From b5e363b71bfd24b040b316ea98af863306a736fa Mon Sep 17 00:00:00 2001 From: Varac Date: Thu, 31 Mar 2022 17:15:08 +0200 Subject: [PATCH] Update README.md --- README.md | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 3a862e1..b78f54c 100644 --- a/README.md +++ b/README.md @@ -42,10 +42,24 @@ curl --resolve podinfo.local:80:CLUSTER_IPV4_ADDRESS http://podinfo.local ## What's next ? -There are two ways of using a custom flux +There are two ways of using a custom flux repo to host your custom config/apps +on a Stackspin cluster. -* Fork this repo to a private git remote (Github, Gitab, etc.) -* Configure flux to use ssh instead of https for cloning -* Add private ssh key for git pulling to flux -* Add public ssh key for git pulling to your git remote -* [Encrypt your secrets using sops](https://github.com/fluxcd/flux2-kustomize-helm-example#encrypt-kubernetes-secrets) +### A) Manage secrets manually + +This approach is easier to start with, +because you don't need to configure your cluster to handle encrypted secrets +and access to a private git repository. + +* Fork this repository into a public git repo, cloneable via `https://` + +### Everything in version control, including secrets + +* Fork this repository into a private git repo, cloneable via `ssh://` +* [Configure flux to use ssh instead of https for cloning](https://fluxcd.io/docs/components/source/gitrepositories/#ssh-authentication) +* You shouln't rely solely on transport encryption for your git repository + but rather end-to-end encrypt your secrets. + Different methods are available for flux: + * [Sops](https://fluxcd.io/docs/guides/mozilla-sops/) + [Sops section in flux2-kustomize-helm-example](https://github.com/fluxcd/flux2-kustomize-helm-example#encrypt-kubernetes-secrets) + * [Sealed Secrets](https://fluxcd.io/docs/guides/sealed-secrets/)