Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

argocd repo secret

Browse Source
This commit is contained in:
Danijel Simeunovic
2026-03-20 12:59:13 +01:00
parent 8b1931fa9d
commit 016e70a998
2 changed files with 41 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
docs/OPERATIONS-RUNBOOK.md
View File

@@ -169,78 +169,33 @@ This creates two files:
Add the private key to ArgoCD as a repository secret:
Save the following file in private/ (gitignored) folder as secret.yaml
```bash
# Create secret for sturdy-adventure repository
kubectl create secret generic repo-sturdy-adventure \
--from-file=sshPrivateKey=argocd-deploy-key \
--namespace=argocd \
--dry-run=client -o yaml | kubectl apply -f -
# Label it for ArgoCD to recognize
kubectl label secret repo-sturdy-adventure \
-n argocd \
argocd.argoproj.io/secret-type=repository
# Add repository annotations
kubectl annotate secret repo-sturdy-adventure \
-n argocd \
managed-by=argocd.argoproj.io
apiVersion: v1
kind: Secret
metadata:
name: forte-helm-repo
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
stringData:
type: git
url: git@github.com:fortedigital/forte-helm.git
sshPrivateKey: |
<paste your private key here>
project: default
```
Alternatively, create a complete repository secret with all metadata:
Seal the secret using `kubeseal` command
```bash
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: repo-sturdy-adventure
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
annotations:
managed-by: argocd.argoproj.io
type: Opaque
stringData:
type: git
url: git@github.com:fortedigital/sturdy-adventure.git
sshPrivateKey: |
$(cat argocd-deploy-key | sed 's/^/ /')
EOF
kubeseal --format=yaml \
--namespace=argocd \
< private/secret.yaml \
> secrets/forte-helm-repo-secret-sealed.yaml
```
**Step 4: Register Repository in ArgoCD**
Add the repository to ArgoCD's configuration:
```bash
# Via kubectl (recommended for GitOps)
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: repo-sturdy-adventure
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
type: Opaque
stringData:
type: git
url: git@github.com:fortedigital/sturdy-adventure.git
sshPrivateKey: |
$(cat argocd-deploy-key | sed 's/^/ /')
insecure: "false"
enableLfs: "false"
EOF
# Or via ArgoCD UI
# 1. Open ArgoCD UI: kubectl port-forward svc/argocd-server -n argocd 8080:443
# 2. Navigate to: Settings → Repositories → Connect Repo
# 3. Connection Method: Via SSH
# 4. Repository URL: git@github.com:fortedigital/sturdy-adventure.git
# 5. SSH private key: Paste private key content
# 6. Click "Connect"
```
Check in secrets/forte-helm-repo-secret-sealed.yaml and let Argo sync and create the secret.
**Step 5: Verify Repository Access**
@@ -402,7 +357,7 @@ ssh-keygen -t ed25519 -C "argocd-sturdy-adventure" -f key-sturdy -N ""
ssh-keygen -t ed25519 -C "argocd-helm-values" -f key-helm-values -N ""
# Add key-helm-values.pub to: https://github.com/fortedigital/helm-values/settings/keys
# 3. forte-helm is public - no key needed (use HTTPS)
# 3. forte-helm (private helm charts repo)
# Create secrets
kubectl create secret generic repo-sturdy-adventure \