IBM Security Global Forum

 View Only

MCSP : A Guide to Overcome Initial Challenges.

By Himanshu Gupta posted Tue January 09, 2024 07:34 AM

  

As the shift towards multi cloud support accelerates, numerous developers are grappling with the onboarding process for MCSP, encountering hurdles due to the novelty of these technologies. I will try to address few challenges which I faced during the initial phase of MCSP onboarding.

Primary Tools referred in blog : ArgoCD, Helm, AWS Secret manager, ROSA Cluster, Container Registry (IBM Cloud)

  1. The very first tool which comes into picture is ArgoCD which will the intermediator for the app deployment on Cluster.
    Things to be done as prerequisite : 
        - Git repo needs to be created and linked with ArgoCD
        - Cluster where apps needs to be deployed should be configured in ArgoCD
        - AWS Secret manager should be there and it should be configured with the argoCD, AVP_SECRET will be given by MCSP team which will be used as         a parameter in plugin while deploying apps via ArgoCD.

  2. Whether we can deploy umbrella charts using helm in Cluster via ArgoCD ?
    - Yes, we can deploy umbrella charts ( multiple apps under one chart )

  3. How to configure Secrets in AWS ? and how to fetch secrets from AWS secret manager ?
    - To configure secrets, go to secret manager and create a path for your secret and store key values in secret manager.
    - Once you save the secret ARN will be generated for that specific path, use that path in your chart values.yaml like this 
    <path:arn:aws:secretsmanager:us-east-1:XXXXXXXXX:secret:test/path-Oj8oTz#testKey>
    Here testKey is the key your chart will look for in secret manager and arn:aws:secretsmanager:us-east-1:XXXXXXXXX:secret:test/path-Oj8oTz will be the ARN which will contain the path to your secret manager.

    Using AVP_SECRET as a param in argoCD plugin it will connect to your AWS secret manager

  4. Where to store app images and how to pull it in cluster ? 
    - To store images products can use their own icr and push the images, to pull the images in cluster just add a image pull secret with name regcredscecore and give username password of you container registry. Image path would be defined in charts, make sure to double check path of your image and the path used in charts.

Below are the reference pages :
https://pages.github.ibm.com/ibm-saas-platform/CICD-Playbook/container-registry/
https://pages.github.ibm.com/ibm-saas-platform/CICD-Playbook/secret-management/ExampleSecrets

0 comments
11 views

Permalink