feat: sealed-secrets

tunacinsoy · Aug 19, 2024 · 3b39d57 · 3b39d57
1 parent 23c78bb
commit 3b39d57
Show file tree

Hide file tree

Showing 8 changed files with 13 additions and 95 deletions.
diff --git a/.github/workflows/create-cluster.yml b/.github/workflows/create-cluster.yml
@@ -11,8 +11,9 @@ jobs:
     - name: Reformat argocd applicationset config
       id: reformat-argocd-applicationset
       run: sed -i "s/HEAD/${GITHUB_REF##*/}/g" ../manifests/argocd/apps.yaml
-    - name: Reformat external-secrets manifests
-      run: sed -i "s/SECRET_ACCESS_CREDS_PH/$(echo '${{ secrets.GCP_SM_CREDENTIALS }}' | base64 -w 0)/g" ../manifests/argocd/gcpsm-secret.yaml; sed -i "s/PROJECT_ID_PH/${{ secrets.PROJECT_ID }}/g" ../manifests/argocd/gcpsm-secret.yaml
+    # Only necessary if we use external-secrets
+    # - name: Reformat external-secrets manifests
+    #   run: sed -i "s/SECRET_ACCESS_CREDS_PH/$(echo '${{ secrets.GCP_SM_CREDENTIALS }}' | base64 -w 0)/g" ../manifests/argocd/gcpsm-secret.yaml; sed -i "s/PROJECT_ID_PH/${{ secrets.PROJECT_ID }}/g" ../manifests/argocd/gcpsm-secret.yaml
     - name: Install Terraform
       id: install-terraform
       run: wget -O terraform.zip https://releases.hashicorp.com/terraform/1.9.4/terraform_1.9.4_linux_amd64.zip && unzip terraform.zip && chmod +x terraform && sudo mv terraform /usr/local/bin

diff --git a/.gitignore b/.gitignore
@@ -29,5 +29,12 @@ terraform.rc
 *.out
 *.tmp
 
-# If we want to use sealed-secrets, this should be here
-./manifests/blog-app/mongodb-creds-external.yaml
+# If we want to use sealed-secrets, these lines should be here
+manifests/blog-app/mongodb-creds-external.yaml
+manifests/argocd/external-secrets.yaml
+manifests/argocd/gcpsm-secret.yaml
+
+# If we want to use external-secrets, these lines should be here
+# manifests/sealed-secrets/*
+# manifests/blog-app/mongodb-creds-sealed.yaml
+
diff --git a/manifests/argocd/external-secrets.yaml b/manifests/argocd/external-secrets.yaml
diff --git a/manifests/argocd/gcpsm-secret.yaml b/manifests/argocd/gcpsm-secret.yaml
diff --git a/manifests/blog-app/mongodb-creds-external.yaml b/manifests/blog-app/mongodb-creds-external.yaml
diff --git a/manifests/argocd/controller.yaml → manifests/sealed-secrets/controller.yaml b/manifests/argocd/controller.yaml → manifests/sealed-secrets/controller.yaml
diff --git a/terraform/app.tf b/terraform/app.tf
@@ -15,21 +15,6 @@ resource "kubectl_manifest" "apps" {
   # Forces the namespace to be set to argocd, ensuring that all resources are created in the correct namespace
   override_namespace = "argocd"
 }
-# MANAGING SECRETS USING Sealed Secrets
-data "kubectl_file_documents" "sealed-secrets" {
-  content = file("../manifests/argocd/controller.yaml")
-}
-
-resource "kubectl_manifest" "sealed-secrets" {
-  # It needs to depend on argocd creation, since we'll deploy external-secrets right after argocd gets created
-  depends_on = [kubectl_manifest.argocd]
-  # for_each iterates over each manifest in the namespace file
-  for_each = data.kubectl_file_documents.sealed-secrets.manifests
-  # Applies the content of each manifest to the Kubernetes cluster
-  yaml_body = each.value
-  # Forces the namespace to be set to argocd, ensuring that all resources are created in the correct namespace
-  override_namespace = "argocd"
-}
 
 # MANAGING SECRETS USING External Secrets
 # # External-Secrets operator for the retrieval of secrets

diff --git a/terraform/cluster.tf b/terraform/cluster.tf
@@ -16,7 +16,7 @@ locals {
 resource "google_container_cluster" "main" {
   name               = "${var.cluster_name}-${var.branch}"
   location           = var.location
-  initial_node_count = 2
+  initial_node_count = 4
 
   node_config {
     service_account = local.service_account_email # Retrieving the email of the service account from locals