-
Notifications
You must be signed in to change notification settings - Fork 0
Kubernetes
Francis Daigle edited this page Apr 19, 2022
·
2 revisions
-
Install NGINX Ingress controller
helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace -
Install Sealed Secrets controller
kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.17.2/controller.yaml -
Install cert-manager
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.7.0/cert-manager.yaml -
Fetch Sealed Secrets controller public key
npm run fetch:cert -
Create environment file secret
kubectl create secret generic secret-env \ --dry-run=client -o yaml \ --from-env-file ./kustomize/overlays/[development|production|staging]/.env | \ kubeseal --format yaml --cert sealed-secrets.pem >> ./kustomize/overlays/[development|production|staging]/secret-env.yaml -
Create registry secret
kubectl create secret docker-registry secret-registry \ --dry-run=client -o yaml \ --docker-server=ghcr.io \ --docker-username=foobar \ --docker-password=ghp_1234567890abcdef \ --docker-email=foo@bar.com | \ kubeseal --format yaml --cert sealed-secrets.pem >> ./kustomize/overlays/[development|production|staging]/secret-registry.yaml -
Patch service account
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "secret-registry"}]}'
npm run apply:dev
npm run apply:prod
npm run apply:staging