sops
argo-cd
Our great sponsors
sops | argo-cd | |
---|---|---|
149 | 72 | |
15,069 | 16,081 | |
2.1% | 3.2% | |
9.2 | 9.9 | |
4 days ago | about 18 hours ago | |
Go | Go | |
Mozilla Public License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sops
-
Encrypting your secrets with Mozilla SOPS using two AWS KMS Keys
Mozilla SOPS (Secrets OPerationS) is an open-source command-line tool for managing and storing secrets. It uses secure encryption methods to encrypt secrets at rest and decrypt them at runtime. SOPS supports a variety of key management systems, including AWS KMS, GCP KMS, Azure Key Vault, and PGP. It's particularly useful in a DevOps context where sensitive data like API keys, passwords, or certificates need to be securely managed and seamlessly integrated into application workflows.
-
An opinionated template for deploying a single k3s cluster with Ansible backed by Flux, SOPS, GitHub Actions, Renovate, Cilium, Cloudflare and more!
Encrypted secrets thanks to SOPS and Age
-
Tracking SQLite Database Changes in Git
We do the exact same thing to keep track of some credentials we use sops[1] and AWS KMS to separate credentials by sensitivity, then use the git differ to view the diffs between the encrypted secrets
Definitely not best practice security-wise, but it works well
-
The Twelve-Factor App
For anyone new to SOPS like I was - https://github.com/getsops/sops
- Storing and managing private keys
-
Show HN: Shello – Wrangle Environment Variables
I've found this is largely solved by strictly separating plain config and secrets, and then having secrets pull from GCP secret manager / vault / whatever.
You can then commit all the config (including the secret identifiers) and it all just works so long as you're authenticated with your secret storage system.
We do this for the live configuration as well in line with Gitops and find it to work well.
If you don't want to use a cloud secret manager you can also use something like https://github.com/getsops/sops to commit the encrypted secrets safely
-
Check your secrets into Git [video]
Basically, the simpler the better --just encrypt your secrets and check them in to version control.
We use SOPS[0] for this, and have found it to be pretty nice.
-
How to secure secrets of docker-compose stacks with git?
The answer is that secrets shouldn't be stored in the git repo at all, but somewhere safe like a password manager or Mozilla's SOPS which people seem to love.
-
Is it safe to commit a Terraform file to GitHub?
Unfortunately, the SOPS project is in some sort of a limbo state and there has been quite a long period with limited maintenance and unclear position from Mozilla. Despite the project being accepted into the CNCF, it's still unclear what will happen with it going forward.
-
using keyring - no keyring set and giving errors about backend
It looks like the software you're intending to use is oriented towards interacting with desktop Linux's keyring. While you can probably get this to work, I would recommend using something like sops as it's a more standardized way of storing secrets in configuration.
argo-cd
-
ArgoCD Deployment on RKE2 with Cilium Gateway API
The code above will create the argocd Kubernetes namespace and deploy the latest stable manifest. If you would like to install a specific manifest, have a look here.
-
5-Step Approach: Projectsveltos for Kubernetes add-on deployment and management on RKE2
In this blog post, we will demonstrate how easy and fast it is to deploy Sveltos on an RKE2 cluster with the help of ArgoCD, register two RKE2 Cluster API (CAPI) clusters and create a ClusterProfile to deploy Prometheus and Grafana Helm charts down the managed CAPI clusters.
-
14 DevOps and SRE Tools for 2024: Your Ultimate Guide to Stay Ahead
Argo CD
-
Implementing GitOps with Argo CD, GitHub, and Azure Kubernetes Service
$version = (Invoke-RestMethod https://api.github.com/repos/argoproj/argo-cd/releases/latest).tag_name Invoke-WebRequest -Uri "https://github.com/argoproj/argo-cd/releases/download/$version/argocd-windows-amd64.exe" -OutFile "argocd.exe"
-
Verto.sh: A New Hub Connecting Beginners with Open-Source Projects
This is cool - I can think of some projects that are amazing as first contributors, and others I can think of that are terrible.
One thing I think the tool doesn't address is why someone should contribute to a particular project. Having stars is interesting, and a proxy for at least historical activity, but also kind of useless here - take argoproj/argo-cd [1] as an example - 14.5k stars, with a backlog of 2.7k issues and an issue tracker that's a real mess.
Either way, I think this tool is neat for trying to gain some experience in a project purely based on language.
[1] https://github.com/argoproj/argo-cd/issues?q=is%3Aissue+is%3...
-
Sharding the Clusters across Argo CD Application Controller Replicas
In our case, our team went ahead with Solution B, as that was the only solution present when the issue occurred. However, with the release of Argo CD 2.8.0 (released on August 7, 2023), things have changed - for the better :). Now, there are two ways to handle the sharding issue with the Argo CD Application Controller:
-
Real Time DevOps Project | Deploy to Kubernetes Using Jenkins | End to End DevOps Project | CICD
$ kubectl create namespace argocd //Next, let's apply the yaml configuration files for ArgoCd $ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml //Now we can view the pods created in the ArgoCD namespace. $ kubectl get pods -n argocd //To interact with the API Server we need to deploy the CLI: $ curl --silent --location -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v2.4.7/argocd-linux-amd64 $ chmod +x /usr/local/bin/argocd //Expose argocd-server $ kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}' //Wait about 2 minutes for the LoadBalancer creation $ kubectl get svc -n argocd //Get pasword and decode it. $ kubectl get secret argocd-initial-admin-secret -n argocd -o yaml $ echo WXVpLUg2LWxoWjRkSHFmSA== | base64 --decode
-
Ultimate EKS Baseline Cluster: Part 1 - Provision EKS
From here, we can explore other developments and tutorials on Kubernetes, such as o11y or observability (PLG, ELK, ELF, TICK, Jaeger, Pyroscope), service mesh (Linkerd, Istio, NSM, Consul Connect, Cillium), and progressive delivery (ArgoCD, FluxCD, Spinnaker).
-
FluxCD vs Weaveworks
lol! Wham! Third choice! https://github.com/argoproj/argo-cd
-
Helm Template Command
If you mean for each app, I don't think it's listed anywhere though you may find it in `repo-server` logs. Like so
What are some alternatives?
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
drone - Gitness is an Open Source developer platform with Source Control management, Continuous Integration and Continuous Delivery. [Moved to: https://github.com/harness/gitness]
Vault - A tool for secrets management, encryption as a service, and privileged access management
flagger - Progressive delivery Kubernetes operator (Canary, A/B Testing and Blue/Green deployments)
age - A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
Jenkins - Jenkins automation server
git-crypt - Transparent file encryption in git
terraform-controller - Use K8s to Run Terraform
terraform-provider-sops - A Terraform provider for reading Mozilla sops files
werf - A solution for implementing efficient and consistent software delivery to Kubernetes facilitating best practices.
vault-secrets-operator - Create Kubernetes secrets from Vault for a secure GitOps based workflow.
atlantis - Terraform Pull Request Automation