Gitiles
Code Review Sign In
osm.etsi.org / osm / devops / 8d8cd99ff091a6e372a7e68b1b61b576ec2cfccc^! / . / installers / mgmt-cluster / flux / scripts / add-age-key-to-cluster.sh
commit8d8cd99ff091a6e372a7e68b1b61b576ec2cfccc[log] [tgz]
authorgarciadeblas <gerardo.garciadeblas@telefonica.com>Tue May 21 16:04:14 2024 +0200
committergarciadeblas <gerardo.garciadeblas@telefonica.com>Tue Aug 20 23:23:27 2024 +0200
tree8d278a39d7ff42fe9c0067ab7423b154d0f5b985
parent90344b6b8e8aab6ac1f28f48ca812e0084a80283 [diff] [blame]
Features 11017 and 11018: setup of mgmt cluster and git repo

This change incorporates the changes to setup a mgmt cluster for
cloud-native operations in OSM following a GitOps model, which includes
the setup of an internal git repository.

Change-Id: If828d18ad64d852a9a89ec9ba7c2d3a96d281565
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>

diff --git a/installers/mgmt-cluster/flux/scripts/add-age-key-to-cluster.sh b/installers/mgmt-cluster/flux/scripts/add-age-key-to-cluster.sh
new file mode 100755
index 0000000..9d5e52b
--- /dev/null
+++ b/installers/mgmt-cluster/flux/scripts/add-age-key-to-cluster.sh

@@ -0,0 +1,51 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e -o pipefail
+
+export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/library/functions.sh"
+source "${HERE}/library/trap.sh"
+
+
+AGE_KEY_NAME="$1"
+CLUSTER_DIR="$2"
+
+# Load the contents of both keys
+export PRIVATE_KEY=$(<"${CREDENTIALS_DIR}/${AGE_KEY_NAME}.key")
+export PUBLIC_KEY=$(<"${CREDENTIALS_DIR}/${AGE_KEY_NAME}.pub")
+
+# Add the `age` private key to the cluster as secret:
+kubectl delete secret sops-age --namespace=flux-system 2> /dev/null || true
+# cat "${CREDENTIALS_DIR}/${AGE_KEY_NAME}.key" |
+echo "${PRIVATE_KEY}" |
+    kubectl create secret generic sops-age \
+    --namespace=flux-system \
+    --from-file=age.agekey=/dev/stdin
+
+# Create SOPS configuration at the root folder of the management cluster:
+cat <<EOF > "${CLUSTER_DIR}/.sops.yaml"
+creation_rules:
+  - encrypted_regex: ^(data|stringData)$
+    age: ${PUBLIC_KEY}
+  # - path_regex: .*.yaml
+  #   encrypted_regex: ^(data|stringData)$
+  #   age: ${PUBLIC_KEY}
+EOF
+
+# Add also the public key to the repository so that others who clone the repo can encrypt new files:
+cp "${CREDENTIALS_DIR}/${AGE_KEY_NAME}.pub" "${CLUSTER_DIR}/.sops.pub.asc"