update ssh git example

Signed-off-by: Carlos Santana <csantana23@gmail.com>

Author: csantanapr

argocd/iac/terraform/examples/eks/external-secrets/README.md

@@ -2,9 +2,13 @@
 
 This example shows how to deploy Amazon EKS with addons configured via ArgoCD
 
-The example demonstrate how to use private git repository for workload apps
+The example demonstrate how to use private git repository for workload apps.
 
-Create an AWS Secret Manager secret with name `github-ssh-key` and the content in plain text of git private ssh key
+The example stores your ssh key in AWS Secret Manager, and External Secret Operator to create the secret
+for ArgoCD to access the git repositories.
+
+## Prerequisites
+- Create a Github ssh key file, example assumes the file path `~/.ssh/id_rsa`, update `main.tf` if using a different location
 
 Deploy EKS Cluster
 ```shell
@@ -17,9 +21,16 @@ Access Terraform output to configure `kubectl` and `argocd`
 terraform output
 ```
 
-After cluster is deploy use the external secret operator to create the ArgoCD secret for git ssh access
+There is a file `github.yaml` located in the addons git repository `clusters/ex-external-secrets/secret/` this file creates the resources `ClusterSecretStore` and `ExternalSecret`. Update the git `url` this file when you change the git repository for the workloads specified in `bootstrap/workloads.yaml`
+
+To verify that the ArgoCD secret with ssh key is created run the following command
 ```shell
-kubectl apply -f secrets/github.yaml
+kubectl get secret private-repo-creds -n argocd
+```
+Expected output, should have 3 data items in secret
+```
+NAME                 TYPE     DATA   AGE
+private-repo-creds   Opaque   3      6m45s
 ```
 
 Destroy EKS Cluster

argocd/iac/terraform/examples/eks/external-secrets/bootstrap/addons.yaml

@@ -9,7 +9,7 @@ spec:
     namespace: 'argocd'
   project: default
   source:
-    path: bootstrap/control-plane/addons
+    path: bootstrap/control-plane
     repoURL: https://github.com/gitops-bridge-dev/gitops-bridge-argocd-control-plane-template
     targetRevision: HEAD
     directory:

argocd/iac/terraform/examples/eks/external-secrets/bootstrap/workloads.yaml

@@ -2,18 +2,19 @@ apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
   name: bootstrap-workloads
-  namespace: argocd
+  namespace: 'argocd'
   finalizers:
   - resources-finalizer.argocd.argoproj.io
 spec:
   destination:
-    namespace: default
     server: https://kubernetes.default.svc
+    namespace: 'guestbook'
   project: default
   source:
-    path: envs/dev
-    repoURL: git@github.com:aws-samples/eks-blueprints-workloads.git
+    path: helm-guestbook
+    repoURL: git@github.com:argoproj/argocd-example-apps.git
     targetRevision: HEAD
   syncPolicy:
+    automated: {}
     syncOptions:
     - CreateNamespace=true

argocd/iac/terraform/examples/eks/external-secrets/main.tf

@@ -48,7 +48,8 @@ locals {
   region          = "us-west-2"
   cluster_version = "1.27"
 
-  aws_secret_manager_secret_name = "github-ssh-key"
+  aws_secret_manager_secret_name = "argocd-ssh-key"
+  git_private_ssh_key = "~/.ssh/id_rsa" # Update with the git ssh key to be used by ArgoCD
 
   aws_addons = {
     enable_cert_manager = true
@@ -135,8 +136,14 @@ module "gitops_bridge_bootstrap" {
 ################################################################################
 # AWS Secret Manager
 ################################################################################
-data "aws_secretsmanager_secret" "git_ssh_key" {
-  name = local.aws_secret_manager_secret_name
+#tfsec:ignore:aws-ssm-secret-use-customer-key
+resource "aws_secretsmanager_secret" "git_ssh_key" {
+  name                    = local.aws_secret_manager_secret_name
+  recovery_window_in_days = 0 # Set to zero for this example to force delete during Terraform destroy
+}
+resource "aws_secretsmanager_secret_version" "git_ssh_key" {
+  secret_id     = aws_secretsmanager_secret.git_ssh_key.id
+  secret_string = file(pathexpand(local.git_private_ssh_key))
 }