Let’s configure our local repository to install the external secrets manifest. To do so, copy the application manifest and app.tf file using the following commands:
$ cp ~/modern-devops/ch13/install-external-secrets/app.tf terraform/app.tf $ cp ~/modern-devops/ch13/install-external-secrets/external-secrets.yaml \
manifests/argocd/
Now that we’re all set up and ready, let’s go ahead and commit and push our code using the following commands:
$ git add –all
$ git commit -m “Install external secrets operator”
$ git push
As soon as we push the code, we’ll see that the GitHub Actions workflow has been triggered. To access the workflow, go to https://github.com//mdo-environments/ actions. Soon, the workflow will apply the configuration, create the Kubernetes cluster, and deploy Argo CD, the Sealed Secrets controller, and External Secrets Operator.
Once the workflow is successful, we can do the following to access the Argo Web UI.
We must first authenticate with the GKE cluster. To do so, run the following command:
$ gcloud container clusters get-credentials \ mdo-cluster-dev –zone us-central1-a –project $PROJECT_ID
To utilize the Argo CD Web UI, you will require the external IP address of the argo-server service.
To get that, run the following command:
$ kubectl get svc argocd-server -n argocd
NAME TYPE EXTERNAL-IP PORTS AGE argocd-server LoadBalaner 34.122.51.25 80/TCP,443/TCP 6m15s
So, now we know that Argo CD is accessible on https://34.122.51.25/.
Next, we will run the following commands to reset the admin password:
$ kubectl patch secret argocd-secret -n argocd \
-p ‘{“data”: {“admin.password”: null, “admin.passwordMtime”: null}}’ $ kubectl scale deployment argocd-server –replicas 0 -n argocd $ kubectl scale deployment argocd-server –replicas 1 -n argocd
Now, allow two minutes for the new credentials to be generated. After that, execute the following command to retrieve the password:
$ kubectl -n argocd get secret argocd-initial-admin-secret \ -o jsonpath=”{.data.password}” | base64 -d && echo
As we now have the credentials, log in, and you will see the following page:
Figure 13.7 – Argo CD Web UI – home page
As we can see, there are three applications – sealed-secrets, external-secrets, and blog-app. While the sealed-secrets and external-secrets apps are all synced up and green, blog-app has degraded. That is because, in my case, I’ve started fresh and created a new cluster. Therefore, there is no way the Sealed Secrets operator can decrypt the SealedSecret manifest that we created in the last chapter, as it was generated by a different Sealed Secrets controller.
We don’t need the Sealed Secrets operator; we will use Google Cloud Secret Manager instead. So, let’s remove it from our cluster using the following commands:
$ rm -rf manifests/sealed-secrets
$ git add –all
$ git commit -m “Removed sealed secrets”
$ git push
We’ve removed the Sealed Secrets operator, and the Argo CD Web UI should reflect that shortly.
However, the Blog Application will remain degraded as the mongodb-creds Secret is still missing.
In the next section, we will use External Secrets Operator to generate the mongodb-creds Secret.
