del
This commit is contained in:
Danijel Simeunovic
@@ -1,81 +0,0 @@
|
|||||||
# Setup SSH Deploy Key for mcp10x Repository
|
|
||||||
|
|
||||||
## 1. Add Public Key to GitHub
|
|
||||||
|
|
||||||
Add this SSH public key as a Deploy Key to the private repository:
|
|
||||||
|
|
||||||
**Repository:** https://github.com/fortedigital/10x
|
|
||||||
|
|
||||||
**Public Key:**
|
|
||||||
```
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0xw8XnpnrIUeRbAzqMUSWXtR+5JoSaXDP/NwzZlEj3 argocd-mcp10x
|
|
||||||
```
|
|
||||||
|
|
||||||
**Steps:**
|
|
||||||
1. Go to: https://github.com/fortedigital/10x/settings/keys
|
|
||||||
2. Click "Add deploy key"
|
|
||||||
3. Title: `ArgoCD - mcp10x`
|
|
||||||
4. Key: Paste the public key above
|
|
||||||
5. **Important:** Leave "Allow write access" **unchecked** (read-only)
|
|
||||||
6. Click "Add key"
|
|
||||||
|
|
||||||
## 2. Seal the Secret (if using Sealed Secrets)
|
|
||||||
|
|
||||||
If you want to store the secret encrypted in Git (recommended), seal it:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# Install kubeseal if not already installed
|
|
||||||
# For Windows: choco install kubeseal
|
|
||||||
# For Linux/Mac: brew install kubeseal
|
|
||||||
|
|
||||||
# Seal the secret
|
|
||||||
kubeseal --format=yaml \
|
|
||||||
< cluster-resources/mcp10x-repo-credentials.yaml \
|
|
||||||
> cluster-resources/mcp10x-repo-credentials-sealed.yaml
|
|
||||||
|
|
||||||
# Remove the plaintext secret
|
|
||||||
rm cluster-resources/mcp10x-repo-credentials.yaml
|
|
||||||
|
|
||||||
# Commit the sealed secret
|
|
||||||
git add cluster-resources/mcp10x-repo-credentials-sealed.yaml
|
|
||||||
```
|
|
||||||
|
|
||||||
## 3. Apply the Configuration (if NOT using Sealed Secrets)
|
|
||||||
|
|
||||||
If you're not using sealed secrets, you can apply the plain secret directly:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
kubectl apply -f cluster-resources/mcp10x-repo-credentials.yaml
|
|
||||||
```
|
|
||||||
|
|
||||||
**Note:** Don't commit the plaintext secret to Git!
|
|
||||||
|
|
||||||
## 4. Update and Sync the Application
|
|
||||||
|
|
||||||
The `apps/mcp10x.yaml` has been updated to use SSH URL. ArgoCD will automatically:
|
|
||||||
- Detect the repository credentials
|
|
||||||
- Use the SSH key to authenticate
|
|
||||||
- Clone the private repository
|
|
||||||
|
|
||||||
## 5. Verify
|
|
||||||
|
|
||||||
Check that ArgoCD can access the repository:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# Check if the secret exists
|
|
||||||
kubectl get secret mcp10x-repo-creds -n argocd
|
|
||||||
|
|
||||||
# Check ArgoCD application status
|
|
||||||
kubectl get application mcp10x -n argocd
|
|
||||||
|
|
||||||
# Check application details
|
|
||||||
kubectl describe application mcp10x -n argocd
|
|
||||||
```
|
|
||||||
|
|
||||||
## Security Notes
|
|
||||||
|
|
||||||
- ✅ SSH key is scoped to single repository
|
|
||||||
- ✅ Read-only access (no write permission)
|
|
||||||
- ✅ Independent of user accounts
|
|
||||||
- ✅ Can be rotated without admin approval
|
|
||||||
- ⚠️ Never commit plaintext secrets to Git - use Sealed Secrets or external secret management
|
|
||||||
Reference in New Issue
Block a user