Last modified November 27, 2024
'kubectl gs gitops add management-cluster' command reference
This command adds a new Management Cluster to the GitOps repository.
Prerequisites
Your GitOps repository should provide the following structural layers:
- Basic structure (see
init)
Description
The structure created by this command is presented below. Resources enclosed in a square brackets [] are considered optional.
management-clusters
└── MC_NAME
├── .sops.keys
│ └── [master.KEY_FINGERPRINT.asc]
├── secrets
│ └── MC_NAME.gpgkey.enc.yaml
├── organizations
└── MC_NAME.yaml
Note, in a default mode the creation of SOPS GPG key pair is skipped. It is because in its most basic form, a GitOps
repository can be driven without encryption. To enable the keys creation, pass the --gen-master-key flag
when adding the cluster. When skipped at this point, encryption can still be added later by the add encryption
command.
Usage
Basic command syntax: kubectl gs gitops add management-cluster FLAGS.
Flags
--name– name of the management cluster (required)--repository-name– name of the GitOps repository (required)--gen-master-key– generate a master GPG key for SOPS for this management cluster
The following flags are supported by all gitops subcommands:
--dry-run– Print files and directories instead of creating them.--local-path– Path to the repository root folder (default “.”).
Examples
By default command configures basic directory structure without any encryption.
kubectl gs gitops add management-cluster \
--local-path /tmp/gitops-demo \
--name demomc \
--repository-name gitops-demo \
--dry-run
Output:
## CREATE ##
/tmp/gitops-demo/management-clusters/demomc
/tmp/gitops-demo/management-clusters/demomc/demomc.yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: demomc-gitops
namespace: default
spec:
interval: 1m
path: ./management-clusters/demomc
prune: false
serviceAccountName: automation
sourceRef:
kind: GitRepository
name: gitops-demo
timeout: 2m
/tmp/gitops-demo/management-clusters/demomc/secrets
/tmp/gitops-demo/management-clusters/demomc/secrets/demomc.gpgkey.enc.yaml
apiVersion: v1
kind: Secret
metadata:
name: sops-gpg-master
/tmp/gitops-demo/management-clusters/demomc/.sops.keys
/tmp/gitops-demo/management-clusters/demomc/organizations
Upon passing the --gen-master-key flag, the output will get enriched with the GPG key pair, see example:
kubectl gs gitops add management-cluster \
--local-path /tmp/gitops-demo \
--name demomc \
--repository-name gitops-demo \
--gen-master-key \
--dry-run
Output:
## CREATE ##
/tmp/gitops-demo/management-clusters/demomc
/tmp/gitops-demo/management-clusters/demomc/demomc.yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: demomc-gitops
namespace: default
spec:
decryption:
provider: sops
secretRef:
