vagrant file and sops READMD

mmmarceleza · Apr 26, 2022 · 1392b18 · 1392b18
1 parent b09e289
commit 1392b18
Show file tree

Hide file tree

Showing 5 changed files with 201 additions and 0 deletions.
diff --git a/kubernetes/sops/README.md b/kubernetes/sops/README.md
@@ -0,0 +1,138 @@
+# Sops
+
+## Creating gpg keys
+
+Prerequisites:
+
+- gnupg
+- [sops](https://github.com/mozilla/sops/releases)
+
+Create a variable with the key name:
+
+```console
+export KEY_NAME="dev.marceleza.com"
+```
+
+Create a variable with a comment to identify the key:
+
+```console
+export KEY_COMMENT="flux secrets"
+```
+
+Key generating:
+
+```console
+gpg --batch --full-generate-key <<EOF
+%no-protection
+Key-Type: 1
+Key-Length: 4096
+Subkey-Type: 1
+Subkey-Length: 4096
+Expire-Date: 0
+Name-Comment: ${KEY_COMMENT}
+Name-Real: ${KEY_NAME}
+EOF
+```
+
+List the key to see the fingerprint:
+
+```console
+gpg --list-secret-keys "${KEY_NAME}"
+```
+
+Create a variable with the fingerprint from the last step:
+
+```console
+export KEY_FP=<paste it here>
+```
+
+Command to see the private key:
+
+```console
+gpg --export-secret-keys --armor "${KEY_FP}"
+```
+
+Command to see the public key:
+
+```console
+gpg --export --armor "${KEY_FP}"
+```
+
+## Flux configuration to use sops
+
+Create a secret with GPG keys:
+
+```console
+gpg --export-secret-keys --armor "${KEY_FP}" |
+kubectl create secret generic sops-gpg \
+--namespace=flux-system \
+--from-file=sops.asc=/dev/stdin
+```
+
+Add sops parameters in the desired kustomization:
+
+```console
+spec:
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+```
+
+Optionally, the public key should be sent to the repository, in case the team wants to encrypt some files:
+The following paths are related to the root of the repository.
+
+```console
+gpg --export --armor "${KEY_FP}" > ./kubernetes/sops/.sops.pub.asc
+```
+
+To import the public key, use the following command:
+
+```console
+gpg --import ./kubernetes/sops/.sops.pub.asc
+```
+
+The next step is creating a sops configuration file:
+
+```console
+cat <<EOF > ./kubernetes/sops/.sops.yaml
+creation_rules:
+  - path_regex: .*.yaml
+    encrypted_regex: ^(data|stringData)$
+    pgp: ${KEY_FP}
+EOF
+```
+
+## Basic test with sops
+
+- Create a basic cluster with [kind](../kind/README.md);
+
+- Bootstrap a github repository with [Flux](../flux/README.md);
+
+Create a simple secret to test:
+
+```console
+kubectl -n sops create secret generic basic-auth \
+--from-literal=user=admin \
+--from-literal=password=change-me \
+--dry-run=client \
+-o yaml > ./kubernetes/sops/basic-auth.yaml
+```
+
+Encrypt that secret using sops:
+
+```console
+sops --encrypt --in-place ./kubernetes/sops/basic-auth.yaml
+```
+
+Commit this new secret manifest to your repository:
+
+```console
+git add ./kubernetes/sops/basic-auth.yaml
+git commit -m "adding new secret to test sops"
+git push
+```
+
+Wait Flux reconciliation and take a look in the cluster if it is there.
+
+
diff --git a/vagrant/multivm/Vagrantfile b/vagrant/multivm/Vagrantfile
@@ -0,0 +1,37 @@
+#--------------------------------------------------------------
+# Vagrant file to run a simple multi VM along libvirt provider.
+#
+# Reference docs:
+# 1 - https://github.com/vagrant-libvirt/vagrant-libvirt
+# 2 - https://wiki.archlinux.org/title/Vagrant
+# 3 - https://wiki.archlinux.org/title/Libvirt
+# 4 - https://wiki.archlinux.org/title/KVM
+# 5 - https://wiki.archlinux.org/title/QEMU
+# 6 - https://roboxes.org
+#--------------------------------------------------------------
+Vagrant.configure("2") do |config|
+
+  NodeCount = 2
+
+  (1..NodeCount).each do |i|
+
+    config.vm.define "machine#{i}" do |node|
+
+      node.vm.box               = "generic/ubuntu2004"
+      node.vm.box_check_update  = false
+      node.vm.box_version       = "3.6.12"
+      node.vm.hostname          = "machine#{i}.example.com"
+
+      node.vm.network "private_network", ip: "172.16.16.10#{i}"
+
+      node.vm.provider :libvirt do |v|
+        v.memory  = 2048
+        v.nested  = true
+        v.cpus    = 2
+      end
+
+    end
+
+  end
+
+end
diff --git a/vagrant/Vagrantfile → vagrant/singlevm/Vagrantfile b/vagrant/Vagrantfile → vagrant/singlevm/Vagrantfile
diff --git a/webservers/nginx/README.md b/webservers/nginx/README.md
@@ -0,0 +1,21 @@
+# Nginx
+
+Main path for default index.html of nginx:
+
+```console
+/usr/share/nginx/html/index.html
+```
+
+## Useful commands:
+
+Verify nginx configuration files:
+
+```console
+nginx -t
+```
+
+Verify host response locally:
+
+```console
+curl --header "Host: example.com" localhost
+```
diff --git a/webservers/nginx/example.conf b/webservers/nginx/example.conf
@@ -0,0 +1,5 @@
+server {
+  listen 80;
+  server_name example.com www.example.com;
+  root /var/www/example.com/;
+}