To generate your sealed secret from your secret:
- Install
kubeseal
using the instructions - Log into the cluster where Sealed Secrets is deployed and take note of the namespace (deaults to
labs-ci-cd
) - Process your existing secret eg this nexus secret using the kubeseal command line. Important to set the correct namespace otherwise the secret will not unseal
cat << EOF > /tmp/nexus-password.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: nexus-password
labels:
credential.sync.jenkins.openshift.io: "true"
type: "kubernetes.io/basic-auth"
stringData:
password: "admin123"
username: "admin"
EOF
kubeseal < /tmp/nexus-password.yaml > /tmp/sealed-nexus-password.yaml \
-n labs-ci-cd \
--controller-namespace labs-ci-cd \
--controller-name sealed-secrets \
-o yaml
- You can now apply that secret straight to the cluster for validation but you should add it in using ArgoCD by committing it to Git :)
cat /tmp/sealed-nexus-password.yaml | oc apply -n labs-ci-cd -f-
- Set your UJ Jenkins secrets as follows using the output of the secret generation step
jenkins_values: &jenkins_values
source_secrets: {}
sealed_secrets:
- name: git-auth
password: AgAD+uOI5aCI9YKU2NYt2p7as.....
username: AgCmeFkNTa0tOvXdI+lEjdJmV5u7FVUcn86SFxiUAF6y.....
See the docs written by @jtudelag on Sealed Secrets site!