chore: init with docs (bootstrap)
This commit is contained in:
commit
854c3a2577
GPG key ID:
7AFDB012974B1BB5
2 changed files with 63 additions and 0 deletions
6
docs/antora.yml
Normal file
6
docs/antora.yml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
name: wrenix-flux
|
||||
title: "WrenIX's FluxCD (charts)"
|
||||
version:
|
||||
v(?<version>+({0..9}).+({0..9}).+({0..9})).*: $<version>
|
||||
main: latest
|
||||
|
||||
57
docs/modules/ROOT/pages/index.adoc
Normal file
57
docs/modules/ROOT/pages/index.adoc
Normal file
|
|
@ -0,0 +1,57 @@
|
|||
= WrenIX's FluxCD-Repository
|
||||
|
||||
== Install FluxCD into a cluster
|
||||
|
||||
Here i install it with connection to codeberg:
|
||||
- the path is just for the cluster
|
||||
- the url a repo where fluxcd (in given path) install itself and monitor
|
||||
- i just install my needed components (i skip notification-controller, i prefer prometheus and alerting)
|
||||
|
||||
[source,bash]
|
||||
----
|
||||
flux bootstrap git --components source-controller,kustomize-controller,helm-controller --path=<path> --url ssh://git@codeberg.org/wrenix/<repo>.git
|
||||
----
|
||||
|
||||
=== Secure with verify
|
||||
|
||||
Afterwards we need to setup a verification with GPG, so that nobody else could commit any workload in your cluster.
|
||||
That is because i select an public git hosting (here codeberg), i trust them but maybe it get compromised one time.
|
||||
|
||||
in your repository the flux cli has created an `<path>/flux-system/kustomization.yaml`, we will edit them.
|
||||
|
||||
[source,patch]
|
||||
----
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- gotk-components.yaml
|
||||
- gotk-sync.yaml
|
||||
|
||||
+patches:
|
||||
+ - target:
|
||||
+ kind: GitRepository
|
||||
+ name: flux-system
|
||||
+ patch: |-
|
||||
+ apiVersion: source.toolkit.fluxcd.io/v1
|
||||
+ kind: GitRepository
|
||||
+ metadata:
|
||||
+ name: flux-system
|
||||
+ spec:
|
||||
+ verify: <1>
|
||||
+ mode: HEAD
|
||||
+ secretRef:
|
||||
+ name: gpg-publickey
|
||||
+
|
||||
+generatorOptions:
|
||||
+ disableNameSuffixHash: true <2>
|
||||
+
|
||||
+secretGenerator:
|
||||
+ - name: gpg-publickey <3>
|
||||
+ namespace: flux-system
|
||||
+ files:
|
||||
+ - gpg-publickey/wrenix.gpg <4>
|
||||
----
|
||||
<1> add verify, that only HEAD git commit with valide gpg signature is used
|
||||
<2> on the next generate, do not add hash
|
||||
<3> generate kubernetes Secret with the name `gpg-publickey` which is used in the patched GitRepository, see <1>
|
||||
<4> Add list of valide gpg key files
|
||||
Loading…
Add table
Reference in a new issue