as ArgoCD app
- Encrypt secrets and commit them to the repo with the k8s manifests
- Create an app using the secrets you encrypted
-
Click on "New App"
- app name: controller
- project: default
- sync policy: automatic
- repository URL: a URL to bitnami sealed controller manifests
- namespace: kube-system
-
Run the following for every secret:
kubeseal < some/secret.yml > sealed_secrets/some/encrypted_secret.yaml -o yaml
-
Click on "New App"
- app name: some-app
- project: default
- sync policy: automatic
- repository URL: a URL to k8s manifests (including encrypted secrets)
- namespace: default