Manage Azure resources using Terraform

README

Terraform scripts and documents that I use to provision resources in Azure cloud.

Install Istio in AKS

1. install

   istioctl install --set profile=default
       

2. create and label a namespace in Kubernetes

   kubectl create namespace demo
   kubectl label namespace demo istio-injection=enabled --overwrite
       

3. apply aks.yaml

   kubectl apply --namespace demo -f ./modules/aks/k8s-example/aks.yaml
       

4. get the ingress gateway external ip

   kubectl describe -n istio-system service/istio-ingressgateway
       

Create encrypted Github secret

:header-args+: :var repo=”tf-az”

Each Github repository has a encryptic key pair. Only the public key can be obtained by the user. So only github can decrept the values. We can encrypt our secrets and commit them in the code. We can also use Terraform to create/update repository secrets.

Git repository public key

Setup the Github CLI.

gh api repos/${owner}/${repo}/actions/secrets/public-key

jq '.key_id'<<EOF
${f}
EOF

jq .'key'<<EOF
${f}
EOF

Encrypt values using the public key

This simple python script can encrypt the `secret_value` using the public key we obtained from Github. The `SealedBox` object will add salt automatically, so the results are different everytime even with the same public key and value.

from base64 import b64encode
from nacl import encoding, public
import json

secret_value = 'ok'

public_key = public.PublicKey(public_key.encode('utf-8'), encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode('utf-8'))

return b64encode(encrypted).decode('utf-8')

Create new secret

cat<<EOF | gh api -X PUT repos/${owner}/${repo}/actions/secrets/${secret_name} --input -
{
  "key_id": "${key_id}",
  "encrypted_value": "${secret_value}"
}
EOF

List secrets

gh api repos/${owner}/${repo}/actions/secrets