/kubernetes

Primary LanguageJavaScriptGNU General Public License v3.0GPL-3.0

Kubernetes

This repository servers as the single source of truth for Argo CD.

Repository structure

apps/
├── _index                    # App of apps which tells Argo CD of all other apps inside of this repository
├── <app-name>
|   ├── templates/
|   |   └── *.yml             # Helm templates
|   ├── Chart.yaml
|   ├── values-<env>.yml      # Helm values for specific environment
|   └── secrets-<env>.yml     # Helm values protected with SOPS
keys/
    └── *.asc                 # Public keys of all consumers of the secrets

Local set up

Working with this repository requires installation of several command line tools, please use the dev-setup repo and apply the playbook with following tags:

  • sops
  • kubernetes
  • yubikey (optional)

Environments

  • Lab - test environment used to develop the Helm charts and test apps running locally inside of HyperV on a developer's workstation (see the platform repo on how to create the environment).
  • Production - the actual deployment used by the users.

Development

  1. Create Lab environment using the scripts in the platform repository
  2. Run yarn
  3. Run yarn setup (as administrator on Windows or with sudo on Linux) which will install all required tools
  4. Set EDITOR environment variable to your desired editor (use code --wait for VS Code)
  5. Make changes
  6. Test changes using
    • yarn lint to lint the helm chart
    • yarn render <env> to render the chart templates for given environment
  7. Push the changes to the lab branch to deploy them to the lab kubernetes cluster
  8. Create pull request to the master branch to deploy them to production cluster

Secrets

Files with sensitive values are protected using SOPS. To create or edit a file using the following command:

sops <file-path>

This will open the configured editor, make required changes and close the tab, sops will encrypt the contents in place. Please note all files must use the .<environment>.yml suffix so that SOPS knows which keys to use to encrypt the files since each environment uses different encryption keys.