name: sops-gpg-master
interval: 1m
path: ./management-clusters/demomc
prune: false
serviceAccountName: automation
sourceRef:
kind: GitRepository
name: gitops-demo
timeout: 2m
/tmp/gitops-demo/management-clusters/demomc/secrets
/tmp/gitops-demo/management-clusters/demomc/secrets/demomc.gpgkey.enc.yaml
apiVersion: v1
data:
master.e11262662a86090ea64c8b137235e9a0582989cc.asc: LS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQpDb21tZW50OiBodHRwczovL2dvcGVucGdwLm9yZwpWZXJzaW9uOiBHb3BlblBHUCAyLjQuOAoKeFZnRVl3WllWeFlKS3dZQkJBSGFSdzhCQVFkQVF0d3JLWjJ5MzZzaXZ4TXlMR0ZXTExlUmFlWGQzNHAxampNRgpWbUZLOHRBQUFRREZzWWlZU0ZrcjBHTzc4aDFrOGs0OGZHbVpibWgxVjZjWEtDV3Y0dlhnTnhBSXpSSmtaVzF2CmJXTWdSbXgxZUNCdFlYTjBaWExDakFRVEZnZ0FQZ1VDWXdaWVZ3bVFjalhwb0ZncGljd1dJUVRoRW1KbUtvWUoKRHFaTWl4TnlOZW1nV0NtSnpBSWJBd0llQVFJWkFRTUxDUWNDRlFnREZnQUNBaUlCQUFDOStnRUFzSy85bjBZTwpnRytFaWJsdmdDMnRtc0wwUlAxRXRKNWNBYnhxMDNTNk5Rd0JBTDk1STBkeFByblFwN3NOUzhacnVrL3lKalpECldvbnhQOTROekRndHNaNER4MTBFWXdaWVZ4SUtLd1lCQkFHWFZRRUZBUUVIUUptZmpJNW8zenJqWnhDdWVhK0gKcTh5UXRXWjBSQTM2RWRsTUM4cG9IUzRHQXdFS0NRQUEvMEl3NUw1NVlkc05zRGkrQzlrV1c4V1lIWGRSbGxTVwphcXlwT21MeDVtSUFFQ2JDZUFRWUZnZ0FLZ1VDWXdaWVZ3bVFjalhwb0ZncGljd1dJUVRoRW1KbUtvWUpEcVpNCml4TnlOZW1nV0NtSnpBSWJEQUFBSU9jQS8wc2Fib0xIUzRQWENTWVU3c3VQZ01vbjk2S3U0WGt2aUZnRUxzZS8KU3hxdkFRQ2lBZHIxQkZLZ1pGR2wyZ1dkUWZySklXQjhKVHZFK3ZnV1d4SEJZVkgyQUE9PQo9QXErRwotLS0tLUVORCBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQ==
kind: Secret
metadata:
name: sops-gpg-master
/tmp/gitops-demo/management-clusters/demomc/.sops.keys
/tmp/gitops-demo/management-clusters/demomc/.sops.keys/master.e11262662a86090ea64c8b137235e9a0582989cc.asc
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GopenPGP 2.4.8
Comment: https://gopenpgp.org
xjMEYwZYVxYJKwYBBAHaRw8BAQdAQtwrKZ2y36sivxMyLGFWLLeRaeXd34p1jjMF
VmFK8tDNEmRlbW9tYyBGbHV4IG1hc3RlcsKMBBMWCAA+BQJjBlhXCZByNemgWCmJ
zBYhBOESYmYqhgkOpkyLE3I16aBYKYnMAhsDAh4BAhkBAwsJBwIVCAMWAAICIgEA
AL36AQCwr/2fRg6Ab4SJuW+ALa2awvRE/US0nlwBvGrTdLo1DAEAv3kjR3E+udCn
uw1Lxmu6T/ImNkNaifE/3g3MOC2xngPOOARjBlhXEgorBgEEAZdVAQUBAQdAmZ+M
jmjfOuNnEK55r4erzJC1ZnREDfoR2UwLymgdLgYDAQoJwngEGBYIACoFAmMGWFcJ
kHI16aBYKYnMFiEE4RJiZiqGCQ6mTIsTcjXpoFgpicwCGwwAACDnAP9LGm6Cx0uD
1wkmFO7Lj4DKJ/eiruF5L4hYBC7Hv0sarwEAogHa9QRSoGRRpdoFnUH6ySFgfCU7
xPr4FlsRwWFR9gA=
=nBrl
-----END PGP PUBLIC KEY BLOCK-----
/tmp/gitops-demo/management-clusters/demomc/organizations
/tmp/gitops-demo/.sops.yaml
creation_rules:
- encrypted_regex: ^(data|stringData)$
path_regex: management-clusters/demomc/secrets/.*\.enc\.yaml
pgp: e11262662a86090ea64c8b137235e9a0582989cc
Remove the --dry-run flag and re-run it to apply the changes.
Need help, got feedback?
We listen to your Slack support channel. You can also reach us at support@giantswarm.io. And of course, we welcome your pull requests!
