Last active
March 30, 2024 19:00
-
-
Save vfarcic/216c589df4b4a8976ad48f6a79f95158 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Source: https://gist.github.com/vfarcic/216c589df4b4a8976ad48f6a79f95158 | |
########################################################################################### | |
# How to Propagate Secrets Everywhere with External Secrets Operator (ESO) and Crossplane # | |
########################################################################################### | |
# Additional Info: | |
# - External Secrets Operator (ESO): https://external-secrets.io | |
# - Manage Kubernetes Secrets With External Secrets Operator (ESO): https://youtu.be/SyRZe5YVCVk | |
# - Crossplane - GitOps-based Infrastructure as Code through Kubernetes API: https://youtu.be/n8KjVmuHm7A | |
# - How To Shift Left Infrastructure Management Using Crossplane Compositions: https://youtu.be/AtbS1u2j7po | |
# - Crossplane Composition Functions: Unleashing the Full Potential: https://youtu.be/jjtpEhvwgMw | |
# - OpenFunction: The Best Way to Run Serverless Functions on Kubernetes?: https://youtu.be/UGysOX84v2c | |
# - Kubernetes Compositions: https://github.com/vfarcic/crossplane-kubernetes/tree/main/package | |
# - SQL Compositions: https://github.com/vfarcic/crossplane-sql/tree/main/package | |
# - Kubernetes Deployment Order and Dependencies Demystified: https://youtu.be/4-WpJ49MDG8 | |
# - Argo CD Synchronization is BROKEN! It Should Switch to Eventual Consistency!: https://youtu.be/t1Fdse-F9Jw | |
######### | |
# Setup # | |
######### | |
git clone \ | |
https://github.com/vfarcic/external-secrets-crossplane-demo | |
cd external-secrets-crossplane-demo | |
# Replace `[...]` with hyperscaler you'd like to use. Choices are: `aws` and `google`. Please open an issue if you'd like to add support for other hyperscalers. | |
export HYPERSCALER=[...] | |
nix-shell --run $SHELL shell-$HYPERSCALER.nix | |
chmod +x setup.sh | |
./setup.sh | |
source .env | |
####################################### | |
# Secrets Between Kubernetes Clusters # | |
####################################### | |
kubectl --namespace crossplane-system get secrets | |
cat cluster/$HYPERSCALER.yaml | |
kubectl --namespace a-team apply \ | |
--filename cluster/$HYPERSCALER.yaml | |
crossplane beta trace clusterclaim cluster --namespace a-team | |
crossplane beta trace clusterclaim cluster --namespace a-team | |
export KUBECONFIG=$PWD/kubeconfig.yaml | |
# Execute only if using Google Cloud | |
gcloud container clusters get-credentials a-team-cluster \ | |
--region us-east1 --project $PROJECT_ID | |
# Execute only if using AWS | |
aws eks update-kubeconfig --region us-east-1 \ | |
--name a-team-cluster --kubeconfig $KUBECONFIG | |
kubectl --namespace crossplane-system get secrets | |
kubectl get clustersecretstores | |
kubectl --namespace production \ | |
get externalsecrets.external-secrets.io | |
kubectl --namespace production get secrets | |
################################################### | |
# Pushing and Pulling PostgreSQL Database Secrets # | |
################################################### | |
cat db/$HYPERSCALER.yaml | |
unset KUBECONFIG | |
kubectl --namespace a-team apply --filename db/$HYPERSCALER.yaml | |
crossplane beta trace sqlclaim my-db --namespace a-team | |
crossplane beta trace sqlclaim my-db --namespace a-team | |
kubectl --namespace a-team \ | |
get externalsecrets.external-secrets.io | |
kubectl --namespace a-team get secrets | |
kubectl --namespace a-team get pushsecrets | |
# Open Secrets Manager in AWS console | |
export KUBECONFIG=$PWD/kubeconfig.yaml | |
kubectl --namespace production \ | |
get externalsecrets.external-secrets.io | |
kubectl --namespace production get secrets | |
########### | |
# Destroy # | |
########### | |
./destroy.sh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment