external-secrets-push.sh

# Source: https://gist.github.com/vfarcic/216c589df4b4a8976ad48f6a79f95158

###########################################################################################
# How to Propagate Secrets Everywhere with External Secrets Operator (ESO) and Crossplane #
###########################################################################################

# Additional Info:
# - External Secrets Operator (ESO): https://external-secrets.io
# - Manage Kubernetes Secrets With External Secrets Operator (ESO): https://youtu.be/SyRZe5YVCVk
# - Crossplane - GitOps-based Infrastructure as Code through Kubernetes API: https://youtu.be/n8KjVmuHm7A
# - How To Shift Left Infrastructure Management Using Crossplane Compositions: https://youtu.be/AtbS1u2j7po
# - Crossplane Composition Functions: Unleashing the Full Potential: https://youtu.be/jjtpEhvwgMw
# - OpenFunction: The Best Way to Run Serverless Functions on Kubernetes?: https://youtu.be/UGysOX84v2c
# - Kubernetes Compositions: https://github.com/vfarcic/crossplane-kubernetes/tree/main/package
# - SQL Compositions: https://github.com/vfarcic/crossplane-sql/tree/main/package
# - Kubernetes Deployment Order and Dependencies Demystified: https://youtu.be/4-WpJ49MDG8
# - Argo CD Synchronization is BROKEN! It Should Switch to Eventual Consistency!: https://youtu.be/t1Fdse-F9Jw

#########
# Setup #
#########

git clone \
    https://github.com/vfarcic/external-secrets-crossplane-demo

cd external-secrets-crossplane-demo

# Replace `[...]` with hyperscaler you'd like to use. Choices are: `aws` and `google`. Please open an issue if you'd like to add support for other hyperscalers.

export HYPERSCALER=[...]

nix-shell --run $SHELL shell-$HYPERSCALER.nix

chmod +x setup.sh

./setup.sh

source .env

#######################################
# Secrets Between Kubernetes Clusters #
#######################################

kubectl --namespace crossplane-system get secrets

cat cluster/$HYPERSCALER.yaml

kubectl --namespace a-team apply \
    --filename cluster/$HYPERSCALER.yaml

crossplane beta trace clusterclaim cluster --namespace a-team

crossplane beta trace clusterclaim cluster --namespace a-team

export KUBECONFIG=$PWD/kubeconfig.yaml

# Execute only if using Google Cloud

gcloud container clusters get-credentials a-team-cluster \
    --region us-east1 --project $PROJECT_ID

# Execute only if using AWS

aws eks update-kubeconfig --region us-east-1 \
    --name a-team-cluster --kubeconfig $KUBECONFIG

kubectl --namespace crossplane-system get secrets

kubectl get clustersecretstores

kubectl --namespace production \
    get externalsecrets.external-secrets.io

kubectl --namespace production get secrets

###################################################
# Pushing and Pulling PostgreSQL Database Secrets #
###################################################

cat db/$HYPERSCALER.yaml

unset KUBECONFIG

kubectl --namespace a-team apply --filename db/$HYPERSCALER.yaml

crossplane beta trace sqlclaim my-db --namespace a-team

crossplane beta trace sqlclaim my-db --namespace a-team

kubectl --namespace a-team \
    get externalsecrets.external-secrets.io

kubectl --namespace a-team get secrets

kubectl --namespace a-team get pushsecrets

# Open Secrets Manager in AWS console

export KUBECONFIG=$PWD/kubeconfig.yaml

kubectl --namespace production \
    get externalsecrets.external-secrets.io

kubectl --namespace production get secrets

###########
# Destroy #
###########

./destroy.sh