docs: add explanation of what the makefile targets do #78

sixfeetup · Sep 5, 2023 · 411415b · 411415b
1 parent 04e477e
commit 411415b
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/{{cookiecutter.project_slug}}/README.md b/{{cookiecutter.project_slug}}/README.md
@@ -76,20 +76,22 @@ can access it at [http://localhost:3000/](http://localhost:3000/).
 ## SealedSecrets for passwords and sensitive values
 
 SealedSecrets can be used to encrypt passwords for the values to be safely checked in.
-To create a new secret encrypt the base64 encoded secrets using [kubeseal](https://github.com/bitnami-labs/sealed-secrets#kubeseal).  
+Creating a new secret involves encrypting the base64 encoded secret using kubeseal. [Installing kubeseal](https://github.com/bitnami-labs/sealed-secrets#kubeseal).  
 
 Configure kubernetes to your current project config and context, making sure you are in the correct prod/sandbox environment
 
     $ export KUBECONFIG=~/.kube/config:~/.kube/{{cookiecutter.project_slug}}.ec2.config
     $ kubectl config use-context {{cookiecutter.project_slug}}-ec2-cluster 
 
-You can store the secrets in 1Password and read the sensitive values to set it as enviroment variables:
+To ease managing your passwords and secrets you can store the values in 1Password. The makefile target `read-op-secrets` will read the values from 1Password and store it as base64 encoded enviroment variables.
 (The 1Password path in .envrc MUST match the path in the vault)
 
     $ make read-op-secrets
 
-You can also manually export the variables to your environment, but kubeseal needs the variables to be base64 encoded.
-Add the secrets to your manifest using the secrets template file, and run kubeseal on the unencrypted values
+You can also manually export the variables to your environment, but kubeseal requires the variables to be base64 encoded.
+Add the secrets to your manifest using the secrets template file, and run kubeseal on the unencrypted values. The makefile target `sandbox-secrets` will replace the variables in `./k8s/templates/secrets.yaml.template` with the encoded variables from the environment, and copy the manifest with the encrypted values to `.k8s/sandbox/secrets.yaml`. The same can be done for the prod environment using the `prod-secrets` target
+
+    $ make sandbox-secrets
 
     $ make prod-secrets