Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity
Files
193b1aa28b7b249ec00fbac3e59d4fd74a060a9f
launchpad/cluster-resources/SETUP-MCP10X-SSH.md
Danijel Simeunovic 193b1aa28b credentials
2026-03-10 10:59:36 +01:00

82 lines
2.2 KiB
Markdown
Raw Blame History

# Setup SSH Deploy Key for mcp10x Repository
## 1. Add Public Key to GitHub
Add this SSH public key as a Deploy Key to the private repository:
**Repository:** https://github.com/fortedigital/10x
**Public Key:**
```
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0xw8XnpnrIUeRbAzqMUSWXtR+5JoSaXDP/NwzZlEj3 argocd-mcp10x
```
**Steps:**
1. Go to: https://github.com/fortedigital/10x/settings/keys
2. Click "Add deploy key"
3. Title: `ArgoCD - mcp10x`
4. Key: Paste the public key above
5. **Important:** Leave "Allow write access" **unchecked** (read-only)
6. Click "Add key"
## 2. Seal the Secret (if using Sealed Secrets)
If you want to store the secret encrypted in Git (recommended), seal it:
```bash
# Install kubeseal if not already installed
# For Windows: choco install kubeseal
# For Linux/Mac: brew install kubeseal
# Seal the secret
kubeseal --format=yaml \
< cluster-resources/mcp10x-repo-credentials.yaml \
> cluster-resources/mcp10x-repo-credentials-sealed.yaml
# Remove the plaintext secret
rm cluster-resources/mcp10x-repo-credentials.yaml
# Commit the sealed secret
git add cluster-resources/mcp10x-repo-credentials-sealed.yaml
```
## 3. Apply the Configuration (if NOT using Sealed Secrets)
If you're not using sealed secrets, you can apply the plain secret directly:
```bash
kubectl apply -f cluster-resources/mcp10x-repo-credentials.yaml
```
**Note:** Don't commit the plaintext secret to Git!
## 4. Update and Sync the Application
The `apps/mcp10x.yaml` has been updated to use SSH URL. ArgoCD will automatically:
- Detect the repository credentials
- Use the SSH key to authenticate
- Clone the private repository
## 5. Verify
Check that ArgoCD can access the repository:
```bash
# Check if the secret exists
kubectl get secret mcp10x-repo-creds -n argocd
# Check ArgoCD application status
kubectl get application mcp10x -n argocd
# Check application details
kubectl describe application mcp10x -n argocd
```
## Security Notes
- ✅ SSH key is scoped to single repository
- ✅ Read-only access (no write permission)
- ✅ Independent of user accounts
- ✅ Can be rotated without admin approval
- ⚠️ Never commit plaintext secrets to Git - use Sealed Secrets or external secret management
Reference in New Issue View Git Blame Copy Permalink