Skip to content

Latest commit

 

History

History
62 lines (47 loc) · 1.56 KB

README.md

File metadata and controls

62 lines (47 loc) · 1.56 KB

Home Ops :octocat:

GitOps workflow for homelab.

Homelab: Kubernetes cluster running in Proxmox and using Flux with Kustomization.

Taking inspiration from https://github.com/onedr0p/home-ops

To encrypt secrets:

# Get AGE_KEY from the cluster and set it as SOPS_AGE_KEY
# AGE_KEY=$(kubectl get secret sops-age -n flux-system -o=jsonpath='{.data}' | jq -r '."age.agekey"' | base64 --decode)
# export SOPS_AGE_KEY=$AGE_KEY
export SOPS_AGE_KEY=$(kubectl get secret sops-age -n flux-system -o=jsonpath='{.data}' | jq -r '."age.agekey"' | base64 --decode | tail -n 1)

# Encrypt using
sops -e -i secret.sops.yaml

# Decrypt using
sops -d secret.sops.yaml

To update GitHub Token:

# Delete the secret
kubectl -n flux-system delete secret flux-system

export GITHUB_USER=abayomi185

# Bootstrap again
flux bootstrap github \
  --owner=$GITHUB_USER \
  --repository=home-ops \
  --branch=main \
  --path=./clusters/homelab/flux \
  --personal \
  --token-auth
# Add the sops age secret to flux.
cat age.agekey |
kubectl create secret generic sops-age \
--namespace=flux-system \
--from-file=age.agekey=/dev/stdin
secret/sops-age created
# The secret may need to be regenerated.
# If so, all the secrets will have to be updated with the new age public key
age-keygen -o age.agekey
export SOPS_SECRET=<path-to-secret>/secret.sops.yaml
sops -d -i $SOPS_SECRET && sops -e -i $SOPS_SECRET # This can be paired with the find command