Update README.md
This commit is contained in:
parent
e4b97efa3a
commit
b5e363b71b
26
README.md
26
README.md
|
@ -42,10 +42,24 @@ curl --resolve podinfo.local:80:CLUSTER_IPV4_ADDRESS http://podinfo.local
|
||||||
|
|
||||||
## What's next ?
|
## What's next ?
|
||||||
|
|
||||||
There are two ways of using a custom flux
|
There are two ways of using a custom flux repo to host your custom config/apps
|
||||||
|
on a Stackspin cluster.
|
||||||
|
|
||||||
* Fork this repo to a private git remote (Github, Gitab, etc.)
|
### A) Manage secrets manually
|
||||||
* Configure flux to use ssh instead of https for cloning
|
|
||||||
* Add private ssh key for git pulling to flux
|
This approach is easier to start with,
|
||||||
* Add public ssh key for git pulling to your git remote
|
because you don't need to configure your cluster to handle encrypted secrets
|
||||||
* [Encrypt your secrets using sops](https://github.com/fluxcd/flux2-kustomize-helm-example#encrypt-kubernetes-secrets)
|
and access to a private git repository.
|
||||||
|
|
||||||
|
* Fork this repository into a public git repo, cloneable via `https://`
|
||||||
|
|
||||||
|
### Everything in version control, including secrets
|
||||||
|
|
||||||
|
* Fork this repository into a private git repo, cloneable via `ssh://`
|
||||||
|
* [Configure flux to use ssh instead of https for cloning](https://fluxcd.io/docs/components/source/gitrepositories/#ssh-authentication)
|
||||||
|
* You shouln't rely solely on transport encryption for your git repository
|
||||||
|
but rather end-to-end encrypt your secrets.
|
||||||
|
Different methods are available for flux:
|
||||||
|
* [Sops](https://fluxcd.io/docs/guides/mozilla-sops/)
|
||||||
|
[Sops section in flux2-kustomize-helm-example](https://github.com/fluxcd/flux2-kustomize-helm-example#encrypt-kubernetes-secrets)
|
||||||
|
* [Sealed Secrets](https://fluxcd.io/docs/guides/sealed-secrets/)
|
||||||
|
|
Loading…
Reference in New Issue