2 posts tagged with "flux"

Setting up sops with flux and workload identity on AKS is not a complex procedure however there is a lack of proper documentation for some steps.

I was working on setting this up on Azure Kubernetes Service and getting stuck at the point where I had to actually decrypt a secret from a sample deployment.

The key point to understand is that the application responsible for decrypting the secrets is the kustomize-controller. We aim then to have a managed identity assigned to the service-account of the kustomize-controller deployed by flux and to enable workload identity on both the service account and the pods. This requires some azure specific labels and annotations to be added to the k8s resources.

I aim to provide a recap on how to deploy all of this with links to the relevant documentation and add the sample yaml needed to assign and use the identity.

Today I tried flux and the dart language from Google, it was easy and fast, I was able to develop a simple app with material UI in a couple of hours. The app fetch informations about bus waiting time using the bus stop id from Rome transportation operator ATAC. There is no API for that so the app just fetch the web page and parse it to retrieve the informations.